Senior Engineer: Cloud & Application Security job at Cellulant
Posted by: great-volunteer
Posted date: 2026-Feb-22
Location: Uganda
Senior Engineer: Cloud & Application Security 2026-02-21T16:47:12+00:00 Cellulant https://cdn.ugashare.com/jsjobsdata/data/employer/comp_9836/logo/cellulant.png https://www.cellulant.io/ FULL_TIME Uganda Uganda 00256 Uganda Financial Services Science & Engineering, Computer & IT 2026-02-28T17:00:00+00:00 8 About Cellulant: Cellulant is Africa’s leading payments company, providing seamless, secure and innovative solutions that empower businesses, banks, and global brands to thrive in a fast-changing global economy. With a presence in over 24 countries and 200+ payment methods across cards, bank transfer and mobile money, our single API payment platform, Tingg, simplifies collections, disbursements, and reconciliations. It processes over 1 million transactions daily for market leaders in various sectors, such as Airlines, Telecoms, E-commerce, Ride-Hailing, Retail, and Remittances. By simplifying how people pay and get paid, we drive trust, commerce and scale – and connect companies to their ambitions. Our Story: Across Africa, payments are more than transactions. They are gateways to prosperity, connecting people, businesses and communities to opportunities and growth. From enabling a logistics company in Lusaka to pay suppliers across borders, to enabling a hospitality brand in Lagos to scale effortlessly, to supporting an airline in Nairobi to reconcile payments from multiple platforms, Cellulant is the bridge that makes it all possible. Through trusted technology and customer-centric innovation, we build connections that inspire progress, strengthen economies and transform payments into a tool for progress. Since our founding in 2003, we've continuously adapted and grown, leveraging our experiences to simplify payments for businesses. We are driven by an unshakable belief that seamless people-centred payments are the key to unlocking prosperity. Today, Cellulant powers online and offline payment processing, allowing businesses to collect payments, send payouts, and accelerate business growth. Our Mission: To deliver seamless, secure and innovative payment solutions for businesses. Our Vision: To create a connected world where businesses move money as easily as they share ideas. Role Overview: We are seeking an experienced Cloud Security & Application Security Engineer to strengthen our security posture across cloud-native platforms, applications, APIs, and distributed services. As a leading Payment Service Provider (PSP) in Africa, security is mission-critical. The ideal candidate will have deep technical expertise in securing large-scale cloud environments, Linux-based workloads, APIs, microservices, and high-availability financial platforms. This role is hands-on, highly technical, and responsible for building, implementing, and continuously improving our cloud and application security architecture, working closely with Engineering (Platforms and Software), DevOps, and Product teams. Location: You can be based anywhere in Africa- Zambia, Uganda,Tanzania. What You’ll Do: Cloud Security Engineering - Architect, deploy, and maintain cloud-native security controls across AWS environments.
- Implement and optimize CSPM, CIEM, CWPP, CDP, and container security tools.
- Define/Enhance secure cloud patterns for compute, network, storage, IAM, secrets management, and multi-account strategies.
- Build/enhance and enforce least-privilege IAM policies, service roles, and credential lifecycle management.
- Support cloud hardening (OS-level and service-level), encryption, key management (KMS), and network segmentation.
Application & API Security - Perform threat modeling, secure code reviews, architecture reviews, and security assessments across multiple codebases.
- Partner with engineering teams to continually embed security into SDLC, CI/CD pipelines, and DevSecOps workflows.
- Secure APIs, microservices, backend services, and distributed systems using best practices and industry frameworks.
- Enhance secure coding standards, patterns, and reusable security modules.
- Support API security design, testing, and governance across internal and external integrations.
- Perform security reviews for REST, event-driven, and payment-processing APIs.
- Ensure strong authentication (OAuth2, OIDC, mTLS) and secure token design.
Runtime Security - Harden and secure workloads, containers, and orchestration platforms (Docker, Kubernetes).
- Review/enhance runtime detection & response (EDR/XDR) for cloud-native environments.
- Ensure secure configurations, kernel-level protections, logging, and monitoring.
Security Automation - Automate cloud and application security tasks using Python, Bash, Terraform, CloudFormation and/or CI/CD workflows.
- Develop automated guardrails, policy-as-code, and security-as-code pipelines.
