Company Info
Large organization
51 to 100 Employees
Koraplay is a payment infrastructure for Africa. We offer plug-and-play payment solutions for businesses to launch a tailored payment experience for their customers. At the front and center of what we do every day, we are creating a future void of digital financial barriers across Africa. We are committed to delivering secure, reliable, and easy-to-use digital financial solutions to customers with a guarantee that they are improving their lives.
Koraplay is a payment infrastructure for Africa. We offer plug-and-play payment solutions for businesses to launch a tailored payment experience for their customers. At the front and center of what we do every day, we are creating a future void of digital financial barriers across Africa. We are committed to delivering secure, reliable, and easy-to-use digital financial solutions to customers with a guarantee that they are improving their lives.
Job Title: Application Security Engineer
Location: Lagos
Employment Type: Full Time
Job Description
- As an Application Security Engineer at Kora, you will work with the Application Security team to define and execute the security strategy of our products
- You will ensure that security is embedded in how we build our products from design and development to testing to how we run them and partner with Product and Engineering teams to strategically guard against existing or emerging threats.
- This position is responsible for cultivating a culture of security awareness across the Engineering & Product teams.
- The ideal candidate has deep technical security knowledge and expertise and will help define and implement robust security architecture strategies, frameworks, and governance processes.
Responsibilities
- Upholding code reviews across all code platforms.
- Take charge of bug intake and remediation processes for the organization.
- Provide leadership for application vulnerability scanning and penetration testing remediation.
- Manage integration with vulnerability check tools such as Static Code Analysis and Dynamic Code Analysis tools.
- Discover Security exposures and mitigation plans, and report and fix the technical glitches.
- Administering and carrying out configuration optimization on Web Application Firewalls.
- Actively participate in security initiatives with minimum supervision.
- Be the subject matter expert for application security solutions.
- Provide guidance for junior-level security engineers.
- Work closely with cross-functional teams (Engineering, DevOps, and Product) while carrying out daily tasks.
- Responds to computer security incidents according, leverages subject matter expertise where established processes do not exist.
- Acts as a subject matter expert regarding CSIRT incident response processes.
- Identify and manage potential and actual operational issues within the incident detection/response domain and take corrective action.
- Contribute to requirement gathering with the product team in the area of application security.
- Work together with cross-business units on executing standardized security solutions and integrations.
- Assist in the development of automated security testing to validate that secure coding best practices are being used.
- Conduct regular security assessments and report on findings.
- Work as a red team member, driving an offensive security approach to improving the security posture of the organization.
- Other duties as assigned by the CISO.
Requirements
- Minimum of 3 years experience as an Application Security Engineer.
- Minimum of Bachelor’s degree in Computer Science or Information Security, or in a related technical field.
- Someone who has a thorough understanding of attacks and threats.
- Strong understanding of cybersecurity concepts and principles.
- Strong understanding of System Architecture, both On-prem and Cloud.
- Strong software design and implementation know-how, strong familiarity with web protocols, a thorough knowledge of Linux/Unix tools and architecture, and being well-versed in application security and infrastructure security.
- Experience of performing cyber assessments on systems (including Cloud assessments)
- Experience of Threat Modelling and Impact/Likelihood assessments is a must
- Understanding of emerging technologies and corresponding cybersecurity threats
- Problem-solving and analytical skills.
- Someone who follows security best practices when performing tasks
- Self-motivated individual who is adaptive to change.
- Should possess good communication skills to explain complex security topics in simple language and easy-to-understand concepts.
- Experience in risk identification, secure software design, secure architectures, secure testing, or vulnerability detection and remediation
- Experience in service-oriented architecture and web services security
- Understanding of OWASP 10.
- SANS, GIAC, CISSP, CISM, CISA, CEH, and any other security certification is desirable.
- An engineer who is wholeheartedly about automating checks and tests.
- Finally, you live and breathe security, you have bags of energy, obsess about security & trust and you are passionate and breathe security!
Application Closing Date
Not Specified.
How to Apply
Interested and qualified candidates should:
Click here to apply online