SECURITY ENGINEER AT COWRYWISE FINANCIAL TECHNOLOGY LIMITED | ENGINEERING JOBS IN LAGOS

About Company:

Cowrywise Financial Technology Limited is a digital wealth management platform democratizing access to savings and investment products for the underserved but growing Millenials in Africa. Joining us would mean being part of an interdisciplinary team dedicated to a lofty vision of building the next-generation wealth management platform for Africans.

Job Description:

We are seeking a versatile Generalist Security Engineer to join our team. This is a high-impact, "security athlete" role for a professional who thrives on variety. You will move seamlessly between writing risk assessments, conducting penetration tests, performing deep-dive code reviews, and preparing for compliance audits. You will work directly with our engineering, product, risk, and legal teams to protect our platform and our customers' financial assets.

Requirements:

• Application Security (AppSec): Perform security code reviews and penetration testing on web, mobile, and API platforms. Manage the full vulnerability lifecycle (discovery, triage, and remediation) and implement SAST/DAST/SCA tooling in CI/CD pipelines.

• Secure Development: Champion security practices across engineering, maintain secure coding standards, review sensitive PRs, and conduct practical security awareness training.

• Infrastructure & API Security: Harden REST and third-party API integrations (payment gateways/partners). Review cloud configurations (AWS/GCP) for misconfigurations and perform periodic network assessments.

• Fraud Detection: Build, tune, and maintain internal fraud detection rules and logic. Analyze transaction patterns and behavioral signals to proactively identify anomalies and reduce manual triage.

• Governance, Risk, and Compliance (GRC): Manage security policies, standards, and procedures. Lead audit preparation (ISO 27001, PCI DSS, SOC 2, CBN guidelines), conduct vendor security assessments, and manage the risk register.

• Incident Response: Lead investigation, containment, and root cause analysis (RCA) for security incidents. Triage external bug bounty reports.

Qualifications and Skills:

• Experience: 3+ years in security engineering or InfoSec with exposure across multiple security domains.

• Technical Expertise: Strong foundation in AppSec (OWASP Top 10), vulnerability management, and infrastructure/cloud security.

• Compliance & GRC: Solid understanding of risk assessment, policy drafting, and compliance frameworks (e.g., ISO 27001, PCI DSS).

• Fraud & Trust: Experience in fraud detection, transaction monitoring, or Trust & Safety.

• Communication: Exceptional writing skills; ability to produce both high-level policy documents and technical vulnerability reports.

• Collaboration: Proven ability to work across teams and drive alignment in a fast-paced environment.

Salary

Application Closing Date: Not specified

Application Instructions:

Click the button below to apply