Senior Application Security Engineer at Conclase Consulting

Role Description

• The Senior Application Security Engineer will be responsible for designing, implementing, and maintaining robust application security controls across Conclase’s products and client solutions. This full-time, on-site role based in Lagos will work closely with engineering, DevOps, and product teams to embed secure-by-design principles throughout the software development lifecycle (SDLC). Daily responsibilities include performing threat modeling, secure code reviews, security testing
• and application vulnerability assessments, as well as coordinating remediation efforts with development teams. The person in this role will define and maintain application security standards, guidelines, and best practices, and help automate security testing within CI/CD pipelines. Additional tasks include investigating security incidents, mentoring engineers on secure coding practices, collaborating with stakeholders to meet compliance requirements, and contributing to security architecture decisions for new and existing systems.

Qualifications

• Strong experience with application security fundamentals, including secure software design, threat modeling, and common vulnerabilities (e.g., OWASP Top 10).
• Proficiency in secure coding practices in one or more languages used in modern web or mobile applications (such as Java, C#, JavaScript/TypeScript, Python, or similar).
• Hands-on experience with application security testing tools, such as SAST, DAST, SCA, and interactive application security testing, and the ability to interpret and prioritize their findings.
• Experience embedding security into CI/CD pipelines and collaborating closely with DevOps and engineering teams on automation and continuous security testing.
• Knowledge of security testing and code review is a must.
• Ability to test fixes that have been done on applications and provide status update.
• Banking or fintech experience is a must.
• minimum of 5 years experience.
• Familiarity with cloud security concepts and platforms (such as AWS, Azure, or GCP), including identity and access management, secrets management, and secure configuration.
• Knowledge of relevant security frameworks and standards (for example, OWASP SAMM, NIST, ISO 27001, or PCI DSS) and how they apply to application security programs.
• Demonstrated ability to lead security initiatives, influence technical decisions, and mentor other engineers and stakeholders on security best practices.
• Strong analytical and problem-solving skills, with the ability to communicate complex security topics clearly to both technical and non-technical