
Moniepoint · Remote
WHO WE ARE Moniepoint Inc. is Africa’s all-in-one financial platform, helping 20 million businesses and individuals access seamless payments, banking, credit, ...
Moniepoint Inc. is Africa’s all-in-one financial platform, helping 20 million businesses and individuals access seamless payments,
banking, credit, cross-border, and business management tools each month.
As Nigeria’s largest merchant acquirer, we power most of the country’s point-of-sale (POS) transactions. Through our subsidiaries,
Moniepoint Inc. processes over $250 billion in digital payment transaction value annually.
Moniepoint is seeking a passionate Application Security Engineer to drive security across our services and development pipelines.
In this role, you’ll champion security best practices, embed application security into the product lifecycles, and empower
engineering teams to build and release safe products
outset.
design reviews.
vulnerabilities at the source.
for security issues.
integrations) for consistent use across engineering teams.
platforms, and release cycles.
feedback loops across teams.
security improvements.
influence.
What we can offer you
carry weight and where all voices are heard. We value and respect each other and always look out for one another. Above all, we
are human.
internal technical talks.
other benefits.
What to expect in the hiring process
WHO WE ARE Moniepoint Inc. is Africa’s all-in-one financial platform, helping 20 million businesses and individuals access seamless payments, banking, credit, cross-border, and business management tools each month. As Nigeria’s largest merchant acquirer, we power most of the country’s point-of-sale (POS) transactions. Through our subsidiaries, Moniepoint Inc. processes over $250 billion in digital payment transaction value annually. ABOUT THE ROLE As a Senior Application Security Engineer, you will champion secure innovation by embedding security into the fabric of our software development lifecycle. You'll partner closely with engineering teams to safeguard customer trust while they build cutting-edge services. Your expertise will directly shape secure design through threat modeling and code review, drive efficiency via security automation, and mentor developers to elevate our collective security posture. The ideal candidate is a technical leader who blends deep security expertise with exceptional influence. You possess broad security knowledge anchored by specialization in critical areas, and excel at translating complex risks into actionable insights for both engineers and executives. Your strength lies in harmonizing diverse perspectives, strategically prioritizing risks, and guiding partners to implement resilient, secure solutions that balance speed and safety. KEY RESPONSIBILITIES Security Strategy & Leadership * Define and execute security strategy for product teams, aligning with business objectives. * Lead threat modeling, security architecture reviews, and design guidance for diverse software projects. * Mentor engineers technically and professionally, fostering a culture of security excellence. Advanced Technical Execution * Conduct adversarial security analysis using automated tools and manual techniques (e.g., custom exploit development). * Perform manual/automated secure code reviews across Java, Python, JavaScript, and cloud-native stacks. * Develop security automation tools to scale vulnerability detection (SAST/DAST/IAST enhancements). RISK MITIGATION & INNOVATION * Identify complex risks through offensive security research; advocate for cutting-edge mitigation technologies. * Solve novel security problems lacking predefined solutions (e.g., zero-day vulnerabilities, emergent attack vectors). * Maintain and evolve threat models for critical applications and microservices architectures. Collaboration & Enablement * Partner with the engineering team to embed security controls into CI/CD pipelines and development practices. * Design/deliver security training programs tailored to development teams and business stakeholders. * Lead incident response for application security events and drive root-cause analysis. Qualifications Required * 5+ years in application security, including 2+ years in a senior/lead role. * Expertise in threat modeling (e.g., STRIDE, PASTA), penetration testing, and secure SDLC implementation.Proficiency in code review for Java/Python/JavaScript and cloud platforms (AWS/Azure/GCP). * Hands-on experience building security tools (e.g., scanners, CI plugins) with Python/Go. * Proven track record in security architecture design and risk-based decision-making. Preferred * OSCP, OSCE, GXPN, or similar offensive security certifications. * Contributions to security tooling/open-source projects. * Experience with container security (Kubernetes, Docker), serverless, or infrastructure-as-code. Skills * Leadership: Ability to define team strategy, mentor engineers, and influence stakeholders. * Innovation: Aptitude for researching/implementing novel solutions to ambiguous security challenges. * Technical Depth: Mastery of application security frameworks (OWASP, NIST) and exploit techniques. * Communication: Translate technical risks to business impact for executives and engineers alike. * Execution: Drive implementation of security controls What we can offer you * Culture -We put our people first and prioritize the well-being of every team member. We’ve built a company where all opinions carry weight and where all voices are heard. We value and respect each other and always look out for one another. Above all, we are human. * Learning - We have a learning and development-focused environment with an emphasis on knowledge sharing, training, and regular internal technical talks. * Compensation - You’ll receive an attractive salary, pension, health insurance,, Employee Stock Options, annual bonus, plus other benefits. What to expect in the hiring process * Preliminary phone call with the recruiter * Take home assessment * Technical interview with a Lead in our Engineering Team * Behavioural and technical interview with a member of the Executive team.
