Application Security Engineer

Kora

Description
Kora is a payment infrastructure. We offer plug-and-play payment solutions for businesses to launch a tailored payment experience to their customers.
Our vision, which is at the core of what we do every day, is to create a future void of digital financial barriers. We are committed to delivering reliable, secure, and easy-to-use digital financial solutions to every single customer with a guarantee that it is improving their lives.
We strongly believe in our ability to find water in the desert and pick the sands in the ocean.
We value positive energy, and clear communication and are committed to building an inclusive environment for people from every background.
About The Role
As an Application Security Engineer at Kora, you will work with the Application Security team to define and execute the security strategy of our products
You will ensure that security is embedded in how we build our products from design and development to testing to how we run them and partner with Product and Engineering teams to strategically guard against existing or emerging threats.
This position is responsible for cultivating a culture of security awareness across the Engineering & Product teams.
The ideal candidate has deep technical security knowledge and expertise and will help define and implement robust security architecture strategies, frameworks, and governance processes.
Here are a couple of things you'll be doing:
Upholding code reviews across all code platforms.
Take charge of bug intake and remediation processes for the organization.
Provide leadership for application vulnerability scanning and penetration testing remediation.
Manage integration with vulnerability check tools such as Static Code Analysis and Dynamic Code Analysis tools.
Discover Security exposures and mitigation plans, and report and fix the technical glitches.
Administering and carrying out configuration optimization on Web Application Firewalls.
Actively participate in security initiatives with minimum supervision.
Be the subject matter expert for application security solutions.
Provide guidance for junior-level security engineers.
Work closely with cross-functional teams (Engineering, DevOps, and Product) while carrying out daily tasks.
Responds to computer security incidents according, leverages subject matter expertise where established processes do not exist.
Acts as a subject matter expert regarding CSIRT incident response processes.
Identify and manage potential and actual operational issues within the incident detection/response domain and take corrective action.
Contribute to requirement gathering with the product team in the area of application security.
Work together with cross-business units on executing standardized security solutions and integrations.
Assist in the development of automated security testing to validate that secure coding best practices are being used.
Conduct regular security assessments and report on findings.
Work as a red team member, driving an offensive security approach to improving the security posture of the organization.
Other duties as assigned by the CISO.
Requirements
Here's what are we looking for:
Minimum of 3 years’ experience as an Application Security Engineer.
Minimum of Bachelor’s degree in Computer Science or Information Security, or in a related technical field.
Someone who has a thorough understanding of attacks and threats.
Strong understanding of cybersecurity concepts and principles.
Strong understanding of System Architecture, both On-prem and Cloud.
Strong software design and implementation know-how, strong familiarity with web protocols, a thorough knowledge of Linux/Unix tools and architecture, and being well-versed in application security and infrastructure security.
Experience of performing cyber assessments on systems (including Cloud assessments)
Experience of Threat Modelling and Impact/Likelihood assessments is a must
Understanding of emerging technologies and corresponding cybersecurity threats
Problem-solving and analytical skills.
Someone who follows security best practices when performing tasks
Self-motivated individual who is adaptive to change.
Should possess good communication skills to explain complex security topics in simple language and easy to understand concepts.
Experience in risk identification, secure software design, secure architectures, secure testing, or vulnerability detection and remediation
Experience in service-oriented architecture and web services security
Understanding of OWASP 10.
SANS, GIAC, CISSP, CISM, CISA, CEH and any other security certification is desirable.
An engineer who is wholeheartedly about automating checks and tests.
Finally, you live and breathe security, you have bags of energy, obsess about security & trust and you are passionate and breathe security!
Benefits
Health Insurance
Stock Options
Sponsored and Tailored training
Paid Parental Leave
Paid Time Off
Flexible Work Style
Internet Contribution
Annual Performance Bonus
Interest-free Loans
Employee Assisted Programs
Day off on your Birthday :)
Great company culture and the opportunity to work with a highly collaborative team building something great!
#LI-Remote

Job overview

  • Job's title: Application Security Engineer
  • Publication date : 2023-05-24 May be expired
Apply for this job

Apply for this job