Ayub Roti

Product Security Architect · Equity Bank · Nairobi, KE

ayubroti@juaji.com · +254 727 517 942 · LinkedIn

Product Security Architect with over 10 years of experience designing resilient frameworks that bake security into the core development lifecycle. Specialist in threat modeling, DevSecOps, and secure-by-design product architecture — ensuring innovation never outpaces safety. Proven expertise in leading cross-functional teams, building automated security pipelines, and fortifying user trust without compromising engineering velocity.

Experience

Product Security Architect

Equity Bank Limited

Feb 2026 — Present

Nairobi, Kenya

›Design resilient security frameworks that embed protection into the core product development lifecycle, ensuring secure-by-design outcomes.
›Lead threat modeling and risk assessment initiatives across product teams, translating security requirements into actionable engineering tasks.
›Architect DevSecOps pipelines that fortify user trust without compromising engineering velocity or time-to-market.
›Drive secure product architecture decisions across teams, balancing innovation with safety at enterprise banking scale.

Senior Security Engineer — DevSecOps

Cellulant

May 2023 — Jan 2026

Nairobi, Kenya

›Lead cross-functional teams to address business logic and security vulnerabilities, devising strategic remediation plans.
›Direct security-focused code reviews and establish team-wide best practices for static, dynamic, and runtime analysis aligned with SSDLC principles.
›Spearhead the integration of security practices into CI/CD pipelines, ensuring proactive security posture and seamless development workflows.
›Develop security automation tools and infrastructure-as-code (IaC) to prevent vulnerabilities, guiding teams in adopting modern SSDLC methodologies.
›Serve as Subject Matter Expert in application security and SSDLC, mentoring developers and delivering secure development training programs.
›Drive adoption of secure coding practices through threat modeling, risk assessments, and ongoing security consultations across product and operations teams.

Senior Information Security Engineer

Dimension Data East Africa

Jan 2022 — May 2023

Nairobi, Kenya

›Led a team of security engineers performing web, mobile, and infrastructure penetration testing and vulnerability assessments across diverse platforms.
›Conducted red team/blue team assessments and source code reviews to identify software vulnerabilities and malicious embedded code.
›Automated report generation using Python for technical and executive audiences; built API wrapper interfaces on top of VA tools for customization and integration.
›Collaborated with sales and solution architect teams to scope cybersecurity engagements and mentored junior engineers.
›Delivered DevSecOps training to developers on secure application architecture and application threat modeling.

Security Consultant

Serianu Limited

Jan 2018 — Dec 2021

Nairobi, Kenya

›Conducted Penetration Testing and VAPT on onsite and remote systems — automated/procedural database, application, network, email, wireless, and social engineering assessments.
›Led Adversarial (Red Team) Threat Assessments using MITRE ATT&CK framework, identifying detailed attack chains and maintaining persistence on internal networks.
›Built and maintained virtual hacking environments; standardized and documented VAPT and Red Teaming TTPs.
›Deployed, configured, and maintained security infrastructure: Security Onion (NIDS), HIDS, FortiSIEM, firewalls, and endpoint protection systems.
›Developed vulnerability repositories, remediation roadmaps, and presented technical and executive-level reports to external customers.

Systems Engineer

Wananchi Limited

May 2016 — Dec 2017

Nairobi, Kenya

›Administered Linux/UNIX systems — DNS, DHCP, VPN, NFS, Apache, Nginx. Built and installed multiple Linux and Windows servers.
›Automated network monitoring using Bash, Python, and Perl; managed network tuning and performance strategies.
›Provided remote technical assistance to field teams, ensuring zero-impact implementations.

Projects

Juaji Enterprise

Founder & Lead Developer · Jan 2024 — Present

Active

›Asynchronous microservices with Go (GoTTH stack), Docker Swarm orchestration, Traefik routing, KrakenD API gateway.
›NLP-powered data processing transforming unstructured data into actionable insights with privacy compliance.
›Prometheus monitoring, Redis caching, Temporal workflows, OPA-based authorization, Keycloak OIDC.

Davinci — Unified Security Assessment Platform

Lead Architect & Developer

›Event-driven async microservice engine with FastAPI, Traefik, Nginx, HAProxy, Docker Compose orchestration, and Ansible deployment.
›Celery async task processing, Redis caching, HTTPX/WebSocket RPC for distributed computing.
›FastAPI Gateway fronting multiple microservices handling cross-cutting concerns.

Skills

Security & Standards

OWASP (Mobile, API)CWECIS BenchmarksDAST / SASTThreat ModelingRed TeamingMITRE ATT&CKSSDLC

Infrastructure & Cloud

Docker SwarmKubernetesRancherAWSGCPOpenTofu / TerraformAnsibleHelm

Networking & Proxies

TraefikNginxHAProxyEnvoyContourDNSDHCPVPN

Languages & Frameworks

GoPythonBashPerlRubyFastAPIFlaskDjangoHTMXNode.js

Identity & Policy

KeycloakOpenLDAPOPAVaultDoppler

Observability & Scanning

PrometheusNessusRapid7GreenboneTrivyKube-benchSecurity Onion

Certifications

Certified Ethical Hacker EC Council

2019

AWS Certified Cloud Practitioner (CLF-C01) Amazon

2022

eLearnSecurity Junior Penetration Tester (eJPT) INE

2022

LPIC-2: Linux Enterprise Professional Cloud Guru

2019

CompTIA Linux+ / LPIC-1 Cloud Guru

2019

Security Architecture InfoSec Skill

2024

Container Security InfoSec Skill

2024

DevOps Tools Engineer Linux Professional Institute

2024 (Ongoing)

Education

Electrical and Electronic Engineering

Dedan Kimathi University of Science and Technology — Nyeri, Kenya

2016

References

Available upon request.