Application Security Engineer



Cape Town, South Africa
Posted on Monday, December 11, 2023
Who We Are

Yoco was founded in 2015 and now processes over US$2 billion annually. We’re the payments provider for over 200 000 self-employed, and opening commerce for all. We’re breaking down barriers and unlocking economic opportunities that enable people to thrive.

We have over 350 team members globally, operating across international markets, all with a bias for boldness, and a passion for simple, progressive solutions. We believe in uniting different people to solve hard problems together.

Our mission of making society more equal takes a variety of people, with different backgrounds and points of view, so we can keep building solutions that work for and include everyone.

Yoco is growing, and as we grow we have compelling challenges ahead of us.

Growing means we’re enabling more self-employed people and businesses to thrive every day. It also means that ambitious problem-solvers with big ideas are challenged, stimulated and will thrive at Yoco.

We don’t stop pushing, we break things to rebuild, we challenge ourselves and each other. We’re constantly evolving — and we’re doing it fast.

Grow With Us.

About The Security Team

The security team at Yoco forms part of our rapidly growing Cloud Engineering & ICT function and is responsible for infrastructure, cloud, platform, application and security operations. Working closely with the DevOps team, other foundation teams, our IT team and product delivery teams ensure that our external, internal systems and APIs are following best practices when it comes to security and remain secure. Similarly to the other teams which make up the function, one of the Security team’s key goals is to enable and contribute to a solid foundation on which all our products and services can be built upon. The teams strive to not be blockers and provide as much autonomy as possible to the areas they support and work alongside.

About The Role

The Application Security Engineer role is a technical position primarily tasked with managing our Application Security Posture. It is critical to the long-term success of Yoco in enabling people to make payments across our market segments in a secure manner. Our users trust us with some of their most sensitive information, and Yoco takes customer security as a priority.

AppSec Engineers are responsible for the continuous assessment of our systems, and recommend or provide solutions to address current and future threats relating to our application security. Importantly, this role will engage closely with the teams within our engineering environment and make recommendations on security controls, frameworks, tooling and secure coding best practice.

Security concerns are ever-evolving, making the security team an extremely dynamic environment to work in.

What You Will Be Doing

  • You'll be helping to develop new features as well as securing existing ones
  • Secure and harden our external and internal facing applications
  • Review and make recommendations on areas not limited to but including secrets management, encryption, customer security and CI/CD pipelines
  • Work closely with third-party security and auditing firms and help implement and recommend security controls to the rest of engineering
  • Perform product security reviews on existing and new features being built by Yoco
  • Ensure identified security risks are remediated in line with internal SLA and industry best practice
  • Assist with improving the overall security posture of Yoco

About You

  • At least 2 years of full-time offensive security experience
  • Experience with offensive security techniques and knowledge of how to defend against them
  • Experience with threat modelling, secure coding, authentication, cryptography and network security
  • Strong communication and teamwork skills, you should be able to guide others in the engineering organisation through security best practices and exercises
  • A keen interest in application security and an understanding of how application security vectors can translate to monetary loss
  • Experience with CI/CD tooling & dependency management as it relates to security


  • OSCP

The People We’re Looking For

We’re looking for people who want to grow. And as Yoco grows we hope they stay with us, long term

Building things that make society more equal is a daunting task. And it’s not for everyone. We never stop pushing, we break things to rebuild, and we challenge ourselves and our teammates. We start over, we constantly evolve — and we do it fast. We know that it’s just the right kind of meaningful madness for our kind of visionary human.

So, who are you? You’re someone who resonates with our mission, but also our values, when it comes to how we work.

You’re a curious problem-solver with a passion for doing good. You’re bright and grounded, experimental and bold. You play open cards and get stuck in. You’re not afraid of change. You close the loop.

At Yoco, we love to laugh, cherish each other’s quirks, and be authentic.

Find Out More About Who We Are Here.

We encourage applicants from diverse backgrounds to apply and ask that you please send your application in English and help us reduce unconscious bias by leaving out your picture, age, address, and other unnecessary information in your CV.

Yoco is a growing African Fintech, enabling people to thrive through open commerce.

Founded in 2015, Yoco now processes over US$2 billion annually, and we’re the payments provider for over 200 000 self-employed.

By 2024 we aim to serve 3 million entrepreneurs, becoming the leading Open Commerce ecosystem for small business, across Africa and the Middle East.