TL;DR We are seeking an Application Security Engineer to champion security across our entire development lifecycle. You’ll play a pivotal role in reviewing code, designing secure features, and mentoring engineers, ensuring security is at the heart of everything we build. If you’re passionate about application security, thrive on close collaboration with developers, and want to do the work of your life, this is your opportunity WHY LOVABLE? Lovable lets anyone and everyone build software with any language. From solopreneurs to Fortune 100 teams, millions of people use Lovable to transform raw ideas into real products - fast. We are at the forefront of a foundational shift in software creation, which means you have an unprecedented opportunity to change the way the digital world works. Lovable-built applications and websites are visited hundreds of millions of times a month, and our enterprise footprint is compounding fast. And we’re just getting started. We’re a small, talent-dense team building a generation-defining company from Stockholm. We value extreme ownership, high velocity, and low-ego collaboration. We seek out people who care deeply, ship fast, and are eager to make a dent in the world. WHAT YOU’LL BRING * 5+ years of experience in application security, securing cloud-native environments at product-focused tech companies, high-growth startups, or leading AI labs. * Strong programming and engineering skills. * Deep expertise in application security: secure code review, threat modeling, SAST/DAST, supply chain security, product patching, and vulnerability management. * Strong background in securing engineering infrastructure: CI/CD pipelines, secrets management, service-to-service authentication, containerized workloads, and public cloud platforms. * Hands-on experience collaborating with developers to design and implement security features and best practices. * Passion for educating and mentoring engineers on secure coding, vulnerability remediation, and emerging threats. * Systems mindset: comfortable reading and contributing to codebases, building security tooling, and integrating security into engineering workflows. * Bonus: Experience building internal security tools or contributing to open-source security projects. WHAT YOU’LL DO * Conduct secure code reviews, threat modeling, and architecture assessments to identify and mitigate vulnerabilities early. * Work closely with engineering teams to design and implement security features, provide actionable feedback, and ensure security is embedded in product development. * Lead security training, workshops, and 1:1 mentoring to upskill developers and foster a security-first culture. * Integrate SAST/DAST and supply chain security tools into our CI/CD pipelines for continuous, automated protection. * Detect, triage, and respond to application vulnerabilities and incidents, driving remediation and continuous improvement. * Monitor and address emerging risks in AI infrastructure, LLM pipelines, and third-party dependencies. * Secure the last piece of software. OUR TECH STACK * Frontend: React and Typescript * Backend: Golang and Rust * Cloud: Cloudflare, Google Cloud, AWS, Terraform * DevOps & Tooling: CI/CD pipelines, observability, infrastructure-as-code And always exploring what’s next. HOW TO APPLY * Please submit your application in English—our working language at Lovable. * We’re committed to fair and equal treatment for all candidates. If you’re interested, apply via our careers portal
Thought Machine's mission is bold – to properly and permanently rid the world's banks of legacy technology. To achieve this, we have developed the foundations of modern banking through core and payments technology which run natively in the cloud. What we are attempting is hard and means we need great people working together to build great technology. We have grown rapidly in the past few years – growing our team to more than 550 individuals across offices in London, New York, Singapore, Sydney and our newly established Engineering Hub in Lisbon. We have raised more than £500m in funding and our investors include Molten Ventures, Eurazeo, Intesa Sanpaolo, Temasek, Nyca Partners, JPMorgan Chase Strategic Investments, Standard Chartered Ventures, and more. We have created a culture that enables our team to produce the best work in the industry while ensuring we have fun along the way. We're