Purpose of the job:

As an Application Security Engineer at VALR, your primary purpose is to fortify our Java/Kotlin, Node.js, and React Native applications against potential security risks. You will ensure the robustness of our platform and safeguard our users’ sensitive information. You will collaborate closely with developers, product managers, and security operations to embed security measures into every stage of the development lifecycle.

You’ll be the go-to person for all things related to securing our applications. Your role isn’t just about spotting and fixing bugs; it’s about taking a holistic view of our security landscape and refining how we build our software to make it safer. You’ll lead the charge, embedding security into the fabric of our development process and ensuring our team is empowered to build security into our products from the ground up.

While you will lead the application security domain, you’ll also draw on the collective knowledge and effort of the team, blending individual responsibility with shared goals. We’re building a strong security program, and your role in app sec is crucial, requiring a balance of independent action and collaborative spirit. We’re looking for someone who is energised and slightly terrified by the responsibility of securing a growing crypto exchange.

What will you be doing:

The following is an overview of the distinct parts of our application security program. You will be expected to familiarise yourself with our current setup and then thoughtfully adapt and enhance these areas, drawing on your expertise and understanding of our environment.

  • Penetration Testing: Perform detailed security evaluations of applications developed in Java/Kotlin, Node.js, and React Native. This includes static code analysis, dynamic application security testing (DAST), and hands-on penetration testing to uncover vulnerabilities.
  • DevOps and Security Automation: Oversee the automated scanning processes, ensuring they are executed correctly and are continuously improved to meet evolving security needs.
  • Knowledge Sharing: Work closely with the development teams to embed security practices within their workflows, assisting in the timely resolution of security issues.
  • Threat Modeling: Analyse and anticipate potential threats to system security, developing strategies to mitigate these risks effectively.
  • Secure Code Review: Examine and rectify security weaknesses in code while educating developers on best practices in secure coding.
  • Security Integration and Standardization: Tailor and enforce security protocols and standards, aligning them with the specific needs of our development lifecycle.
  • Cybersecurity Awareness: Stay abreast of the latest trends and threats in application security through platforms like Twitter, and refine our security strategies proactively.
  • Continuous Learning and Development: Enhance our security posture by creating new tools, processes, and methods, contributing to the advancement of our overall security framework.
  • Effective Communication: Produce clear and concise output detailing security assessments and recommendations, facilitating understanding and action. This includes keeping internal vulnerability trackers updated and clearly explaining findings to technical audiences.

    What we look for in you

    Hard skills don’t matter as much as passion and willingness to learn. However, as this isn’t a junior position, we are expecting a base level of proficiency in specific skills directly related to the job:

    • At least three (3) years of experience in an Application Security Engineer position or a comparable role, demonstrating a track record of practical security expertise and successful vulnerability management.
    • Proficient in performing penetration testing to identify and rectify vulnerabilities.
    • A solid understanding of web and mobile application security principles and best practices, including knowledge of common threats and methods to mitigate them effectively.
    • Experience configuring and operating automated security tools (SAST, DAST, etc).
    • Humility and pragmatism when dealing with internal teams.

    What can you expect from VALR:

    • Competitive salary: Get paid well to work in an exciting industry.
    • Leave: Compliance with statutory leave required by individual countries, in addition to flexible leave.
    • Remote work: Work from wherever you like. Employees must ensure that there is secure, stable internet connectivity to work effectively remotely.
    • Home office setup: Mac laptop and a discretionary allowance to buy all the extras needed to work happily from home – all of it yours to keep after 3 years. Terms and Conditions will apply.
    • Learning fund: An annual upskilling budget of R16,000 per employee, which will be converted to the respective currency of the employee’s payment, in addition to scheduled VALR training.
    • Performance bonus: When you contribute to VALR’s success, you’ll be rewarded with discretionary bonuses.
    • Regular get-togethers outside of work.
    • Annual company retreats.