Senior Application Security Engineer

Paystack’s mission is to accelerate digital payments on the continent of Africa. Over 200K of some of the most renowned businesses in Nigeria, as well as a growing number of merchants in South Africa, Ghana, and Kenya use Paystack’s modern payments gateway. They include the likes of Qatar Airways, MTN, Burger King, UPS, AXA Mansard Insurance, FilmHouse Cinemas, Smile Communications, Air Peace Airlines, Crocs, Under Armour, Richemont Lifestyle Group (RLG), and many others.

In just over 10 years, our growing team has introduced a steady cadence of innovation within the online payments landscape, such as automated recurring payments, the ability for customers to pay directly from their bank accounts, automated chargebacks, and much more. We’ve been acquired by Stripe and are doubling down on the mission to help build out Africa’s payments infrastructure.

Paystack builds technology to help Africa’s best businesses grow - from new startups, to market leaders launching new business models. We make it easy for businesses to accept secure payments from multiple local and global payment channels, and then we provide tools to help you retain existing customers, and acquire new ones.

We're looking for a Senior Application Security Engineer to join our Information Security Team. This is your chance to play a critical role in securing Paystack's rapidly growing fintech platform and ensuring that our customers' trust remains unwavering.

You'll work closely with our Engineering, DevOps, and Product teams to safeguard our applications from design to deployment. From penetration testing and vulnerability management to building a culture of secure development, you'll be the expert who ensures security is embedded into everything we build.

If you're passionate about protecting systems, love a technical challenge, and thrive in a fast-paced, collaborative environment — this role was made for you.

As an Application Security Engineer/Analyst, you will be a key contributor to our security posture, working closely with engineering and product teams. Your responsibilities will include:

• →Application Security Testing: Conduct web and mobile application security assessments and API security testing. Perform threat modelling, secure code reviews, and attack surface analysis. Support SAST and DAST initiatives.
• →Vulnerability Management: Assist in managing the vulnerability lifecycle. Coordinate internal and external security assessments, ensuring proper scoping and timely delivery. Track and report on remediation progress.
• →Secure Development Lifecycle (SDLC) Integration: Ensure secure coding practices are followed. Collaborate with developers, testers, and business analysts to provide proactive security guidance during development sprints. Contribute to security frameworks, checklists, and guidelines (aligned with OWASP, NIST, MITRE). Work on DevSecOps testing and protective controls.
• →Incident Response Support: Assist in the investigation and resolution of application security incidents. Contribute to post-incident analysis and implement preventative measures.
• →Continuous Improvement & Innovation: Stay informed about cybersecurity trends, emerging threats, and attack vectors. Research and contribute to the implementation of innovative security solutions. Identify process improvements to enhance the efficiency and effectiveness of security assessments.

• Minimum 3 years in application security, IT security, or software development with a security focus
• Hands-on experience with penetration testing, vulnerability assessments, and secure code reviews
• Proven experience with SAST, DAST, and threat modelling frameworks
• Practical knowledge of secure software development practices (OWASP Top 10, CWE)
• Hands-on development experience or scripting ability (Python, JavaScript, Bash)
• Strong understanding of web application security, API security, and cloud security concepts (AWS, Azure, or GCP)
• Understanding of DevSecOps principles and CI/CD security integration
• Excellent communication skills with ability to explain complex security concepts to technical and non-technical audiences
• Collaborative mindset with ability to work cross-functionally

• Bachelor's degree in Computer Science, Information Security, Cybersecurity, Software Engineering, or a related technical field
• Relevant coursework or self-study in application security, cryptography, or secure software development

• Prior experience working in a development or DevSecOps environment
• Understanding of fintech compliance frameworks (PCI DSS, ISO 27001, SOC 2, GDPR, NDPR)
• Experience with mobile application security testing (iOS, Android)
• Knowledge of MITRE ATT&CK framework or other threat intelligence frameworks
• Participation in bug bounty programs or CTF competitions

• OSCP (Offensive Security Certified Professional)
• CEH (Certified Ethical Hacker)
• CISSP (Certified Information Systems Security Professional)