Senior Application Security Engineer at Chipper Cash

Chipper Cash is the largest mobile cross-border money transfer platform in Africa. We are a passionate team, dedicated to expanding financial inclusion in some of the global regions most in need of accessible, interoperable, easy-to-use, and affordable financial services.

• We are a small team. You will be encouraged to engage in high-level technical decision making, and there will be a lot of room for growth for early hires as the company continues to expand.
• The Chipper team is truly global on a daily basis, you might be interacting with team members in San Francisco, Los Angeles, New York City, London, Accra, Lagos, and Nairobi
• You will not be micromanaged. We have an engineering team culture centered on open-communication, honest feedback, and personal responsibility.

About Our Tech Stack

• Node.js + Typescript service-based architecture
• React Native Android/iOS application
• PostgreSQL application databases
• RabbitMQ for inter-server communication
• Server hosting on Heroku and Google Cloud Platform
• Fully automated CI/CD using Heroku CI and Github
• Application monitoring with Datadog, Logz.io, and Amplitude
• Snowflake for data warehousing and analysis
• Python for in-depth data analysis, transformation, and reporting

What You Will Work On

Security engineering at Chipper spans the full-stack – this role involves gaining an understanding of the technical architecture of the Chipper Platform, continuously examining different attack surfaces, and proactively identifying and implementing security-hardening measures.

Security engineering at Chipper is also a heavily collaborative role. Security is a principle that permeates everything that we work on, and the security engineering team works with a wide variety of other teams in order to spread understanding of potential vulnerabilities and to instill a security-focused mindset within everything we do.

Some examples of responsibilities include:

• Actively participating in project planning, code reviews, and spec reviews, to assist in hardening the design and implementation of a wide variety of projects
• Collaborating with the the data intelligence team to identify new queries, analysis pipelines, ML models, and alerts to be built in order to detect security-relevant activity
• Working with the DevOps team to verify full firewall coverage, and managing internal key storage and access controls
• Integrating with new security software vendors and managing current security-related software integrations
• Orchestrating penetration tests and other security-related accreditations with external firms
• Working with different product teams to harden various 3rd-party API integrations with enhanced connection verification and scheduled credential rotations
• Brainstorming with the design team to create user-facing systems that are secure and easy to use

What You Should Have

The role isn\’t very focused on being an expert on any specific security domain (such as in a specific language or framework or layer of the application stack) – the most important skills are:

• Having an inquisitive, curious, and investigative mindset – thriving at independently reviewing designs and codebases and seeking out potential vulnerabilities
• Broad full-stack technical ability – being able to quickly gain familiarity with different technologies in-use throughout the team in order to competently understand the code and system designs

Great To Have

• Past experience in a role with significant security engineering responsibilities
• Past experience with fintech and early-stage startups
• Leadership interest and/or experience
• Familiarity with our tech stack – Node.js, Typescript, Python, React Native, RabbitMQ, PostgreSQL, Snowflake
• Familiarity with our tool stack – ELK, Datadog, Cloudflare, Heroku, AWS, GCP, Retool