What You Will Do

• Lead threat modeling and secure design reviews for Bykea’s applications and infrastructure, ensuring secure-by-default architectures
• Design and implement scalable security solutions to proactively detect and remediate vulnerabilities
• Drive “shift-left” security by integrating SAST/DAST and other security tools within CI/CD pipelines
• Conduct advanced dynamic (DAST) and static (SAST) analysis across microservices and mobile applications
• Identify, prioritize, and remediate security risks across products, features, and infrastructure
• Define and enforce best practices for application security across the software development lifecycle (SDLC)
• Assess and mitigate risks from third-party libraries and dependencies
• Lead vulnerability triage and remediation efforts in collaboration with engineering teams
• Act as a security champion, mentoring teams and promoting a strong security-first culture across the organization

About You

• 5+ years of hands-on experience in Application Security, with a strong track record of delivering measurable security improvements
• Strong proficiency in scripting/development (Python, JavaScript preferred)
• Proven experience integrating and managing security tools (SAST, DAST) within CI/CD environments
• Solid experience with cloud and infrastructure security (AWS, Kubernetes, Terraform/CloudFormation)
• Deep understanding of web security principles, TLS/SSL, authentication mechanisms, and network protocols (HTTP/HTTPS, TCP/IP, etc.)
• Experience securing mobile applications, web applications, and microservices-based architectures
• Demonstrated ability to secure high-scale, high-availability systems
• Familiarity with cloud platforms such as AWS or GCP and their security best practices
• Strong collaboration and communication skills, with the ability to influence cross-functional teams
• Relevant certifications (e.g., OSCP, AWS Security Specialty) are a plus