Incident Response & Threat Detection - Support the SOC team to develop and maintain security detection rules, alerts, and response playbooks.
- Perform deep technical investigation of cloud, application, and API security incidents.
- Collaborate with the SOC team to improve signals, automate responses, and reduce MTTD and MTTR.
Payment Security & Industry Compliance - Ensure alignment with PSP security requirements including PCI DSS and BFSI-grade controls.
- Support security testing, continuous monitoring, and continuous assurance for payment platforms.
- Partner with the Infosec GRC team during audits, pentests, and regulatory assessments.
Collaboration & Advisory - Advise product, engineering, and DevOps teams on secure architectures and design choices.
- Provide training and champion a “secure-by-default†engineering culture.
- Operate as a senior technical security expert without direct managerial responsibilities.
What We’re Looking For - 6+ years experience in information security, with at least 4+ years focused on cloud and application security.
- Strong hands-on expertise with AWS (preferred)
- Deep experience securing Linux-based cloud workloads.
- Strong understanding of:
- API security architectures
- Microservices and container ecosystems
- CI/CD pipelines, DevSecOps principles
- Infrastructure as code (Terraform, CloudFormation)
- Security as code
- Practical experience remediating vulnerabilities identified through SAST/SCA/DAST/container scanning tools.
- Strong programming or scripting skills (Python, Bash, or Go preferred).
- Experience with Kubernetes, container hardening, and runtime security solutions.
- Prior work in fintech, PSPs, BFSI, or other high-compliance environments is highly desirable, but not mandatory.
Preferred Certifications (Not mandatory but advantageous) - Cloud Security: CCSP, AWS Security Specialty
- Application Security: OSWE, OSCP, OSWA, CSSLP
- DevSecOps / Cloud: CKA/CKS, HashiCorp Terraform Associate
- Payments Compliance: PCI Internal Security Assessor (ISA)
Key Competencies - Strong problem-solving and analytical skills.
- Ability to operate independently as a senior IC.
- Excellent communication and technical documentation ability.
- Deep curiosity, proactive mindset, and passion for secure engineering.
- Strong collaboration skills across engineering, DevOps, and product teams.
Why Work for Us? At Cellulant, we are more than a payments company: we are bridge-builders. We believe that by simplifying the way people pay and get paid, we are connecting companies to their ambitions, people to opportunities, and Africa to the global economy. Our work goes beyond payments—it’s about what people, businesses, and communities can do when the movement of money becomes more dependable, seamless, and secure. - Architect, deploy, and maintain cloud-native security controls across AWS environments.
- Implement and optimize CSPM, CIEM, CWPP, CDP, and container security tools.
- Define/Enhance secure cloud patterns for compute, network, storage, IAM, secrets management, and multi-account strategies.
- Build/enhance and enforce least-privilege IAM policies, service roles, and credential lifecycle management.
- Support cloud hardening (OS-level and service-level), encryption, key management (KMS), and network segmentation.
- Perform threat modeling, secure code reviews, architecture reviews, and security assessments across multiple codebases.
- Partner with engineering teams to continually embed security into SDLC, CI/CD pipelines, and DevSecOps workflows.
- Secure APIs, microservices, backend services, and distributed systems using best practices and industry frameworks.
- Enhance secure coding standards, patterns, and reusable security modules.
- Support API security design, testing, and governance across internal and external integrations.
- Perform security reviews for REST, event-driven, and payment-processing APIs.
- Ensure strong authentication (OAuth2, OIDC, mTLS) and secure token design.
- Harden and secure workloads, containers, and orchestration platforms (Docker, Kubernetes).
- Review/enhance runtime detection & response (EDR/XDR) for cloud-native environments.
- Ensure secure configurations, kernel-level protections, logging, and monitoring.
- Automate cloud and application security tasks using Python, Bash, Terraform, CloudFormation and/or CI/CD workflows.
- Develop automated guardrails, policy-as-code, and security-as-code pipelines.
- Support the SOC team to develop and maintain security detection rules, alerts, and response playbooks.
- Perform deep technical investigation of cloud, application, and API security incidents.
- Collaborate with the SOC team to improve signals, automate responses, and reduce MTTD and MTTR.
- Ensure alignment with PSP security requirements including PCI DSS and BFSI-grade controls.
