Application Security Engineer

About Verto

At Verto, we're on a mission to democratise global finance and empower businesses in Emerging Markets to reach the world. Founded by British-Nigerian entrepreneurs Ola Oyetayo and Anthony Oduu, our roots in Africa provided a first-hand understanding of the significant challenges businesses face with cross-border payments, from illiquid currencies and high fees to slow transactions. This deep-rooted insight is why Africa remains a core focus, as we're committed to bridging the gap between emerging and developed markets and fostering global economic growth.

What started as an FX solution for the Nigerian Naira has evolved into a market-leading platform, enabling thousands of businesses to seamlessly transfer billions of dollars annually. We believe that where you do business shouldn't determine your success or ability to scale. We're creating equal access to the easy payment and liquidity solutions that are already a given in developed markets.

We're not alone in realising this crucial need; we're backed by world-class investors including Y-Combinator, Quona, and MEVP. Our impact has been recognised with accolades such as 'Fintech Start-Up of the Year' and the Milken-Motsepe Prize, a testament to our role in powering payments for some of the world's most disruptive startups. Join us as we continue to grow and transform global finance.

Role Overview

This role is critical for fortifying Verto's application security by focusing on penetration testing across Web, API, and Mobile platforms, while also embedding security automation directly into our development processes. You will significantly reduce vulnerabilities and champion a security-first culture, ensuring our products are robust and trustworthy.

About the Role

We're seeking a skilled DevSecOps Engineer who is passionate about security testing and securing modern applications.

What You'll Be Doing

• Conduct in-depth penetration testing for Web, API, and Mobile (iOS & Android) applications.

• Perform secure code reviews and provide actionable remediation guidance, especially for

• Automate security testing and integrate tools into CI/CD pipelines.

• Writing scripts for automating mundane security tasks.

• Develop and implement security best practices (OWASP Top 10, SANS 25).

• Monitor and strengthen AWS cloud security configurations, including AWS auditing and AWS penetration testing .

• Collaborate with development teams for early-stage threat modeling and risk assessments.

• Create and maintain security playbooks for incident response.

• Stay ahead of emerging threats and introduce new security methodologies.

What You Need

• Proven experience in penetration testing for Web, API, and Mobile (iOS & Android) applications.

• Strong expertise in security testing tools (e.g., Burp Suite, OWASP ZAP, Python scripting).

• Proficiency in scripting languages such as Python or other relevant languages (e.g., PowerShell, Bash)

• Hands-on experience in secure code reviews and remediation guidance.

• Solid understanding of OWASP Top 10, SANS 25, and other security frameworks.

• Experience integrating security tools into CI/CD pipelines.

• Cloud security expertise, particularly in AWS (IAM, security monitoring, infrastructure security).

• Cloud security expertise, particularly in AWS (IAM, security monitoring, infrastructure security, including AWS auditing and AWS penetration testing capabilities)

• Familiarity with Agile and DevOps methodologies with a security-first mindset.

Best If You Have

• Experience with applications for code reviews and remediation.

• Relevant certifications (e.g., OSCP, CISSP, CEH, AWS Security Specialty, Certified DevSecOps Engineer).

• Experience working in a fast-paced startup environment.

• Experience working in a DevOps environment - Product Team.

• Experience with Infrastructure as Code (IaC) tools (Terraform, Ansible)

• Experience with specific industry domains (e.g., Fintech, Logistics, E-commerce) where robust application security is critical.

Culture at Verto

We're a community of folks who care about their craft, collaborate with purpose, and enjoy the journey together

General Perks

• Health & Life insurance, flexible work schedules, generous leave policy

Additional Perks

• Gym membership, free lunch, car lease policy and a professional development budget

You'll Fit Right In If You

• Love asking "why?"

• Value solving problems over just completing tasks

• Understand sync vs. async communication practices

• Thrive in ambiguity and change

• Actively seek feedback

• Prioritise impact over activity

• Are fun to work with - we love good humour

About the Interview Process

It will have (in no strict order) a chat with the talent team, an online assessment round, and 2 (technical culture) interviews rounds.

---