Penetration Tester / Application Security Engineer

Job Title: Penetration Tester / Application Security Engineer

About Us:

Guavapay is a payment platform that drives payment optimisation and stability. Guavapay’s full-stack payment ecosystem includes a range of financial technology products and solutions. Our flagship product is MyGuava, the “all things payments app”. In addition to MyGuava, we offer a range of other payment services to businesses and individuals, including card processing, cross-border payments / remittance, merchant acquiring, card issuing and e-wallets. Whatever our customers’ needs are, our breakthrough platform can help them integrate, process and transact globally. We aim to take our place on the forefront of payment disruption, bringing innovative solutions for flawless and low cost payments on the market.

Our future plans extend beyond payments and remittance to other fintech areas. Our ambitions are global. Our drive for success is unmatched.

Key Responsibilities:

• Build application security architecture and processes.
• Conducted/planned/managed penetration tests on web/mobile applications, APIs, and network infrastructure to identify and exploit vulnerabilities.
• Work closely with the development and DevOps teams to remediate vulnerabilities and improve the security posture of Guavapay's services.
• Perform risk assessments and recommend security controls to mitigate identified risks.
• Simulate advanced attack techniques and develop custom exploits to assess system security.
• Lead red team exercises and collaborate with security analysts on incident response.
• Maintain up-to-date knowledge of security threats, vulnerabilities, and mitigation techniques.
• Document findings and provide comprehensive technical reports with actionable insights.
• Ensure compliance with industry standards and regulatory requirements in the financial sector.

Requirements & Qualifications:

We are seeking candidates who possess some of the following certifications:

1. GIAC Certifications:
   • GIAC Exploit Researcher and Advanced Penetration Tester (GXPN).
   • GIAC Cloud Penetration Tester (GCPN).
   • GIAC Web Application Penetration Tester (GWAPT).
   • GIAC Penetration Tester Certification (GPEN).
2. Offensive Security Certifications:
   • OffSec Exploitation Expert (OSEE).
   • OffSec Exploit Developer (OSED).
   • OffSec Experienced Penetration Tester (OSEP).
   • OffSec Web Expert (OSWE).
3. eLearnSecurity Certifications:
   • Web application Penetration Tester eXtreme (eWPTX).
   • Professional Penetration Tester (ePPT).

Preferred Experience:

• 3+ years of experience in penetration testing or application security, ideally within financial institutions (e.g., banks, fintech, payment providers) or gambling-related companies.
• Experience with SAST, DAST systems.
• Experience with security service providers such as Banks Fintech, Gambling, Security Services Provider.
• Familiarity with common security frameworks and best practices (e.g., OWASP, NIST).
• Experience with security tools (e.g., Burp Suite, Metasploit, Nmap, Nessus, SAST, DAST).
• Knowledge of secure coding practices, threat modeling, and vulnerability management.