Application Security Engineer (Pentesting & DevSecOps)

At Verto, we’re passionate about helping businesses in Emerging Markets reach the world. What first started life as an FX solution for trading Nigerian Naira has now become a market-leading platform, changing the way thousands of businesses transfer money in and out of Emerging Markets.

We believe that where you do business shouldn’t determine how successful you are or your ability to scale. Millions of companies a day have to juggle long settlement periods, high transaction fees, and issues accessing liquidity to trade with African businesses. We’re on a mission to change this by creating equal access to easy payment and liquidity solutions that are already a given in developed markets.

We’re not alone in realising the opportunity and need to solve for emerging markets. We’re backed by world-class investors including Y-Combinator, Quona, and MEVP, power payments for some of the most disruptive start-ups in the world, and have a list of accolades from leading publications including being voted ‘Fintech Start Up of the Year’ at Fintech Awards London 2022.

Each year we process billions of dollars of payments and provide companies with solutions that help them save money, automate processes, and grow, but we’re only just getting started.

We’re seeking a skilled Application Security Engineer (Pentesting & DevSecOps) who is passionate about security testing and securing modern applications. In this role, you will focus on penetration testing for Web, API, and Mobile (iOS & Android) applications while also contributing to security automation within our development and deployment processes.
Your key objectives will include performing security assessments, identifying and remediating vulnerabilities, ensuring secure coding practices, and driving security automation.

Within your first 12 months, you will be expected to:

• Conduct regular security testing (penetration testing, vulnerability assessments, and code reviews) and reduce critical and high severity vulnerabilities.

• Integrate security testing tools into CI/CD pipelines, ensuring the deployments pass security scans before release.

• Provide actionable remediation recommendations, particularly for Node.js applications.

• Strengthen AWS cloud security by implementing best practices and monitoring configurations.

• Build a security-first mindset across development teams by conducting training and awareness sessions.

In this role, you will:

• Perform in-depth penetration testing for Web, API, and Mobile applications (iOS & Android) using tools like Burp Suite, OWASP ZAP, and custom Python scripts.

• Conduct secure code reviews, focusing on identifying vulnerabilities and providing remediation guidance, especially for Node.js applications.

• Automate security testing within CI/CD pipelines, ensuring continuous security validation in the software development lifecycle.

• Develop and implement security best practices, ensuring all teams follow OWASP Top 10, SANS 25, and other security frameworks.

• Work closely with development teams to integrate security controls and ensure early-stage threat modeling and risk assessments.

• Monitor cloud security configurations, focusing on AWS security best practices, IAM hardening, and secure infrastructure as code.

• Create and maintain security playbooks for incident response, reducing breach resolution times through automation and process improvement.

• Stay ahead of emerging threats and introduce at least two new security tools or methodologies annually.

You’ll be responsible for:

• Performing hands-on security testing, identifying vulnerabilities, and working with developers to remediate them.

• Championing security within the development lifecycle and advocating for secure coding practices.

• Automating security testing and implementing security gates in CI/CD pipelines.

• Strengthening AWS security, ensuring compliance with security frameworks and best practices.

• Driving a culture of security awareness across engineering teams.

Skills and Qualifications:

• Proven experience in penetration testing for Web, API, and Mobile (iOS & Android) applications.

• Strong expertise in security testing tools such as Burp Suite, OWASP ZAP, and Python scripting for custom security automation.

• Hands-on experience in secure code reviews and remediation guidance, with Node.js experience being a strong plus.

• Solid understanding of OWASP Top 10, SANS 25, and other security frameworks.

• Experience integrating security tools into CI/CD pipelines and automating security testing.

• Cloud security expertise, particularly in AWS (IAM, security monitoring, least privilege access, infrastructure security).

• Familiarity with Agile and DevOps methodologies, with a security-first mindset.

• Strong problem-solving and collaboration skills, with the ability to work closely with development teams.

• Relevant certifications (e.g., OSCP, CISSP, CEH, AWS Security Specialty, Certified DevSecOps Engineer) are a plus.

If you're passionate about security, love breaking and fixing things, and want to make a meaningful impact in a fast-paced fintech environment, we’d love to hear from you!