Information TechnologyFull-TimeSenior-level(6+ yrs)
Job Description
The Senior Application Security Engineer is a key technical role focused on leading advanced security assessments across web, mobile, APIs, cloud-native environments, and AI-driven autonomous penetration testing platforms. The ideal candidate combines deep technical expertise with architecture awareness and hands-on experience in deploying and integrating security testing solutions within a banking environment.
Key Responsibilities
Advanced Penetration Testing
Conduct manual and automated penetration testing across web applications, APIs (REST, GraphQL, SOAP), mobile applications (iOS & Android), cloud-native workloads, and infrastructure.
Perform both black-box and white-box testing to identify vulnerabilities.
Execute business logic testing and validate findings to demonstrate real business risks.
Conduct comprehensive threat modeling and attack surface analysis.
AI & Autonomous Pentesting
Design, operate, and optimize AI-driven autonomous penetration testing platforms.
Tune Large Language Model (LLM) based testing agents and attack orchestration workflows.
Validate AI-generated findings to reduce false positives and ensure accuracy.
Reporting & Leadership
Produce executive-level reporting and detailed technical reports for various stakeholders.
Present findings clearly to business, engineering, and executive teams.
Provide practical remediation guidance and implementation advice.
Mentor junior security testers and contribute to the enhancement of internal security standards.
Requirements and Qualifications
Experience: Minimum of 5+ years of professional penetration testing experience.
Education: Bachelor's Degree or Advanced Diploma in Physical, Mathematical, Computer, or Life Sciences.
Technical Knowledge: Deep understanding of OWASP Top 10 (Web, API), business logic exploitation, authentication/session management, and flaws such as SSRF, RCE, and injection.
Specialized Skills: Experience with AI-assisted penetration testing tools and an understanding of LLM-based attacks (e.g., prompt injection, AI model abuse).
Tools: Advanced proficiency in Burp Suite, Nmap, Nessus, Metasploit, SAST/DAST tools, and mobile testing tools (MobSF, Frida, Objection).
Certifications (Preferred): eJPT, CEH, OCSP, or AI security-specific certifications.
Soft Skills: Excellent analytical problem-solving abilities, strong communication, and the ability to translate technical risks into business impact.
How to Apply
Interested and qualified candidates should apply online through the Absa Bank recruitment portal on Workday. You can access the application page directly at https://absa.wd3.myworkdayjobs.com or via the redirect link: https://www.myjobmag.co.ke/apply-now/1176424. Ensure your application highlights your relevant experience in penetration testing and any relevant certifications.
.gif){kind=logo}
