Application Security Specialist at Mukuru

The Opportunity

• We’re looking for an Application Security Specialist to join our forward-thinking Information Security Team based in Cape Town or Johannesburg, South Africa. This is your chance to play a leading role in securing Mukuru’s rapidly evolving fintech ecosystem and ensuring that our customers’ trust stays rock solid.
• You’ll work closely with our Engineering, DevOps, and Product teams to safeguard our applications from design to deployment. From penetration testing and vulnerability management to building a culture of secure development, you’ll be the expert who ensures security is baked into everything we build.
• If you’re passionate about protecting systems, love a technical challenge, and thrive in a fast-paced, collaborative environment — this role was made for you.

What You’ll Do

• Application Security Testing
• Conduct web and mobile application penetration testing and API security assessments.
• Perform threat modelling, secure code reviews, and attack surface analysis.
• Manage and monitor the production cloud infrastructure (AWS/Azure) for vulnerabilities and misconfigurations.
• Lead SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing) initiatives.
• Security Assessment Programme
• Design and execute Mukuru’s annual penetration testing programme.
• Coordinate both internal and external security assessments, ensuring proper scoping and timely delivery.
• Manage relationships with external security partners and report on remediation progress.
• Drive collaboration across engineering, IT, and compliance to close security gaps quickly and effectively.
• Secure Development Lifecycle (SDLC) Enablement
• Champion secure coding practices and embed them in the SDLC.
• Partner with developers, testers, and business analysts to provide proactive security guidance during sprints and releases.
• Create and maintain security frameworks, checklists, and guidelines (aligned with OWASP, OSAMM, BSIMM, MITRE).
• Deliver training and awareness sessions to uplift security capability across teams.
• Continuous Improvement & Innovation
• Stay on top of cybersecurity trends, tools, and attack vectors to anticipate risks.
• Research and implement innovative security solutions that strengthen Mukuru’s posture.
• Identify process improvements that make security assessments faster, smarter, and more automated.
• Professional Development
• Participate in KPI meetings and 1:1 sessions with the Head of Information Security.
• Maintain certifications and industry knowledge to remain a trusted subject matter expert.

What You’ll Bring

Essential:

• 5+ years of experience in IT systems security or application security.
• Proven experience in offensive security testing and vulnerability management.
• Strong technical knowledge of web application and network security.
• Familiarity with security assessment tools such as Burp Suite, Kali, Nmap, Nikto, Hydra, and Tenable.io.
• Understanding of SAST/DAST tools (e.g., Veracode, Whitesource, Blackduck).
• Experience with AWS or Azure cloud environments.
• Solid grasp of secure software development and programming languages (e.g., PHP, .NET).
• Strong reporting, documentation, and project management skills.

Preferred:

• Degree in Computer Science, Information Security, or a related field.
• Industry certifications (e.g., CISSP, CISM, OSCP, ISO 27001, ISSAP).
• Prior experience in a development or DevSecOps environment.

You’ll Thrive Here If You Are:

• Passionate about security, automation, and innovation.
• A sharp problem-solver with strong analytical and critical thinking skills.
• A clear communicator who enjoys collaborating across technical and business teams.
• A self-starter who can manage multiple priorities with precision and accountability.
• Curious, always learning, and proactive in identifying new ways to secure systems.