Senior Security Engineer at Chipper Cash

Chipper Cash is the largest mobile cross-border money transfer platform in Africa. We are a passionate team, dedicated to expanding financial inclusion in some of the global regions most in need of accessible, interoperable, easy-to-use, and affordable financial services.

1. We are a small team. You will be encouraged to engage in high-level technical decision making, and there will be a lot of room for growth for early hires as the company continues to expand.
2. The Chipper team is truly global on a daily basis, you might be interacting with team members in San Francisco, Los Angeles, New York City, London, Accra, Lagos, and Nairobi
3. You will not be micromanaged. We have an engineering team culture centered on open-communication, honest feedback, and personal responsibility.

About Our Tech Stack

1. Node.js + Typescript service-based architecture
2. React Native Android/iOS application
3. PostgreSQL application databases
4. RabbitMQ for inter-server communication
5. Server hosting on Heroku and Google Cloud Platform
6. Fully automated CI/CD using Heroku CI and Github
7. Application monitoring with Datadog, Logz.io, and Amplitude
8. Snowflake for data warehousing and analysis
9. Python for in-depth data analysis, transformation, and reporting

What You Will Work On
Security engineering at Chipper spans the full-stack - this role involves gaining an understanding of the technical architecture of the Chipper Platform, continuously examining different attack surfaces, and proactively identifying and implementing security-hardening measures.
Security engineering at Chipper is also a heavily collaborative role. Security is a principle that permeates everything that we work on, and the security engineering team works with a wide variety of other teams in order to spread understanding of potential vulnerabilities and to instill a security-focused mindset within everything we do.

Some examples of responsibilities include:

1. Actively participating in project planning, code reviews, and spec reviews, to assist in hardening the design and implementation of a wide variety of projects
2. Collaborating with the the data intelligence team to identify new queries, analysis pipelines, ML models, and alerts to be built in order to detect security-relevant activity
3. Working with the DevOps team to verify full firewall coverage, and managing internal key storage and access controls
4. Integrating with new security software vendors and managing current security-related software integrations
5. Orchestrating penetration tests and other security-related accreditations with external firms
6. Working with different product teams to harden various 3rd-party API integrations with enhanced connection verification and scheduled credential rotations
7. Brainstorming with the design team to create user-facing systems that are secure and easy to use

What You Should Have
The role isn't very focused on being an expert on any specific security domain (such as in a specific language or framework or layer of the application stack) - the most important

skills are:

1. Having an inquisitive, curious, and investigative mindset - thriving at independently reviewing designs and codebases and seeking out potential vulnerabilities
2. Broad full-stack technical ability - being able to quickly gain familiarity with different technologies in-use throughout the team in order to competently understand the code and system designs

Great To Have

1. Past experience in a role with significant security engineering responsibilities
2. Past experience with fintech and early-stage startups
3. Leadership interest and/or experience
4. Familiarity with our tech stack - Node.js, Typescript, Python, React Native, RabbitMQ, PostgreSQL, Snowflake
5. Familiarity with our tool stack - ELK, Datadog, Cloudflare, Heroku, AWS, GCP, Retool