Application Security Engineer at Paystack

Role Summary

We're looking for an Application Security Engineer to join our Information Security Team. This is your chance to play a critical role in securing Paystack's rapidly growing fintech platform and ensuring that our customers' trust remains unwavering.

You'll work closely with our Engineering, DevOps, and Product teams to safeguard our applications from design to deployment. From penetration testing and vulnerability management to building a culture of secure development, you'll be the expert who ensures security is embedded into everything we build.

If you're passionate about protecting systems, love a technical challenge, and thrive in a fast-paced, collaborative environment — this role was made for you.

What You'll Do

As an Application Security Engineer/Analyst, you will be a key contributor to our security posture, working closely with engineering and product teams. Your responsibilities will include:

• Application Security Testing: Conduct web and mobile application security assessments and API security testing. Perform threat modelling, secure code reviews, and attack surface analysis. Support SAST and DAST initiatives.
• Vulnerability Management: Assist in managing the vulnerability lifecycle. Coordinate internal and external security assessments, ensuring proper scoping and timely delivery. Track and report on remediation progress.
• Secure Development Lifecycle (SDLC) Integration: Ensure secure coding practices are followed. Collaborate with developers, testers, and business analysts to provide proactive security guidance during development sprints. Contribute to security frameworks, checklists, and guidelines (aligned with OWASP, NIST, MITRE). Work on DevSecOps testing and protective controls.
• Incident Response Support: Assist in the investigation and resolution of application security incidents. Contribute to post-incident analysis and implement preventative measures.
• Continuous Improvement & Innovation: Stay informed about cybersecurity trends, emerging threats, and attack vectors. Research and contribute to the implementation of innovative security solutions. Identify process improvements to enhance the efficiency and effectiveness of security assessments.

What You'll Bring

Required Experience & Skills

• Minimum 3 years in application security, IT security, or software development with a security focus
• Hands-on experience with penetration testing, vulnerability assessments, and secure code reviews
• Proven experience with SAST, DAST, and threat modelling frameworks
• Practical knowledge of secure software development practices (OWASP Top 10, CWE)
• Hands-on development experience or scripting ability (Python, JavaScript, Bash)
• Strong understanding of web application security, API security, and cloud security concepts (AWS, Azure, or GCP)
• Understanding of DevSecOps principles and CI/CD security integration
• Excellent communication skills with ability to explain complex security concepts to technical and non-technical audiences
• Collaborative mindset with ability to work cross-functionally

Preferred Qualifications

Education

• Bachelor's degree in Computer Science, Information Security, Cybersecurity, Software Engineering, or a related technical field
• Relevant coursework or self-study in application security, cryptography, or secure software development

Additional Experience

• Prior experience working in a development or DevSecOps environment
• Understanding of fintech compliance frameworks (PCI DSS, ISO 27001, SOC 2, GDPR, NDPR)
• Experience with mobile application security testing (iOS, Android)
• Knowledge of MITRE ATT&CK framework or other threat intelligence frameworks
• Participation in bug bounty programs or CTF competitions