Jobs · himalayas
Security Operations Engineer
Nimbus Data Systems · Remote · Posted 15d ago
About the role
Own security alert design and triaging in a remote role for a stablecoin infrastructure provider.
Nimbus Data Systems is the largest and first licensed stablecoin-based infrastructure provider, operating in 20 African countries and the emerging markets. Our mission is to empower businesses of all sizes, making it easier for them to make international payments, protect their financial assets, manage their treasury function, and access hard currency liquidity. We are creating “financial infrastructure that works”, disrupting the financial services industry by offering innovative solutions designed to meet the distinct needs of – and real-world challenges faced on a daily basis by – our customers. Leveraging the power of stablecoins pegged 1:1 to the U.S. dollar (e.g., USDC, USDT, and PYUSD), we deliver our innovative solutions through our commercial trading function, our B2B products (i.e., our Payments API & Treasury Portal). The Security Operations Engineer is the operational backbone of the Security Operations Centre (SOC). It is a fully remote, hands-on, technical role that owns three tightly integrated domains: security alert design, triaging, and automated response, cloud security posture management across EKS and AWS environments, and posture tracking and reporting. Reporting to the Associate Director, Product & Infrastructure Security, the engineer works alongside a mature Application Security team and collaborates closely with DevOps, Engineering, and Security GRC functions. The role sits within the First Line of Defense and is expected to progressively drive down manual effort through detection-as-code and SOAR automation. This is not a perimeter-security or scan-and-report role. The right candidate must be comfortable writing detection logic, triaging cloud misconfigurations at the infrastructure level, and owning end-to-end vulnerability remediation cycles in containerised environments. Key responsibilities Duties include, but are not limited to. 1. Security Operations The engineer owns the full lifecycle of security detection and response inside the SOC, from signal design through to automated containment. This is the primary domain of the role. Alert design and coverage Design and maintain SIEM detection rules covering cloud, container, identity, and application layers, using both signature-based and behavioural logic Map detection coverage against the MITRE ATT&CK framework and identify gaps relevant to the organisation's AWS and EKS attack surface Integrate threat intelligence feeds to refresh rule logic for emerging threats and TTPs Maintain a detection backlog, prioritised by risk, with defined review cadences Alert triage Daily SIEM alert triage following defined response timing standard Classify, investigate, and resolve security signals; Reduce false-positive rates through structured tuning cycles, with documented rationale for rule changes Maintain triage runbooks for key production detection rules Automated response workflows (SOAR) Build and maintain SOAR playbooks for common alert types including IAM anomalies, misconfiguration alerts, exposed secrets, and container runtime events Automate enrichment steps (asset lookup, threat intel correlation, ownership resolution) to reduce analyst time-to-context Document automation logic and maintain version control for all playbooks Measure and report automation coverage rate as a standing KRI 2. Cloud Security Posture Management Cloud posture management is the infrastructure-facing domain of the role, covering vulnerability management, identity governance, and configuration and change control. AWS EKS and Serverless resources are the primary environments. Vulnerability management Own the end-to-end vulnerability triage process for cloud and container environments, prioritising findings by business impact using CVSS scoring, asset criticality, and exploitability context Manage EKS-specific vulnerability coverage: base image currency, workload scanning results, pod security standards compliance, and node group patching cadence Coordinate remediation with engineering teams by opening well-scoped tickets, tracking progress, and escalating SLA breaches Maintain MTTR and SLA compliance data by severity tier Oversee CSPM posture score targets; triage new Critical findings within defined SLA windows Identity and access governance Review and approve IAM policy changes, enforcing least-privilege and flagging over-permissioned roles or service accounts Execute scheduled IAM hygiene reviews: unused credentials, stale access keys, overly broad policies, and cross-account trust boundaries Govern workload identity configurations in EKS, ensuring service accounts carry only the permissions required Support the secrets rotation program and enforce zero hardcoded credentials across the estate Configuration and change management Review and approve cloud network security changes: security group modifications, network ACL changes, and routing updates Own container image security: base image update cadence, scanning results review, and image ownership classification In
Read the full posting on himalayas →
FAQ
Is the Security Operations Engineer role at Nimbus Data Systems remote?+
This Security Operations Engineer position is listed as remote (Remote).
What is the salary for the Security Operations Engineer role at Nimbus Data Systems?+
The listing states Estimated 100k-231k USD.
What seniority level is this Security Operations Engineer role?+
This is a senior level position.
How do I apply for the Security Operations Engineer role at Nimbus Data Systems?+
Use the "Apply on himalayas" button to open the original posting on himalayas, where you can submit your application directly to Nimbus Data Systems.