Application Security Engineer

Title: Application Security Engineer

Location: Ghana; Kenya; Spain; United Kingdom United States

Job Description:

How you'll help us achieve it

Wave is now the largest financial institution in Senegal, with over 7 million users. And, we're still in the early days of our product roadmap and potential impact on people's everyday lives.

We're looking for an experienced security engineer who's independent, excited about getting things done, and ready to hit the ground running. You'll primarily be responsible for our application security, working with our product teams to work on new systems to enhance our security posture. Our customers trust us with their money, and you'll be at the forefront of making sure we retain that trust!

This broadly scoped role will allow you to get your hands on many different types of security projects, from direct application security to helping our infrastructure team think about security for our databases.

Some experience with common industry certifications like ISO-27001 and PCI-DSS would be beneficial, although you won't be expected to run or oversee audits.

Our to-do list changes constantly, but here are some recent projects and activities:

• Centralise application-level login and permissions enforcement
• Configure and utilise external SIEM solutions to monitor our infrastructure
• Help us increase our posture around secret management
• Security review of our public-facing APIs
• Partner with teams across Wave to define secure guardrails, supporting investigations and incident response
• Work with our IT Team to fix any non-conformities found during audits by central banks and ISO certification

Our stack (prior experience is a strong plus, but not required):

• backend: Python 3 (+ mypy)
• API layer: GraphQL
• android frontend: Kotlin/Jetpack
• iOS frontend: Swift/SwiftUI
• web frontend: TypeScript/React
• database: Postgres/CockroachDB
• infrastructure: GCP/Terraform
• orchestration: Kubernetes

Key Details

• This is a fully remote role. Candidates must be based in one of our talent hub countries (UK, Spain, Kenya and Ghana) or in one of our operating markets in Africa including Senegal, Côte d'Ivoire, or Burkina Faso.
• Wave provides a yearly $1,200 stipend to support coworking meetups with teammates.
• Remote team members are expected to travel to our operational markets (e.g. Senegal or Côte d'Ivoire) at least once a year. Exceptions apply, but we've found this key to understanding our users and product.
• We run performance reviews twice a year and award bonuses or promotions to strong performers who have been with the company for more than six months.
• Our salaries are competitive and are calculated using a transparent formula. For this role, depending on your level and location, we offer a salary of up to $152,100 USD, plus a generous equity package.
• Major benefits:
• Subsidized health insurance for you and your dependents and retirement contributions (both vary from country to country).
• 6 months of fully paid parental leave and subsidized fertility assistance.
• Flexible vacation, with most folks taking between 21-30 days exclusive of statutory holidays.
• $10,000 annual charitable donation matching.

Requirements

• Minimum of 5 years of professional experience with a minimum of 2 years of it spent in a security-related role.
• Strong Experience with Python.
• Fluent English.

You might be a good fit if you

• Are excited about finding the right balance between security and velocity.
• Push through hard problems without giving up.
• Have experience remediating non-conformities.
• Enjoy helping other engineers understand and implement secure patterns.
• Are not afraid to take on complicated systems.
• Are excited to work on lots of different security-related work, from audits to code refactors.
• Work to make things easier for the next engineer who will touch your code.
• Always try to improve as a programmer and colleague.
• Are interested in security-focused source code review and penetration testing.
• Have an interest in growing and mentoring a team.

About engineering at Wave

We care about the big picture. We don't hire engineers to just ship tickets. We hire them to solve problems. That means caring deeply about outcomes, understanding context, and jumping in wherever something's broken, even if it's technically "not your area." When we see problems, inefficiencies, or opportunities to make something better, we act. We dig into operational issues, clarify fuzzy product specs, or step into unfamiliar code to help unblock teammates.

We move as fast as possible. Speed matters. It lets us try things quickly, get feedback early, and course-correct while it's cheap. So we write small PRs. We aim for MVPs. We leave TODOs and file follow-ups. We don't over-perfect v1. That said, we're building a financial product. Some things-like money movement, correctness, or security-deserve more caution.

We like boring technology. We favor tools that are reliable, well-understood, and easy to debug. This keeps us focused on solving meaningful problems instead of wrestling with unpredictable infrastructure. If a new technology helps us move faster, build safer, or solve a real need, we'll consider it. But we don't adopt tools just because they're new-we adopt them because they're right.

Simplicity is a strategy. It lets us focus our energy where it matters most: serving our users.

#LI-DH1 #LI-REMOTE