- Support security testing, continuous monitoring, and continuous assurance for payment platforms.
- Partner with the Infosec GRC team during audits, pentests, and regulatory assessments.
- Advise product, engineering, and DevOps teams on secure architectures and design choices.
- Provide training and champion a “secure-by-default†engineering culture.
- Operate as a senior technical security expert without direct managerial responsibilities.
- AWS
- Linux-based cloud workloads security
- API security architectures
- Microservices and container ecosystems
- CI/CD pipelines
- DevSecOps principles
- Infrastructure as code (Terraform, CloudFormation)
- Security as code
- SAST/SCA/DAST/container scanning tools remediation
- Python
- Bash
- Go
- Kubernetes
- Container hardening
- Runtime security solutions
- Problem-solving
- Analytical skills
- Communication
- Technical documentation
- Collaboration
- 6+ years experience in information security, with at least 4+ years focused on cloud and application security.
- Strong hands-on expertise with AWS (preferred)
- Deep experience securing Linux-based cloud workloads.
- Strong understanding of API security architectures, Microservices and container ecosystems, CI/CD pipelines, DevSecOps principles, Infrastructure as code (Terraform, CloudFormation), Security as code.
- Practical experience remediating vulnerabilities identified through SAST/SCA/DAST/container scanning tools.
- Strong programming or scripting skills (Python, Bash, or Go preferred).
- Experience with Kubernetes, container hardening, and runtime security solutions.
- Prior work in fintech, PSPs, BFSI, or other high-compliance environments is highly desirable, but not mandatory.
- Preferred Certifications: Cloud Security (CCSP, AWS Security Specialty), Application Security (OSWE, OSCP, OSWA, CSSLP), DevSecOps / Cloud (CKA/CKS, HashiCorp Terraform Associate), Payments Compliance (PCI Internal Security Assessor (ISA)).
JOB-6999e1904e3c1 Vacancy title:
Senior Engineer: Cloud & Application Security Jobs at:
Cellulant Deadline of this Job:
Saturday, February 28 2026 Duty Station:
Uganda | Uganda Summary
Date Posted: Saturday, February 21 2026, Base Salary: Not Disclosed JOB DETAILS:
About Cellulant: Cellulant is Africa’s leading payments company, providing seamless, secure and innovative solutions that empower businesses, banks, and global brands to thrive in a fast-changing global economy. With a presence in over 24 countries and 200+ payment methods across cards, bank transfer and mobile money, our single API payment platform, Tingg, simplifies collections, disbursements, and reconciliations. It processes over 1 million transactions daily for market leaders in various sectors, such as Airlines, Telecoms, E-commerce, Ride-Hailing, Retail, and Remittances. By simplifying how people pay and get paid, we drive trust, commerce and scale – and connect companies to their ambitions. Our Story: Across Africa, payments are more than transactions. They are gateways to prosperity, connecting people, businesses and communities to opportunities and growth. From enabling a logistics company in Lusaka to pay suppliers across borders, to enabling a hospitality brand in Lagos to scale effortlessly, to supporting an airline in Nairobi to reconcile payments from multiple platforms, Cellulant is the bridge that makes it all possible. Through trusted technology and customer-centric innovation, we build connections that inspire progress, strengthen economies and transform payments into a tool for progress. Since our founding in 2003, we've continuously adapted and grown, leveraging our experiences to simplify payments for businesses. We are driven by an unshakable belief that seamless people-centred payments are the key to unlocking prosperity. Today, Cellulant powers online and offline payment processing, allowing businesses to collect payments, send payouts, and accelerate business growth. Our Mission: To deliver seamless, secure and innovative payment solutions for businesses. Our Vision: To create a connected world where businesses move money as easily as they share ideas. Role Overview: We are seeking an experienced Cloud Security & Application Security Engineer to strengthen our security posture across cloud-native platforms, applications, APIs, and distributed services. As a leading Payment Service Provider (PSP) in Africa, security is mission-critical. The ideal candidate will have deep technical expertise in securing large-scale cloud environments, Linux-based workloads, APIs, microservices, and high-availability financial platforms. This role is hands-on, highly technical, and responsible for building, implementing, and continuously improving our cloud and application security architecture, working closely with Engineering (Platforms and Software), DevOps, and Product teams. Location: You can be based anywhere in Africa- Zambia, Uganda,Tanzania. What You’ll Do: Cloud Security Engineering - Architect, deploy, and maintain cloud-native security controls across AWS environments.
