DevSecOps Engineer

At Verto, we're on a mission to democratise global finance and empower businesses in Emerging Markets to reach the world. Founded by British-Nigerian entrepreneurs Ola Oyetayo and Anthony Oduu, our roots in Africa provided a firsthand understanding of the significant challenges businesses face with cross-border payments, ranging from illiquid currencies and high fees to slow transactions. This deep-rooted insight is why Africa remains a core focus, as we're committed to bridging the gap between emerging and developed markets and fostering global economic growth.

What started as an FX solution for the Nigerian Naira has evolved into a market-leading platform, enabling thousands of businesses to seamlessly transfer billions of dollars annually. We believe that where you do business shouldn’t determine your success or ability to scale. We're creating equal access to the easy payment and liquidity solutions that are already a given in developed markets.

We're not alone in realising this crucial need; we're backed by world-class investors including Y-Combinator, Quona, and MEVP. With Verto receiving the Milken-Motsepe Prize, appearing on CNBCs list of fastest growing UK companies, the Deloitte Fast 50 and Sifted’s fastest-growing UK tech companies, we are building a seamless cross-border payment future. Join us as we continue to grow and transform global finance.

This role is critical for fortifying Verto's application security by focusing on penetration testing across Web, API, and Mobile platforms, while also embedding security automation directly into our development processes. You will significantly reduce vulnerabilities and champion a security-first culture, ensuring our products are robust and trustworthy.

We’re seeking a skilled DevSecOps Engineer who is passionate about security testing and securing modern applications.

• Conduct in-depth penetration testing for Web, API, and Mobile (iOS & Android) applications.

• Perform secure code reviews and provide actionable remediation guidance, especially for Node.js.

• Automate security testing and integrate tools into CI/CD pipelines.

• Writing scripts for automating mundane security tasks.

• Develop and implement security best practices (OWASP Top 10, SANS 25).

• Monitor and strengthen AWS cloud security configurations, including AWS auditing and AWS penetration testing .

• Collaborate with development teams for early-stage threat modeling and risk assessments.

• Create and maintain security playbooks for incident response.

• Stay ahead of emerging threats and introduce new security methodologies.

• Proven experience in penetration testing for Web, API, and Mobile (iOS & Android) applications.

• Strong expertise in security testing tools (e.g., Burp Suite, OWASP ZAP, Python scripting).

• Proficiency in scripting languages such as Python or other relevant languages (e.g., PowerShell, Bash)

• Hands-on experience in secure code reviews and remediation guidance.

• Solid understanding of OWASP Top 10, SANS 25, and other security frameworks.

• Experience integrating security tools into CI/CD pipelines.

• Cloud security expertise, particularly in AWS (IAM, security monitoring, infrastructure security, including AWS auditing and AWS penetration testing capabilities)

• Familiarity with Agile and DevOps methodologies with a security-first mindset.

• Experience with Node.js applications for code reviews and remediation.

• Relevant certifications (e.g., OSCP, CISSP, CEH, AWS Security Specialty, Certified DevSecOps Engineer).

• Experience working in a fast-paced startup environment.

• Experience working in a DevOps environment.

• Experience with Infrastructure as Code (IaC) tools (Terraform, Ansible)

• Experience with specific industry domains (e.g., Fintech, Logistics, E-commerce) where robust application security is critical.

We’re a community of folks who care about their craft, collaborate with purpose, and enjoy the journey together

• Health & Life insurance, flexible work schedules, generous leave policy

• Gym membership, free lunch, car lease policy and a professional development budget

• Love asking “why?”

• Value solving problems over just completing tasks

• Understand sync vs. async communication practices

• Thrive in ambiguity and change

• Actively seek feedback

• Prioritise impact over activity

• Are fun to work with - we love good humour!

A chat with the talent team and 3 (technical + culture) interviews rounds.