Security & Infrastructure Engineer
Kampala or remote, depending on candidate
Contract
Contract / part-time initially
3 to 5 years
Role mission
Strengthen the security, reliability, resilience, and operational discipline of Ora Group's products and digital infrastructure.
Engagement: Contract or part-time initially, with the possibility of expanding as Ora's customer and product footprint grows.
About Ora Group
Ora Group is an African technology company building intelligent, industry-specific software platforms.
We combine software, artificial intelligence, automation, and deep operational understanding to help businesses simplify work, improve visibility, and make better decisions.
We are beginning with coffee through Ora OS Coffee, while building toward a broader portfolio of operating systems for African industry.
Key responsibilities
- Review the security posture of Ora products and infrastructure.
- Assess application, database, authentication, hosting, and deployment risks.
- Recommend and implement practical security improvements.
- Review access controls, secrets management, environment configuration, and permissions.
- Establish backup and recovery procedures.
- Review DNS, SSL, domain, email, and hosting security.
- Support vulnerability management and security testing.
- Develop incident-response and escalation procedures.
- Review logging, monitoring, and alerting.
- Help establish secure development and deployment practices.
- Document infrastructure, risks, controls, and recovery procedures.
- Provide periodic security reviews and recommendations.
- Support compliance readiness as the company grows.
Minimum qualifications
- Bachelor's degree or equivalent professional experience in cybersecurity, computer science, software engineering, infrastructure, or a related field.
- Demonstrated experience securing web applications and cloud infrastructure.
- Strong understanding of authentication, databases, access control, backups, logging, networking, and incident response.
- Ability to communicate security risks clearly to non-technical leadership.
- High integrity and discretion.
Preferred experience
- Vercel
- Supabase
- Cloudflare
- DNS and domain management
- Web application security
- Cloud security
- Email security
- Penetration testing
- Backup and disaster recovery
- Security documentation
Experience
3 to 5 years in cybersecurity, infrastructure, DevOps, cloud engineering, application security, or a related area. Relevant certifications are advantageous but not mandatory where practical capability is clearly demonstrated.
Skills and attributes
- Methodical
- Ethical
- Security-conscious
- Practical
- Clear communicator
- Strong documentation habits
- Able to prioritise risks according to severity and business impact
What success looks like
- Critical risks are identified and addressed.
- Access and infrastructure controls improve.
- Backup and recovery procedures are tested.
- Monitoring and incident procedures are established.
- Security becomes part of Ora's product-development process.
- Leadership understands the company's risk position.
What you will gain
- End-to-end ownership of security across a growing product portfolio.
- A flexible engagement that can expand as Ora's footprint grows.
- Direct influence on how security is built into Ora's engineering culture.
- Work across a modern stack including Vercel, Supabase, and cloud infrastructure.
- A documented body of security work with visible business impact.