regularly cited as having a fantastic workplace culture and have been recognised by Sifted magazine as having one of the highest Glassdoor ratings for a UK fintech company and the industry's most generous employee share package. Named one of the world's most innovative fintechs by Global Finance Magazine, we were also recognised by the Financial Times as one of Europe's fastest-growing companies for two consecutive years—and a UK Best Employer for 2026. This is a full-time, permanent position based in our Lisbon office, requiring four days a week onsite. This position plays a key role in ensuring Thought Machine teams are taking all required steps in building a secure product set. You will play a major and leading role in protecting Thought Machine product against security risks, with influence to implement cutting-edge measures to minimise exposures and vulnerabilities. Whether engineering a system to address a technical security hurdle, protecting our customers' data, or consulting on a wide range of security topics, you are empowered to engage and lead cross-functionally. A large part of Thought Machine product security function is a greenfield challenge, we are building the bank of tomorrow with cutting edge web technology, no best-practice/of the shelve security frameworks or tools can solve our security challenge. We are building the best security to enable engineering and impress financial service auditors. Key qualities of the ideal candidate would have experience in OWASP top 10 vulns, devsecOps, data privacy protection, passion to mentor and enable devs, creativity, autonomy, ability to work and complete multiple projects simultaneously. DUTIES * Drive improvements to Thought Machines product security posture through strategic planning and collaboration with both development and infrastructure teams, with trust, autonomy and influence. * Produce production web scale grade application security design. * Review and produce data privacy and financial regulatory functional and nonfunctional designs. * Perform design reviews and Threat modeling of Thought Machine services and products. * Perform vulnerability assessments and security testing. * Providing subject matter expertise on all areas of security and privacy throughout the Software Development lifecycle. * Liaison with development teams for design, code reviews & education. * To contribute to security strategy, security tooling selection and creation. * Conduct regular security assessments and code reviews. REQUIREMENTS Essential * Expertise with a programming language (e.g. Python, Go or Java) * Experience of security in a DevOps environment * Experience in web application penetration testing and security tooling (e.g. Burp proxy, Web/Network Scanners, Static code analysers, etc). * Coding experience for automating/integrating security tools and creation of security tools. * Knowledge of security in distributed systems at scale. * Cloud and containers technology knowledge (e.g. AWS, GCP, Kuberbetes, Docker) * Experience of performing security design reviews, threat modelling and risk assessments * Knowledge of application security issues Desirable * Professional security qualifications are desirable (e.g. CISSP, Offensive Security, Sans Institute, etc.) * Contributions to the security community (public research, blogging, presentations, etc) * Awareness and experience of the Data Protection Act, ISO 27001 and PCI-DSS Benefits * Highly competitive salary * Voluntary Pension Plan (match up to 5%) * Private Healthcare Insurance * Comprehensive Life Insurance * 25 days holiday plus public holidays * Two charity days a year * Daily Meal Allowance * Access to outstanding learning materials and courses * Sports and hobby clubs, subsidised by Thought Machine * All the latest tech you need * Huge range of healthy (and not-so-healthy) snacks, smoothies and drinks * A talented and experienced team as your colleagues * An environment where we encourage learning and progress We actively hire candidates who demonstrate technical excellence in their field and welcome people of all ages and backgrounds, providing everyone with equal access to professional development. You are encouraged to apply even if your experience doesn't accurately match the job description. We also encourage applications from those with different abilities, including candidates with ADHD, autism, dyslexia or dyspraxia.