Senior Application Security Engineer at Moniepoint Inc.

Job Summary

• As a Senior Security Engineer, you will champion secure innovation by embedding security into the fabric of our software development lifecycle.
• You'll partner closely with engineering teams to safeguard customer trust while they build cutting-edge services.
• Your expertise will directly shape secure design through threat modeling and code review, drive efficiency via security automation, and mentor developers to elevate our collective security posture.
• The ideal candidate is a technical leader who blends deep security expertise with exceptional influence.
• You possess broad security knowledge anchored by specialization in critical areas, and excel at translating complex risks into actionable insights for both engineers and executives.
• Your strength lies in harmonizing diverse perspectives, strategically prioritizing risks, and guiding partners to implement resilient, secure solutions that balance speed and safety.

Key Responsibilities
Security Strategy & Leadership:

• Define and execute security strategy for product teams, aligning with business objectives.
• Lead threat modeling, security architecture reviews, and design guidance for diverse software projects.
• Mentor engineers technically and professionally, fostering a culture of security excellence.

Advanced Technical Execution:

• Conduct adversarial security analysis using automated tools and manual techniques (e.g., custom exploit development).
• Perform manual/automated secure code reviews across Java, Python, JavaScript, and cloud-native stacks.
• Develop security automation tools to scale vulnerability detection (SAST/DAST/IAST enhancements).

Risk Mitigation & Innovation:

• Identify complex risks through offensive security research; advocate for cutting-edge mitigation technologies.
• Solve novel security problems lacking predefined solutions (e.g., zero-day vulnerabilities, emergent attack vectors).
• Maintain and evolve threat models for critical applications and microservices architectures.

Collaboration & Enablement:

• Partner with the engineering team to embed security controls into CI/CD pipelines and development practices.
• Design/deliver security training programs tailored to development teams and business stakeholders.
• Lead incident response for application security events and drive root-cause analysis.

Qualifications
Required

• 5+ years in application security, including 2+ years in a senior / lead role.
• Expertise in threat modeling (e.g., STRIDE, PASTA), penetration testing, and secure SDLC implementation.Proficiency in code review for Java/Python/JavaScript and cloud platforms (AWS/Azure/GCP).
• Hands-on experience building security tools (e.g., scanners, CI plugins) with Python/Go.
• Proven track record in security architecture design and risk-based decision-making.

Preferred:

• OSCP, OSCE, GXPN, or similar offensive security certifications.
• Contributions to security tooling/open-source projects.
• Experience with container security (Kubernetes, Docker), serverless, or infrastructure-as-code.

Skills:

• Leadership: Ability to define team strategy, mentor engineers, and influence stakeholders.
• Innovation: Aptitude for researching/implementing novel solutions to ambiguous security challenges.
• Technical Depth: Mastery of application security frameworks (OWASP, NIST) and exploit techniques.
• Communication: Translate technical risks to business impact for executives and engineers alike.
• Execution: Drive implementation of security controls.