Security Analyst

Who we are

Yoco was founded in 2015, and has since processed overR100 billion in digital payments for over 400,000 businesses in South Africa. We’re breaking down barriers and unlocking economic opportunities that enable people to thrive.

We have over 330 team members globally, operating across international markets, all with a bias for boldness, and a passion for simple, progressive solutions. We believe in uniting different people to solve hard problems together.

Our mission of making society more equal takes a variety of people, with different backgrounds and points of view, so we can keep building solutions that work for and include everyone.

Yoco is growing, and as we grow we have compelling challenges ahead of us.

Growing means we’re enabling more self-employed people and businesses to thrive every day. It also means that ambitious problem-solvers with big ideas are challenged, stimulated and will thrive at Yoco.

We don’t stop pushing, we break things to rebuild, we challenge ourselves and each other. We’re constantly evolving — and we’re doing it fast.

About the Security Team

The security team at Yoco sits within our rapidly growing Engineering function and is responsible for the end-to-end Information Security posture of Yoco Technology Group. Working closely with other engineering and product delivery teams you’d ensure that our external, internal systems, apps and APIs are following best practices when it comes to security and continue to remain secure. Similarly to the other teams which make up the function, one of the Security team’s key goals is to enable and contribute to a solid foundation on which all our products and services can be built upon. The teams strive to not be blockers and provide as much autonomy as possible to the areas they support and work alongside. 

About the role

The Security Analyst role is a technical position primarily tasked with ensuring adoption and maintenance of our vulnerability management program and ongoing security posture. It is critical to the long-term success of Yoco in enabling people to make payments across our market segments in a secure manner. Our users trust us with some of their most sensitive information, and Yoco takes customer security as a priority.

Security analysts are responsible for the continuous assessment of our systems, and recommend or provide solutions to address current and future threats relating to our vulnerability exposure. Importantly, this role will engage closely with the teams within our engineering environment and make recommendations on security controls, frameworks, tooling and secure application development.

Security concerns are ever-evolving, making the security team an extremely dynamic environment to work in.

What you will be doing

• You'll be helping to develop new features as well as securing existing ones

• Secure and harden our external and internal facing applications

• Review and make recommendations on areas not limited to but including secrets management, security scanning and security operations

• Work closely with third-party security and auditing firms and help implement and recommend security controls to the rest of engineering

• Be responsible for vulnerability management across the Yoco Technology Group

• Log management of security related events

• Perform product security reviews on existing and new features being built by Yoco

• Ensure identified security risks are remediated in line with internal SLA and industry best practice

• Assist with improving the overall information security posture of Yoco Technology Group

About you

• At least 2 years of full-time information security experience within a technical domain
  
• Experience with offensive security techniques and knowledge of how to defend against them
  
• Strong communication and teamwork skills, you should be able to guide others in the engineering organisation through security best practices and exercises
  
• A keen interest in application security and an understanding of how application security vectors can translate to monetary loss
  
• Experience with CI/CD tooling & dependency management as it relates to security
  
• Experience in application security or vulnerability management
  
• Willingness to learn fast and leverage automation to increase visibility and decrease the resolution time of security vulnerabilities
  

Motivation

Yoco’s online footprint and supporting technologies are ever-increasing and continuing to grow. There is currently no one dedicated to the continuous review and implementation of security controls relating to online security at Yoco. We are looking for a self-starter in this space that will work closely with the relevant technical teams on reviewing and improving the end-to-end security posture of our products.

The People We’re Looking For

We’re looking for people who want to grow. And as Yoco grows we hope they stay with us, long term

Building things that make society more equal is a daunting task. And it’s not for everyone. We never stop pushing, we break things to rebuild, and we challenge ourselves and our teammates. We start over, we constantly evolve — and we do it fast. We know that it’s just the right kind of meaningful madness for our kind of visionary human.

So, who are you? You’re someone who resonates with our mission, but also our values, when it comes to how we work.

You’re a curious problem-solver with a passion for doing good. You’re bright and grounded, experimental and bold. You play open cards and get stuck in. You’re not afraid of change. You close the loop.

At Yoco, we love to laugh, cherish each other’s quirks, and be authentic.

Find out more about who we are here.

We encourage applicants from diverse backgrounds to apply and ask that you please send your application in English and help us reduce unconscious bias by leaving out your picture, age, address, and other unnecessary information in your CV.