4 Sans 25 Jobs

About Verto At Verto, we&aposre on a mission to democratise global finance and empower businesses in Emerging Markets to reach the world. Founded by British-Nigerian entrepreneurs Ola Oyetayo and Anthony Oduu, our roots in Africa provided a first-hand understanding of the significant challenges businesses face with cross-border payments, from illiquid currencies and high fees to slow transactions. This deep-rooted insight is why Africa remains a core focus, as we&aposre committed to bridging the gap between emerging and developed markets and fostering global economic growth. What started as an FX solution for the Nigerian Naira has evolved into a market-leading platform, enabling thousands of businesses to seamlessly transfer billions of dollars annually. We believe that where you do business shouldnt determine your success or ability to scale. We&aposre creating equal access to the easy payment and liquidity solutions that are already a given in developed markets. We&aposre not alone in realising this crucial need; we&aposre backed by world-class investors including Y-Combinator, Quona, and MEVP. Our impact has been recognised with accolades such as &aposFintech Start-Up of the Year' and the Milken-Motsepe Prize, a testament to our role in powering payments for some of the world&aposs most disruptive startups. Join us as we continue to grow and transform global finance. Role Overview This role is critical for fortifying Verto&aposs application security by focusing on penetration testing across Web, API, and Mobile platforms , while also embedding security automation directly into our development processes. You will significantly reduce vulnerabilities and champion a security-first culture, ensuring our products are robust and trustworthy. About The Role Were seeking a skilled DevSecOps Engineer who is passionate about security testing and securing modern applications. What Youll Be Doing Conduct in-depth penetration testing for Web, API, and Mobile (iOS & Android) applications. Perform secure code reviews and provide actionable remediation guidance, especially for Node.js. Automate security testing and integrate tools into CI/CD pipelines. Writing scripts for automating mundane security tasks. Develop and implement security best practices (OWASP Top 10, SANS 25). Monitor and strengthen AWS cloud security configurations, including AWS auditing and AWS penetration testing . Collaborate with development teams for early-stage threat modeling and risk assessments. Create and maintain security playbooks for incident response. Stay ahead of emerging threats and introduce new security methodologies. What You Need Proven experience in penetration testing for Web, API, and Mobile (iOS & Android) applications. Strong expertise in security testing tools (e.g., Burp Suite, OWASP ZAP, Python scripting). Proficiency in scripting languages such as Python or other relevant languages (e.g., PowerShell, Bash) Hands-on experience in secure code reviews and remediation guidance. Solid understanding of OWASP Top 10, SANS 25, and other security frameworks. Experience integrating security tools into CI/CD pipelines. Cloud security expertise, particularly in AWS (IAM, security monitoring, infrastructure security). Cloud security expertise, particularly in AWS (IAM, security monitoring, infrastructure security, including AWS auditing and AWS penetration testing capabilities) Familiarity with Agile and DevOps methodologies with a security-first mindset. Best If You Have Experience with Node.js applications for code reviews and remediation. Relevant certifications (e.g., OSCP, CISSP, CEH, AWS Security Specialty, Certified DevSecOps Engineer). Experience working in a fast-paced startup environment. Experience working in a DevOps environment - Product Team. Experience with Infrastructure as Code (IaC) tools (Terraform, Ansible) Experience with specific industry domains (e.g., Fintech, Logistics, E-commerce) where robust application security is critical. Culture at Verto Were a community of folks who care about their craft, collaborate with purpose, and enjoy the journey together General Perks Health & Life insurance, flexible work schedules, generous leave policy Additional Perks Gym membership, free lunch, car lease policy and a professional development budget Youll Fit Right In If You Love asking why Value solving problems over just completing tasks Understand sync vs. async communication practices Thrive in ambiguity and change Actively seek feedback Prioritise impact over activity Are fun to work with - we love good humour! About The Interview Process It will have (in no strict order) a chat with the talent team, an online assessment round, and 2 (technical + culture) interviews rounds. Show more Show less

