Junior Security Engineer

We're looking for a keen junior security engineer who's independent, excited about getting things done, and ready to hit the ground running. You'll primarily be responsible for helping us monitor, tweak, and write new alerts. Secondary responsibilities will include helping product teams patch security holes, or working on smaller projects with the senior Engineers. Our customers trust us with their money, and you'll be at the forefront of making sure we retain that trust!

The role is ideal for a security professional who enjoys writing code and is interested in hands-on programming as part of their day-to-day work, or for a junior SWE who recently transitioned into security engineering.

Our to-do list changes constantly, but here are some recent projects and activities:

• Centralise application-level login and permissions enforcement
• Configure and utilise external SIEM solutions to monitor our infrastructure
• Help us increase our posture around secret management
• Security review of our public-facing APIs
• Partner with teams across Wave to define secure guardrails, supporting investigations and incident response
• Work with our IT Team to fix any non-conformities found during audits by central banks and ISO certification

Our stack (prior experience is a strong plus, but not required):

• backend: Python 3 (+ mypy)
• API layer: GraphQL
• android frontend: Kotlin/Jetpack
• iOS frontend: Swift/SwiftUI
• web frontend: TypeScript/React
• database: Postgres/CockroachDB
• infrastructure: GCP/Terraform
• orchestration: Kubernetes, We move as fast as possible. Speed matters. It lets us try things quickly, get feedback early, and course-correct while it's cheap. So we write small PRs. We aim for MVPs. We leave TODOs and file follow-ups. We don't over-perfect v1. That said, we're building a financial product. Some things-like money movement, correctness, or security-deserve more caution.

• Minimum of 3 years of professional experience with a minimum of 2 years of it spent in a security-related role.

• Strong Experience with Python.

• Fluent English.

• Are excited about finding the right balance between security and velocity.

• Push through hard problems without giving up.

• Have experience remediating non-conformities.

• Are excited to work on lots of different security-related work, from audits to code refactors.

• Work to make things easier for the next engineer who will touch your code.

• Always try to improve as a programmer and colleague.

• Are interested in penetration testing or have experience in the field already.

• This is a fully remote role. Candidates must be based in one of our talent hub countries (UK, Spain, Kenya and Ghana) or in one of our operating markets in Africa including Senegal, Côte d'Ivoire, or Burkina Faso.
• Wave provides a yearly $1,200 stipend to support coworking meetups with teammates.
• Remote team members are expected to travel to our operational markets (e.g. Senegal or Côte d'Ivoire) at least once a year. Exceptions apply, but we've found this key to understanding our users and product.
• We run performance reviews twice a year and award bonuses or promotions to strong performers who have been with the company for more than six months.
• Our salaries are competitive and are calculated using a transparent formula. For this role, depending on your level and location, we offer a salary of up to $95,100 USD, plus a generous equity package.
• Major benefits:

• Subsidized health insurance for you and your dependents and retirement contributions (both vary from country to country).
• 6 months of fully paid parental leave and subsidized fertility assistance.
• Flexible vacation, with most folks taking between 21-30 days exclusive of statutory holidays.
• $10,000 annual charitable donation matching.

Wave, is now the largest financial institution in Senegal, with over 7 million users. And, we're still in the early days of our product roadmap and potential impact on people's everyday lives.