Application Security Specialist

Mukuru is one of Africa’s leading FinTech companies, transforming the way millions of people access financial services. With over 40 million cross-border transactions processed, we empower communities through technology that’s safe, affordable, and reliable.

Our products — from money transfers and insurance to digital wallets and payment solutions — make financial inclusion possible for individuals and businesses across emerging markets.

At Mukuru, we’re building technology that matters — and keeping it secure is mission-critical. That’s where you come in.

We’re looking for an Application Security Specialist to join our forward-thinking Information Security Team based in Cape Town or Johannesburg, South Africa. This is your chance to play a leading role in securing Mukuru’s rapidly evolving fintech ecosystem and ensuring that our customers’ trust stays rock solid.

You’ll work closely with our Engineering, DevOps, and Product teams to safeguard our applications from design to deployment. From penetration testing and vulnerability management to building a culture of secure development, you’ll be the expert who ensures security is baked into everything we build.

If you’re passionate about protecting systems, love a technical challenge, and thrive in a fast-paced, collaborative environment — this role was made for you.

• Conduct web and mobile application penetration testing and API security assessments.

• Perform threat modelling, secure code reviews, and attack surface analysis.

• Manage and monitor the production cloud infrastructure (AWS/Azure) for vulnerabilities and misconfigurations.

• Lead SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing) initiatives.

• Design and execute Mukuru’s annual penetration testing programme.

• Coordinate both internal and external security assessments, ensuring proper scoping and timely delivery.

• Manage relationships with external security partners and report on remediation progress.

• Drive collaboration across engineering, IT, and compliance to close security gaps quickly and effectively.

• Champion secure coding practices and embed them in the SDLC.

• Partner with developers, testers, and business analysts to provide proactive security guidance during sprints and releases.

• Create and maintain security frameworks, checklists, and guidelines (aligned with OWASP, OSAMM, BSIMM, MITRE).

• Deliver training and awareness sessions to uplift security capability across teams.

• Stay on top of cybersecurity trends, tools, and attack vectors to anticipate risks.

• Research and implement innovative security solutions that strengthen Mukuru’s posture.

• Identify process improvements that make security assessments faster, smarter, and more automated.

• Participate in KPI meetings and 1:1 sessions with the Head of Information Security.

• Maintain certifications and industry knowledge to remain a trusted subject matter expert.

Essential:

• 5+ years of experience in IT systems security or application security.

• Proven experience in offensive security testing and vulnerability management.

• Strong technical knowledge of web application and network security.

• Familiarity with security assessment tools such as Burp Suite, Kali, Nmap, Nikto, Hydra, and Tenable.io.

• Understanding of SAST/DAST tools (e.g., Veracode, Whitesource, Blackduck).

• Experience with AWS or Azure cloud environments.

• Solid grasp of secure software development and programming languages (e.g., PHP, .NET).

• Strong reporting, documentation, and project management skills.

Preferred:

• Degree in Computer Science, Information Security, or a related field.

• Industry certifications (e.g., CISSP, CISM, OSCP, ISO 27001, ISSAP).

• Prior experience in a development or DevSecOps environment.

• Passionate about security, automation, and innovation.

• A sharp problem-solver with strong analytical and critical thinking skills.

• A clear communicator who enjoys collaborating across technical and business teams.

• A self-starter who can manage multiple priorities with precision and accountability.

• Curious, always learning, and proactive in identifying new ways to secure systems.

Should you be appointed in a remote/work from home role at Mukuru, it is your responsibility to ensure that you have uninterrupted internet connectivity and a ‘work-like’ environment at your home location, in order to deliver your best in terms of performance, productivity and service to our customers.

If you do not receive any response after two weeks, please consider your application unsuccessful.

NB: ALL STAFF APPOINTMENTS WILL BE MADE WITH DUE CONSIDERATION OF THE COMPANY’S DIVERSITY AND INCLUSION PLANS