Key Responsibilities: Hands on knowledge of Security testing methodologies like OWASP Top 10 SANS 25 etc Ability to perform automated and manual hands on penetration security testing e g DAST SAST and SCA identifying security risks within applications cloud infrastructure security controls and Network systems Experience with penetration testing tools e g Burp Extensive knowledge of attack payloads for discovering security vulnerabilities Plan execute and report on all testing activities and outcomes Create findings reports and communicate to stakeholders Must possess at least 5 years of experience in delivering VAPT in Web Thin and Thick Client Mobile and APIs Should have good and effective communication skills in English Oral and written Technical Requirements: The successful candidate must be highly motivated fast learner flexible willing to assume responsibility and deliver quality work on time Constantly identify opportunities for enhancing productivity using automation and process improvements Exposure to scripting languages e g Shell Knowledge on DevSecOps Preferred Skills: Technology->Security Testing->Security Testing - ALL

Role & responsibilities Security Integration Across SDLC: Collaborate closely with development teams throughout the SDLC to embed security best practices from design through deployment. Application Penetration Testing: Perform hands-on penetration testing of web, mobile, and API-based applications. Partner with developers to ensure effective and timely remediation of vulnerabilities. Senior Security Analyst Security Scanning & Analysis: Conduct Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) using industry-standard tools. Analyze and interpret results to support developers in remediation efforts. Code Reviews & Secure Coding: Participate in code reviews to identify insecure coding patterns and provide actionable feedback aligned with secure coding standards. Threat Modeling & Design Reviews: Facilitate security design reviews and threat modeling exercises to identify potential risks early in the development pro Preferred candidate profile We are seeking a highly skilled and proactive Senior Security Analyst to join our Application Security team. This role is critical in embedding security across the Software Development Life Cycle (SDLC) and ensuring the security of our applications through expert-level testing, review, and collaboration with development teams. The ideal candidate will possess a strong technical background in application security, excellent communication skills, and hands-on experience in penetration testing and secure coding practices.

Ideally, looking for a combination of Development and Application Security experience. Job Summary: We are seeking a skilled Application Security Engineer to join our Information Security team. The ideal candidate will have a minimum of 8-12 years of experience in application security and a strong background in software development , particularly in .NET, C#, Angular, and React . This role is crucial in ensuring the security of our applications by working closely with development, DevOps, and security teams to identify, remediate, and prevent security vulnerabilities throughout the software development lifecycle (SDLC). Key Responsibilities: Conduct application security assessments, including code reviews, penetration testing, and threat modeling to identify vulnerabilities. Work closely with developers to integrate secure coding practices and provide guidance on remediating security issues. Implement and manage Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) tools. Develop and enforce security policies, procedures, and best practices for application security. Assist in the design and review of security architecture for new and existing applications. Collaborate with DevOps teams to integrate security into CI/CD pipelines using DevSecOps principles . Research emerging threats, vulnerabilities, and security trends to proactively mitigate risks. Support incident response efforts related to application security breaches. Provide security training and awareness to development teams. Document security findings, mitigation plans, and security controls. Minimum Requirements (Must-Have) 8-12 years of experience in application security with a focus on secure software development. Strong background in software development , with hands-on experience in .NET, C#, Angular, and React . Hands-on experience with SAST, DAST, Software Composition Analysis (SCA), and penetration testing tools (e.g., Burp Suite, Checkmarx, Veracode, Fortify, SonarQube ). Solid understanding of OWASP Top 10, SANS 25, and secure coding practices . Experience with threat modeling, risk assessment, and vulnerability management . Knowledge of API security, authentication, and authorization mechanisms (OAuth, JWT, SAML, etc.). Familiarity with container security, Kubernetes security, and cloud security best practices (AWS, Azure, GCP). Experience working in Agile and DevSecOps environments , integrating security into CI/CD pipelines. Strong analytical and problem-solving skills. Excellent communication skills, with the ability to work collaboratively across teams.