Application Security Engineer

About Kora

Kora is the marketplace for everything payments. We offer a robust payment API for payment collections, disbursements and conversions for businesses anywhere in Africa.

Our vision, which is at the core of what we do every day, is to create a world void of digital financial barriers. We are committed to delivering reliable, secure, and easy-to-use digital financial solutions to every single customer with a guarantee that it is improving their lives. To achieve this mission, we need people like you.

We strongly believe in our ability to find Water in the Desert and pick the Sands in the Ocean.

We value positive energy, and clear communication and are committed to building an inclusive environment for people from every background.

About The Role

As an Application Security Engineer at Kora, you will work with the Application Security team to define and execute the security strategy of our products

You will ensure that security is embedded in how we build our products from design and development to testing to how we run them and partner with Product and Engineering teams to strategically guard against existing or emerging threats.

This position is responsible for cultivating a culture of security awareness across the Engineering & Product teams.

The ideal candidate has deep technical security knowledge and expertise and will help define and implement robust security architecture strategies, frameworks, and governance processes.

In this role, you will be designated to one of Kora's strategic business units.

Here are a couple of things you'll be doing:

• Upholding code reviews across all code platforms.
• Take charge of bug intake and remediation processes for the organization.
• Provide leadership for application vulnerability scanning and penetration testing remediation.
• Manage integration with vulnerability check tools such as Static Code Analysis and Dynamic Code Analysis tools.
• Discover Security exposures and mitigation plans, and report and fix the technical glitches.

• Administering and carrying out configuration optimization on Web Application Firewalls.
• Actively participate in security initiatives with minimum supervision.
• Be the subject matter expert for application security solutions.
• Provide guidance for junior-level security engineers.
• Work closely with cross-functional teams (Engineering, DevOps, and Product) while carrying out daily tasks.
• Responds to computer security incidents according, leverages subject matter expertise where established processes do not exist.
• Acts as a subject matter expert regarding CSIRT incident response processes.
• Identify and manage potential and actual operational issues within the incident detection/response domain and take corrective action.
• Contribute to requirement gathering with the product team in the area of application security.
• Work together with cross-business units on executing standardized security solutions and integrations.
• Assist in the development of automated security testing to validate that secure coding best practices are being used.
• Conduct regular security assessments and report on findings.
• Work as a red team member, driving an offensive security approach to improving the security posture of the organization.
• Other duties as assigned by the CISO.

Requirements

Here's what are we looking for:

• Minimum of 3 years’ experience as an Application Security Engineer.
• Minimum of Bachelor’s degree in Computer Science or Information Security, or in a related technical field.
• Someone who has a thorough understanding of attacks and threats.
• Strong understanding of cybersecurity concepts and principles.
• Strong understanding of System Architecture, both On-prem and Cloud.
• Strong software design and implementation know-how, strong familiarity with web protocols, a thorough knowledge of Linux/Unix tools and architecture, and being well-versed in application security and infrastructure security.
• Experience of performing cyber assessments on systems (including Cloud assessments)
• Experience of Threat Modelling and Impact/Likelihood assessments is a must
• Understanding of emerging technologies and corresponding cybersecurity threats
• Problem-solving and analytical skills.

• Someone who follows security best practices when performing tasks

• Self-motivated individual who is adaptive to change.
• Should possess good communication skills to explain complex security topics in simple language and easy to understand concepts.
• Experience in risk identification, secure software design, secure architectures, secure testing, or vulnerability detection and remediation
• Experience in service-oriented architecture and web services security
• Understanding of OWASP 10.
• SANS, GIAC, CISSP, CISM, CISA, CEH and any other security certification is desirable.
• An engineer who is wholeheartedly about automating checks and tests.
• Finally, you live and breathe security, you have bags of energy, obsess about security & trust and you are passionate and breathe security!

Reporting Structure: This role reports to the Chief Information Security Officer, CISO

Interview process

Below is the interview process you can expect for this role. It may look like a lot of steps, but rest assured that we move quickly and the steps are designed to help you get the information needed to determine if we’re the right fit for you… Interviewing is a two-way street, after all!

We expect the interview process to take a maximum of 3 weeks and an average of 2.5 hours in total. Please note that the interview is virtual.

👋Introduction Stage - we have initial conversations to get acquainted with you and overall experience.

[15m] Recruiter Screen - Abayomi Ishmael

Feedback from the Recruiter (Abayomi Ishmael)

🧑‍💻 [60m] Team Interview Stage (Information Security Team) - We proceed to explore your professional background in greater detail and facilitate introductions to team members, including those from various cross-functional areas.

[60m] Cultural Fit Interview (Our Core Values)- At this stage, you'll engage in a conversation with Kora's COO, the Head of People and Culture, and the head of the team you’re being considered for. The aim is to understand you better and assess the alignment of your beliefs and values with Kora's distinctive culture. We'd like to emphasize that there are no right or wrong answers expected. However, we encourage you to maintain a positive attitude during this session.

Please note that you are welcome to ask questions and inquire during this process. We assure you of complete transparency throughout the interview process.

Working hours

Given that we are an all-remote company and hire almost anywhere in the world, we don’t have a location requirement for this role. However, your working hours must coincide with 9:00 am - 5:00 pm WAT for at least 40 hours/week.

Equal Opportunity Employer

Kora is an equal-opportunity employer dedicated to building an inclusive and diverse workforce. All employment decisions are based on qualifications, experience, and business needs. We strongly encourage applications from underrepresented communities and diverse ethnic groups to apply.

Please feel free to inform us if you need any accommodations to facilitate your participation in the recruitment process. Any details you share will be used solely to ensure we can support and accommodate your needs appropriately

If you require more information on our HR Data Privacy, please visit here.

Benefits

• Health insurance
• Sponsored and tailored training
• Paid parental Leave
• Paid time-off
• Flexible work style
• Annual performance bonus
• Low-interest loans
• Employee assisted programs
• Day off on your birthday 🎂 🎁 🎉
• Employee resource groups that provide supportive communities within Kora
• Great company culture and the opportunity to work with a highly collaborative team building something great!

Note: We recognize imposter syndrome is real - any candidate who does not perfectly fit every characteristic of this role is still strongly encouraged to apply.