- Implement and optimize CSPM, CIEM, CWPP, CDP, and container security tools.
- Define/Enhance secure cloud patterns for compute, network, storage, IAM, secrets management, and multi-account strategies.
- Build/enhance and enforce least-privilege IAM policies, service roles, and credential lifecycle management.
- Support cloud hardening (OS-level and service-level), encryption, key management (KMS), and network segmentation.
Application & API Security - Perform threat modeling, secure code reviews, architecture reviews, and security assessments across multiple codebases.
- Partner with engineering teams to continually embed security into SDLC, CI/CD pipelines, and DevSecOps workflows.
- Secure APIs, microservices, backend services, and distributed systems using best practices and industry frameworks.
- Enhance secure coding standards, patterns, and reusable security modules.
- Support API security design, testing, and governance across internal and external integrations.
- Perform security reviews for REST, event-driven, and payment-processing APIs.
- Ensure strong authentication (OAuth2, OIDC, mTLS) and secure token design.
Runtime Security - Harden and secure workloads, containers, and orchestration platforms (Docker, Kubernetes).
- Review/enhance runtime detection & response (EDR/XDR) for cloud-native environments.
- Ensure secure configurations, kernel-level protections, logging, and monitoring.
Security Automation - Automate cloud and application security tasks using Python, Bash, Terraform, CloudFormation and/or CI/CD workflows.
- Develop automated guardrails, policy-as-code, and security-as-code pipelines.
Incident Response & Threat Detection - Support the SOC team to develop and maintain security detection rules, alerts, and response playbooks.
- Perform deep technical investigation of cloud, application, and API security incidents.
- Collaborate with the SOC team to improve signals, automate responses, and reduce MTTD and MTTR.
Payment Security & Industry Compliance - Ensure alignment with PSP security requirements including PCI DSS and BFSI-grade controls.
- Support security testing, continuous monitoring, and continuous assurance for payment platforms.
- Partner with the Infosec GRC team during audits, pentests, and regulatory assessments.
Collaboration & Advisory - Advise product, engineering, and DevOps teams on secure architectures and design choices.
- Provide training and champion a “secure-by-default†engineering culture.
- Operate as a senior technical security expert without direct managerial responsibilities.
What We’re Looking For - 6+ years experience in information security, with at least 4+ years focused on cloud and application security.
- Strong hands-on expertise with AWS (preferred)
- Deep experience securing Linux-based cloud workloads.
- Strong understanding of:
- API security architectures
- Microservices and container ecosystems
- CI/CD pipelines, DevSecOps principles
- Infrastructure as code (Terraform, CloudFormation)
- Security as code
- Practical experience remediating vulnerabilities identified through SAST/SCA/DAST/container scanning tools.
- Strong programming or scripting skills (Python, Bash, or Go preferred).
- Experience with Kubernetes, container hardening, and runtime security solutions.
- Prior work in fintech, PSPs, BFSI, or other high-compliance environments is highly desirable, but not mandatory.
Preferred Certifications (Not mandatory but advantageous) - Cloud Security: CCSP, AWS Security Specialty
- Application Security: OSWE, OSCP, OSWA, CSSLP
- DevSecOps / Cloud: CKA/CKS, HashiCorp Terraform Associate
- Payments Compliance: PCI Internal Security Assessor (ISA)
Key Competencies - Strong problem-solving and analytical skills.
- Ability to operate independently as a senior IC.
- Excellent communication and technical documentation ability.
- Deep curiosity, proactive mindset, and passion for secure engineering.
- Strong collaboration skills across engineering, DevOps, and product teams.
Why Work for Us? At Cellulant, we are more than a payments company: we are bridge-builders. We believe that by simplifying the way people pay and get paid, we are connecting companies to their ambitions, people to opportunities, and Africa to the global economy. Our work goes beyond payments—it’s about what people, businesses, and communities can do when the movement of money becomes more dependable, seamless, and secure. Work Hours: 8 Experience in Months: 12 Level of Education: bachelor degree Job application procedure
Application Link:Click Here to Apply Now
|