Senior Specialist - DevSecOps at MTN Nigeria
MTN Nigeria
Reports To: Senior Manager - Information Security
Division: Information Technology
Mission:
The Senior Specialist, DevSecOps is responsible for the delivery of the design, implementation , and continuous improvement of secure DevOps processes within MTN Nigeria by integrating security controls, automation, and monitoring into CI/CD pipelines, ensuring rapid delivery of high-quality and secure applications. They will drive a security-first engineering culture by proactively identifying risks, automating security controls, and enabling development teams to deliver scalable, compliant, and resilient systems at speed.
Description:
The role operates within a highly complex internal technology and delivery ecosystem, requiring deep technical expertise and strong coordination across multiple domains:
Application & Platform Complexity
Securing diverse enterprise applications, digital platforms, with varying architectures (monolithic, microservices, APIs)
Managing security across legacy systems and modern cloud-native applications
Ensuring consistent security standards across multiple development teams and product lines
CI/CD & DevOps Integration
Embedding security into end-to-end CI/CD pipelines without disrupting delivery timelines
Managing integration of multiple security tools (SAST, DAST, SCA, secrets scanning) within automated workflows
Handling pipeline failures, false positives, and tuning tools for optimal performance
Cloud & Infrastructure Complexity
Securing multi-cloud and hybrid environments with differing configurations and controls
Implementing secure Infrastructure as Code (IaC) while maintaining scalability and consistency
Managing containerized environments (e.g., Kubernetes) with evolving security requirements
Data Protection & Access Control
Enforcing data security, encryption, and access governance across internal systems
Managing identity and access controls (IAM) for developers, systems, and applications
Ensuring proper handling of sensitive customer and business data across environments
Tooling & Automation Challenges
Selecting, integrating, and maintaining DevSecOps toolchains across the organization
Ensuring interoperability between tools (CI/CD, security scanners, ticketing systems, SIEM)
Continuously optimizing automation to reduce manual intervention
Compliance & Internal Governance
Aligning internal processes with security policies, standards, and audit requirements
Supporting internal audits, risk assessments, and control validations
Maintaining documentation and evidence for compliance without slowing delivery
Education:
Bachelor's degree
Master's in information science is preferred
Certification:Security Certifications (Minimum of 1)
Certified Information Systems Security Professional (CISSP)
Certified Information Security Manager (CISM)
Certified Ethical Hacker (CEH)
Cloud & DevSecOps related professional Certifications
AWS Certified Security - Specialty
Microsoft Azure Security Engineer Associate
Google Professional Cloud Security Engineer
Certified Kubernetes Security Specialist (CKS)
Experience:
6 - 13 years experience in IT, Cybersecurity, or DevOps roles
Minimum of 5+ years specifically in DevSecOps
Experience in large-scale, high-availability environments (telecom, fintech, or enterprise IT)
Proven track record of implementing secure CI/CD pipelines and automation
Proficiency in:
Secure software development lifecycle
Cloud security architecture (AWS, Azure, GCP)
Containerization and orchestration security (Docker, Kubernetes)
API security and microservices architecture
Identity and Access Management (IAM)
Vulnerability management and security testing tools (SAST, DAST, SCA)
Experience working in a large organization