Lead, DevOps & API Audit at Moniepoint Inc.

Moniepoint Inc.Nigeria Software Development

Full Time

Moniepoint is a financial technology company digitising Africaâ€™s real economy by building a financial ecosystem for businesses, providing them with all the payment, banking, credit and business management tools they need to succeed.

Role Overview

The Team Lead DevOps and API Audit is responsible for leading a technical team that oversees DevOps practices, cloud and container security, and the security, governance, and compliance of REST, GraphQL, and internal APIs.The role ensures that systems and APIs are designed, deployed, and operated in accordance with organizational standards, security best practices, and regulatory requirements.

Key Responsibilities
DevOps Leadership

Plan and Lead the Audit of DevOps and security engineering Projects
Coordinate the audit and review of CI/CD pipelines, infrastructure-as-code, and deployment automation
Ensure secure configuration and operation of cloud, container, and orchestration platforms (e.g. Harness, Docker, Kubernetes)
Promote DevSecOps practices across development and operations teams
Collaborate with engineering teams to improve reliability, scalability, and security

API Security & Audit

Lead audits of REST, GraphQL, and internal APIs
Assess API authentication, authorization, and access controls
Review API designs against organizational standards and industry best practices
Evaluate API security posture using frameworks such as OWASP API Top 10
Ensure proper API logging, monitoring, and incident detection
Validate API lifecycle governance, including versioning, change management, and deprecation

Governance, Risk & Compliance

Ensure DevOps and API practices comply with internal policies and standards
Support audits aligned with SOC 2, ISO 27001, and other regulatory frameworks
Review evidence, prepare audit documentation, and support external auditors
Identify risks and recommend remediation actions
Track remediation progress and report on compliance status

Collaboration & Communication

Act as a key liaison between engineering, security, risk, and audit teams
Communicate technical risks and findings clearly to non-technical stakeholders
Contribute to the development and maintenance of security standards and guidelines
Participates in the other regular audits in the IT Audit Plan as assigned by the Head, IT Audit.

Technical Skills

Strong knowledge of API security (OAuth2, JWT, mTLS, API gateways)
Familiarity with OWASP API Top 10
Experience with infrastructure-as-code (Terraform, CloudFormation, etc.)
Understanding of logging, monitoring, and SIEM solutions
Knowledge of vulnerability management and security scanning tools
Familiarity with compliance frameworks (SOC 2, ISO 27001)
Strong leadership and mentoring abilities
Excellent written and verbal communication skills
Analytical mindset with attention to detail
Ability to balance delivery, security, and compliance priorities
Comfortable working with auditors and senior stakeholders

Qualifications

Bachelor’s degree in Computer Science, Information Security, Engineering, or a related field (or equivalent experience)
Security or cloud certifications will be an added advantage (e.g., CISSP, CISM, AWS/Azure/GCP certifications)
6+ years of experience in DevOps, cloud engineering, or platform engineering
2+ years in a technical leadership or team lead role
Hands-on experience with:
- CI/CD tools (e.g., GitHub Actions, GitLab CI, Jenkins)
- Containers and orchestration (Docker, Kubernetes)
- Cloud platforms (AWS, Azure, GCP)Experience auditing or securing APIs (REST, GraphQL, internal services)
Experience with API gateways and WAFs
Prior experience in internal or external audit environments
Experience implementing DevSecOps programs