Cairo, Cairo, Egypt · On-site
The Senior Analyst, DevSecOps is responsible for designing, securing, and operating a highly resilient cloud infrastructure environment by embedding security controls throughout the software development lifecycle and imp…
Skills: AWS Cloud Security, DevSecOps, CI/CD Pipeline Security, Zero Trust Architecture, IAM
Cairo, Cairo, Egypt • On-site
Sign up with Clera and we'll reach out the moment a role actually fits you — no more spraying applications into the void.
Design and operate a resilient, secure AWS cloud infrastructure by embedding security controls throughout the software development lifecycle. Ensure the protection of mission-critical payment systems through proactive threat detection, vulnerability remediation, and incident response.
Requires a Bachelor's degree in Computer Science, Cyber Security, or a related field with at least 5 years of experience in Cloud Engineering or DevSecOps. Proven expertise in securing AWS environments within highly regulated sectors like banking or fintech is essential.
The Senior Analyst, DevSecOps is responsible for designing, securing, and operating a highly resilient cloud infrastructure environment by embedding security controls throughout the software development lifecycle and implementing cloud-native security defense capabilities. The role ensures secure application development, infrastructure resilience, proactive threat detection, incident response readiness, and protection of mission-critical payment infrastructure and digital assets.
The position is responsible for ensuring secure builds are deployed safely, cloud environments remain continuously hardened, vulnerabilities are proactively remediated, and security incidents are detected and contained at the earliest possible stage of compromise.
Key Responsibilities:
1.Cloud Infrastructure Security Engineering
· Design, build, and maintain secure-by-default AWS cloud infrastructure supporting mission-critical payment systems.
· Implement baseline security hardening across AWS cloud services including IAM, KMS, EC2, ECS, EKS, VPCs, storage services, databases, and load balancers.
· Maintain cloud infrastructure security hardening posture at minimum 95% compliance across all security domains.
· Ensure infrastructure resilience, high availability, and secure cloud architecture principles are consistently implemented.
· Implement Zero Trust security architecture across the PAPSS cloud environment.
2. DevSecOps Pipeline Security & Secure Software Delivery
· Integrate automated security controls into CI/CD pipelines to ensure secure development and deployment practices.
· Implement and manage security testing tools including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), container image scanning, dependency scanning, and secrets detection tools.
· Ensure 100% of application source code is continuously scanned using approved DevSecOps security testing mechanisms.
· Redesign and continuously improve PAPSS GitHub repositories and CI/CD workflows to ensure maximum security and resilience.
· Secure build environments by enforcing artifact integrity, software provenance controls, deployment promotion controls, and preventing pipeline abuse or credential leakage.
· Ensure zero source code exposure and prevent malicious or vulnerable deployments into production environments.
3. Identity, Access Management & Workload Security
4. Security Monitoring, Vulnerability Management & Incident Response
· Own cloud security monitoring and alerting capabilities across all AWS accounts and cloud workloads.
· Design, implement, and continuously tune cloud security detection use cases covering privilege escalation, credential misuse, secrets exposure, CI/CD abuse, data exfiltration, and abnormal system behavior.
· Maintain near-zero critical and high-risk vulnerabilities in production environments.
· Ensure 100% remediation of critical vulnerabilities within defined service level agreements, prioritizing vulnerabilities under active exploitation or high probability of exploitation within a maximum of three days.
· Lead investigation, containment, and response activities for cloud security incidents and cyber threats.
· Maintain security monitoring and incident response capabilities capable of detecting and responding during or before the earliest stage of compromise (“Initial Access”).
· Support cyber resilience initiatives, ransomware response planning, and recovery readiness for critical systems.
5. Compliance Responsibilities
1. Understand and adhere to the Bank's AML, Regulatory and Conduct Compliance policies and procedures, notably.
a. Staff Handbook (has code of conduct provisions)
b. Anti-Money Laundering (AML), Counter Financing of Terrorism and Counter Proliferation Financing
c. Conflicts of Interest and Policies on Staff Involvement in External Engagements/Activities
d. Anti-Bribery & Corruption
e. Insider Trading Guidelines
2. Report any suspicious or non-compliant activities or matters relating to the Bank’s staff or the customers to the Compliance Department.
3. Complete the Annual Compliance Training/Assessment.
Academic Qualifications
Bachelor’s Degree in Computer Engineering, Computer Science, Information Technology, Cyber Security, or related discipline.
Relevant postgraduate/professional qualification is an added advantage.
Professional Experience
· Minimum 5+ years of experience in Cloud Engineering, DevSecOps, or Cloud Security Engineering roles.
· Proven hands-on experience securing AWS cloud environments in enterprise production settings.
· Experience operating within highly regulated environments such as banking, fintech, financial services, or payment systems.
· Demonstrated experience in cloud security monitoring, threat detection, vulnerability management, and incident response within cloud-native environments.
· Experience with zero‑trust architecture.
Transforming Africa's Trade
The African Export-Import Bank (Afreximbank) is the foremost Pan-African multilateral financial institution devoted to financing and promoting intra- and extra-African trade. The Bank was established in October 1993 by African governments, African private and institutional investors, and non-African investors. Its two basic constitutive documents are the Establishment Agreement, which gives it the status of an international organization, and the Charter, which governs its corporate structure and operations.
Offices: 72 (B) El-Maahad El-Eshteraky Street, P.O. Box 613 Heliopolis, Cairo, Cairo 11757, EG · Gold Bridge 2nd Street, P.O. Box 1600 Causeway, Harare, ZW · PMB 601 Garki,, Abuja, NG · 01 BP 5634, Abidjan 01, CI · Town hall, Independence Square, National Social Insurance Fund (NSIF) Headquarters Building, Yaounde, P.O Box 405, CM
Transforming Africa's Trade
The African Export-Import Bank (Afreximbank) is the foremost Pan-African multilateral financial institution devoted to financing and promoting intra- and extra-African trade. The Bank was established in October 1993 by African governments, African private and institutional investors, and non-African investors. Its two basic constitutive documents are the Establishment Agreement, which gives it the status of an international organization, and the Charter, which governs its corporate structure and operations.
Offices: 72 (B) El-Maahad El-Eshteraky Street, P.O. Box 613 Heliopolis, Cairo, Cairo 11757, EG · Gold Bridge 2nd Street, P.O. Box 1600 Causeway, Harare, ZW · PMB 601 Garki,, Abuja, NG · 01 BP 5634, Abidjan 01, CI · Town hall, Independence Square, National Social Insurance Fund (NSIF) Headquarters Building, Yaounde, P.O Box 405, CM
