Intelligence Match
Match: ??%
Unlock Your Personalized Match
Sign in to see your exact score breakdown and personalized insights.
Team Tagline
About the role
Own the security of Paystack's AWS organisation as a whole - its architecture, account structure and the organisation-level controls that apply across every team, product, and environment at the company. Design, implement, and govern how access works across the entire organisation - defining the permission model from first principles, building the systems that enforce it, and ensuring it holds as the company scales. Examples of the kind of work this involves include self-service permission services and horizontal access control systems that engineering teams can rely on without needing to involve security on every request. Define and enforce the cloud security baseline that all engineering teams build within - ensuring that what gets provisioned meets a consistently high standard by default, not by intervention. Act as the Security team's embedded partner to DevOps - present from the start of infrastructure decisions (not at the end of them) and the central point of contact for security questions from across the engineering organisation. Ensure that secrets management, identity and access boundaries, and the security of the supply chain at the infrastructure layer are robust, auditable, and well-maintained - providing the foundation that Application Security depends on, without owning its remit. Own the security observability pipeline up to the point of delivery - ensuring logs and signals are generated correctly, structured for consumption, and reliably delivered to Security Operations, which then owns what is done with them. Translate compliance requirements across multiple active regulatory frameworks and data protection regimes into concrete, automated infrastructure controls - encryption baselines, access governance, audit logging, and programmatic evidence generation - so that GRC has the technical substance it needs to do its work. Anticipate where the platform's threat landscape is heading, not just where it has been - building controls that are durable under future conditions, not just the ones you can see today. Write code that solves real infrastructure security problems with the same rigour you would apply to production engineering - your output is a platform, and it needs to hold. Make security the path of least resistance for engineering - the controls you build should make the secure option the obvious option, with no trade-off in developer velocity. Define the technical direction and standards for Platform Security with enough clarity and rigour that they hold as the team grows and as the infrastructure evolves beneath them. The ideal candidate for this role will have: Deep, production-tested experience securing AWS environments at scale. AWS experience is a firm requirement for this role; you have strong, evidence-based opinions about cloud security architecture because you have encountered the failure modes, not just read about them. Direct experience owning cloud infrastructure at the organisation level. You have defined account structures, designed organisation-wide policy enforcement, and governed access across a multi-account AWS environment in a context where getting it wrong had real consequences. The ability to design and implement access control systems that work at company scale - you understand the failure modes of permission models that grow without governance, and you know how to build the systems that prevent them. The ability to write defensive, high-quality code - you are not a policy engineer who delegates implementation; you build the infrastructure and tooling yourself, and you build it well. A strong mental model of how the web works end to end, including the security controls and failure modes from client to server and the ability to reason about where those failure modes intersect with cloud infrastructure. A genuine instinct for finding flaws in systems - you spot what others miss, communicate it clearly, and drive resolution rather than generating reports. The ability to reduce risk in inherently insecure efforts without defaulting to industry norms. You know when the standard approach is the right one and when it is simply the familiar one, and you are willing to argue the difference. A track record of inheriting complex, live systems and improving them without breaking what works.
You know when to rewrite and when to refine, and you can defend either position. The ability to operate across the breadth of Platform Security - identity and access management, secrets management, infrastructure security, network controls, container security, and supply chain security at the infrastructure layer - with enough depth to make good decisions in each area and enough range to see how they connect. Experience working in regulated environments where multiple compliance frameworks are simultaneously active and where audit evidence needs to be generated programmatically, not assembled by hand. The credibility to be the go-to security contact for an engineering organisation. You engage technically with senior engineers, translate security requirements into decisions they can act on, and push back effectively without creating friction. A natural inclination to collaborate: you work with engineering teams, not around them, and you understand that a control nobody adopts is not a control. Beneficial: Experience building or shaping a security sub-function - defining its scope, establishing its operating model, and creating the conditions for others to join and contribute effectively. Familiarity with the regulatory and data protection landscape across Paystack's markets. The frameworks are not identical and understanding how they interact at the level of technical controls is a genuine differentiator. Experience working closely with a parent company's security programme while maintaining independent ownership of a subsidiary or regional environment
. Exposure to security incident response at the infrastructure level - not as a SecOps function, but as the person who owns the underlying platform when something goes wrong and needs to understand it deeply and quickly. Experience establishing security standards and reference architectures that engineering teams adopt because they are genuinely useful - patterns that get used, not mandates that get worked around. Soft Skills: High agency: you identify problems before they are raised, take ownership without being asked, and drive clarity in ambiguous situations rather than waiting for it. A knack for clear, precise communication: you can explain a control decision to a senior engineer, a gap to an auditor, and a strategic priority to leadership, and each version lands correctly for its audience; you are also comfortable pushing back when warranted. Calm and methodical under pressure: when something breaks at the infrastructure level, you are the person others orientate around. Collaborative by instinct: you build trust with engineering through quality and reliability, not through authority, and you understand that the Security team's credibility is shaped significantly by how Platform Security is perceived by the people it works alongside every day. A systems thinker who builds for scale: you are not optimising for your own output; you are building something that will outlast your direct involvement in it, and that shapes every decision you make.
Required Skills
Preferred Skills
Responsibilities
- Own the security of Paystack's AWS organisation as a whole - its architecture, account structure and the organisation-level controls that apply across every team, product, and environment at the company
- Design, implement, and govern how access works across the entire organisation - defining the permission model from first principles, building the systems that enforce it, and ensuring it holds as the company scales. Examples of the kind of work this involves include self-service permission services and horizontal access control systems that engineering teams can rely on without needing to involve security on every request
- Define and enforce the cloud security baseline that all engineering teams build within - ensuring that what gets provisioned meets a consistently high standard by default, not by intervention
- Act as the Security team's embedded partner to DevOps - present from the start of infrastructure decisions (not at the end of them) and the central point of contact for security questions from across the engineering organisation
- Ensure that secrets management, identity and access boundaries, and the security of the supply chain at the infrastructure layer are robust, auditable, and well-maintained - providing the foundation that Application Security depends on, without owning its remit
- Own the security observability pipeline up to the point of delivery - ensuring logs and signals are generated correctly, structured for consumption, and reliably delivered to Security Operations, which then owns what is done with them
- Translate compliance requirements across multiple active regulatory frameworks and data protection regimes into concrete, automated infrastructure controls - encryption baselines, access governance, audit logging, and programmatic evidence generation - so that GRC has the technical substance it needs to do its work
- Anticipate where the platform's threat landscape is heading, not just where it has been - building controls that are durable under future conditions, not just the ones you can see today
- Write code that solves real infrastructure security problems with the same rigour you would apply to production engineering - your output is a platform, and it needs to hold
- Make security the path of least resistance for engineering - the controls you build should make the secure option the obvious option, with no trade-off in developer velocity
- Define the technical direction and standards for Platform Security with enough clarity and rigour that they hold as the team grows and as the infrastructure evolves beneath them
Job Application Safety Disclaimer
Your security and privacy are our top priorities. Please be aware that InStreamIQ will never ask you to pay any fees for job applications, placements, or training as a condition of employment.
Furthermore, legitimate employers will not ask for sensitive personal identification such as your Bank Verification Number (BVN), National Identification Number (NIN), or Passport details during the initial application phase. Do not share financial information or make any payments to individuals or organizations claiming to represent an employer. If you encounter any suspicious requests, please report the listing immediately via our support channels.