Senior Application Security Engineer at Moniepoint Inc.

About the role

• We are seeking a passionate Application Security Engineer to drive security across our services and development pipelines.
• In this role, you’ll champion security best practices, embed application security into the product lifecycles, and empower engineering teams to build and release safe products.

Key Responsibilities

• Act as a Security Champion across product teams, influencing design and engineering decisions to prioritize security from the outset.
• Design solutions that are Secure by Design, integrating threat modeling and security requirements into feature architecture and design reviews.
• Promote and enforce Secure Coding standards through CI/CD automation, peer reviews, and development training to reduce vulnerabilities at the source.
• Lead Vulnerability Management & Remediation, overseeing identification, risk-based triage, and tracking of remediation efforts for security issues.
• Develop and maintain standard security packages (e.g., secure configuration baselines, code templates, CI/CD security integrations) for consistent use across engineering teams.
• Conduct and support Penetration Testing, both hands-on and automated to uncover vulnerabilities throughout environments, platforms, and release cycles.
• Enable continuous improvement through Collaboration & Enablement, delivering security knowledge transfer, best practices, and feedback loops across teams.

Requirements

• 5+ years of hands-on experience in application security (AppSec), DevSecOps, or similar roles.
• Software engineer with a keen interest in Security.
• At least 2 years of experience working in an engineering team a plus
• Deep understanding of secure software development lifecycle (SDLC) and first-principles of secure-by-design engineering.
• Skilled in security scanning tools (e.g., SAST, DAST, SCA), incident and remediation workflows, and security automation.
• Proficiency in reading and writing code for Java/Python/JavaScript and cloud platforms (AWS/Azure/GCP)
• Proven experience with pentesting or red-team engagements, identifying and exploiting application-level vulnerabilities.
• Excellent communication skills, you're able to translate technical risks into actionable steps and help engineers incorporate security improvements.
• Comfortable building trust as a security mentor and champion, raising security maturity across teams with patience and influence.
• Contributions to security tooling/open-source projects.
• OSCP, OSCE, GXPN, or similar offensive security certifications a plus
• Experience with container sec.