Korapay is a payment infrastructure servicing a wide band of businesses making local and international payments. We are a marketplace for digital financial services across Africa. Our vision, which is at the core of what we do every day, is to create a world void of digital financial barriers across Africa. We are committed to delivering reliable, secure, and easy to use digital financial solutions to every single customer with a guarantee that it is improving their lives.

We are recruiting to fill the position below:

Job Title: Application Security Engineer

Location: Lagos
Employment Type: Full-time
Category: Information Security

Description

• As an Application Security Engineer at Korapay, you will be responsible for defining and executing on the security strategy of our products.
• You will ensure that security is embedded in how we build our products from design and developments to testing to how we run them and partner with product and engineering teams to strategically guard against existing or emerging threats.
• This position is responsible for cultivating a culture of security awareness across engineering & product teams.
• The ideal candidate has deep technical security knowledge and expertise and will help define and implement robust security architecture strategies, frameworks and governance processes.

Responsibilities
Here are a couple of things you’ll be doing:

• Upholding code reviews across all code platforms.
• Take charge of bug intake and remediation processes for the organization.
• Provide leadership for application vulnerability scanning and penetration testing remediation.
• Manage integration with vulnerability check tools such as Static Code Analysis and Dynamic Code Analysis tools.
• Discover Security exposures and mitigation plans and also report and fix the technical glitches.
• Provide support on all application security activities.
• Administering and carrying out configuration optimization on Web Application Firewalls.
• Actively participate in security initiatives with minimum supervision.
• Be the subject matter expert for application security solutions.
• Provide guidance for junior level security engineers.
• Follow security best practices in performing tasks.
• Work closely with cross-functional teams (Engineering, DevOps and Product) while carrying out daily tasks.
• Contribute to requirement gathering with the product team in the area of application security.
• Work together with cross business units on executing standardized security solutions and integrations.
• Assist in development of automated security testing to validate that secure coding best practices are being used.
• Conduct regular security assessments and report on findings.
• Work as a red team member, driving an offensive security approach to improve the security posture of the Organization.
• Other duties as assigned by the CISO.

Requirements
Here’s what are we looking for:

• Minimum of Bachelor’s Degree in Computer Science or Information Security, or in a related technical field.
• Minimum of 3 years’ experience as an Application Security Engineer.
• Someone who has a thorough understanding of attacks and threats.
• Strong understanding of cybersecurity concepts and principles.
• Strong understanding of System Architecture, both On-prem and Cloud.
• Strong software design and implementation know-how, strong familiarity with web protocols, a thorough knowledge of Linux/Unix tools and architecture, and being well-versed in application security and infrastructure security.
• Experience of performing cyber assessments on systems (including Cloud assessments)
• Experience of Threat Modelling and Impact/Likelihood assessments is a must
• Understanding of emerging technologies and corresponding cybersecurity threats
• Problem solving and analytical skills.
• Self-motivated individual who is adaptive to change.
• Should possess good communication skills to explain complex security topics in simple language and easy to understand concepts.
• Experience in risk identification, secure software design, secure architectures, secure testing, or vulnerability detection and remediation
• Experience in service-oriented architecture and web services security
• Understanding of OWASP 10.
• SANS, GIAC, CISSP, CISM, CISA, CEH and any other security certification is desirable.
• An engineer who is wholeheartedly about automating checks and tests.
• Finally, you live and breathe security, you have bags of energy, obsess about security & trust and you are passionate and breathe security!

Benefits

• Health Insurance
• Stock Options
• Sponsored and Tailored training
• Paid Parental Leave
• Paid Time Off
• Flexible Work Style
• Internet Allowance
• Annual Performance Bonus
• Pension Plan
• The opportunity to work with a highly collaborative team-building something great!

Application Closing Date
Not Specified.