Senior Application Security Engineer

Fincra is a payment infrastructure for fintechs, platforms and global businesses. Fincra provides payments solutions that enables businesses to accept payments securely, make payouts globally and scale your business across borders.

About the role

They are looking to hire a Senior Application Security Engineer who will be responsible for securely architecting and testing web applications. Reporting to the Security and amp; Privacy Engineering Lead, you will work towards raising the bar on security and privacy. You will also own the organization s vulnerability management process end-to-end.

team

What do you need to be considered successful?

You will work and collaborate with cross-functional teams to provide guidance on security best practices. You will also be responsible for the following:

• Drive all application security reviews and threat modeling, including code review and dynamic testing.
• Become a significant stakeholder in improving and leading security releases, influencing cross functional positive changes.
• Provide expert guidance and direction for other team members when they encounter challenges in their security reviews.
• Own documentation and procedures surrounding application security reviews as well as lead by example for what successful application security reviews look like.
• Scale application security by developing automated security testing or centralized security libraries which scale directly with developers and enable them to more easily write secure code.
• Have significant ownership in and evangelize security training with development teams.
• Drive initiatives that scale application security and holistically address multiple vulnerabilities.
• Design and evolve the organizations bug bounty program.

How important are you to the bottomline?

Your team will be responsible for leading and implementing the various initiatives that relate to improving Irembo s security.

The biggest problem solving duties on the job

You must be willing to work in a fast-paced and results-driven-oriented environment and exhibit an appetence for the tech world. You should also demonstrate a data-driven and structured approach to work, a strong level of self-management, and a consistent professional maturity.

What you need to have done in your career?

• Minimum of seven (7) years post NYSC relevant experience in Information Security.
• Very strong knowledge of cloud architecture and security.
• Experience in Implementing security controls using standards such as PCIDSS, ISO 27001 and ISO 2230.
• Strong understanding of cybersecurity concepts and principles.
• Strong understanding of System Architecture, both On-prem and Cloud.
• Strong software design and implementation know-how, strong familiarity with web protocols, a thorough knowledge of Linux/Unix tools and architecture, and being well-versed in application security and infrastructure security.
• Experience of performing cyber assessments on systems (including Cloud assessments)
• Experience of Threat Modeling and Impact/Likelihood assessments
• Understanding of emerging technologies and corresponding cybersecurity threats
• Experience in service-oriented architecture and web services security
• Understanding of OWASP 10.
• Experience in deployment and administration of security solutions (SIEM, WAF, DAM, etc)
• Certifications such as CompTIA Security+, CEH, CISSP, CCSP, IS0 22301 LI, IS 27001 LI could be an added advantage
  

What do you stand to gain

• Competitive Remuneration
• Work with a brilliant and diverse team