Application Security Engineer

We're looking for an experienced security engineer who's independent, excited about getting things done, and ready to hit the ground running. You'll primarily be responsible for our application security, working with our product teams to work on new systems to enhance our security posture. Our customers trust us with their money, and you'll be at the forefront of making sure we retain that trust!

This broadly scoped role will allow you to get your hands on many different types of security projects, from direct application security to helping our infrastructure team think about security for our databases.

Some experience with common industry certifications like ISO-27001 and PCI-DSS would be beneficial, although you won't be expected to run or oversee audits.

Our to-do list changes constantly, but here are some recent projects and activities:

• Centralise application-level login and permissions enforcement
• Configure and utilise external SIEM solutions to monitor our infrastructure
• Help us increase our posture around secret management
• Security review of our public-facing APIs
• Partner with teams across Wave to define secure guardrails, supporting investigations and incident response
• Work with our IT Team to fix any non-conformities found during audits by central banks and ISO certification

Our stack (prior experience is a strong plus, but not required):

• backend: Python 3 (+ mypy)
• API layer: GraphQL
• android frontend: Kotlin/Jetpack
• iOS frontend: Swift/SwiftUI
• web frontend: TypeScript/React
• database: Postgres/CockroachDB
• infrastructure: GCP/Terraform
• orchestration: Kubernetes, We move as fast as possible. Speed matters. It lets us try things quickly, get feedback early, and course-correct while it's cheap. So we write small PRs. We aim for MVPs. We leave TODOs and file follow-ups. We don't over-perfect v1. That said, we're building a financial product. Some things-like money movement, correctness, or security-deserve more caution.

• Minimum of 5 years of professional experience with a minimum of 2 years of it spent in a security-related role.

• Strong Experience with Python.

• Fluent English.

• Are excited about finding the right balance between security and velocity.

• Push through hard problems without giving up.

• Have experience remediating non-conformities.

• Enjoy helping other engineers understand and implement secure patterns.

• Are not afraid to take on complicated systems.

• Are excited to work on lots of different security-related work, from audits to code refactors.

• Work to make things easier for the next engineer who will touch your code.

• Always try to improve as a programmer and colleague.

• Are interested in security-focused source code review and penetration testing.

• Have an interest in growing and mentoring a team.

• This is a fully remote role. Candidates must be based in one of our talent hub countries (UK, Spain, Kenya and Ghana) or in one of our operating markets in Africa including Senegal, Côte d'Ivoire, or Burkina Faso.
• Wave provides a yearly $1,200 stipend to support coworking meetups with teammates.
• Remote team members are expected to travel to our operational markets (e.g. Senegal or Côte d'Ivoire) at least once a year. Exceptions apply, but we've found this key to understanding our users and product.
• We run performance reviews twice a year and award bonuses or promotions to strong performers who have been with the company for more than six months.
• Our salaries are competitive and are calculated using a transparent formula. For this role, depending on your level and location, we offer a salary of up to $152,100 USD, plus a generous equity package.
• Major benefits:

• Subsidized health insurance for you and your dependents and retirement contributions (both vary from country to country).
• 6 months of fully paid parental leave and subsidized fertility assistance.
• Flexible vacation, with most folks taking between 21-30 days exclusive of statutory holidays.
• $10,000 annual charitable donation matching.

Wave, is now the largest financial institution in Senegal, with over 7 million users. And, we're still in the early days of our product roadmap and potential impact on people's everyday lives.