Job Description

###

Who we are

Yoco was founded in 2015, and we've been breaking down barriers, unlocking economic opportunities and opening commerce for people to thrive ever since.


We're the payments provider for over 200,000 self-employed, and process over US$3 billion annually.


We have 350 team members globally, all with a bias for boldness and a passion for simple, progressive solutions. We believe in uniting different people to solve hard problems, together.


Our mission of making society more equal requires a variety of people, with different backgrounds and points of view, to keep building solutions that make life easier for emerging businesses.


We're growing fast. With growth comes compelling challenges. If you're an ambitious problem-solver, with big ideas, a passion for doing good, bright, grounded and courageous; you're likely to thrive at Yoco.


We don't stop pushing. We break things to rebuild. We challenge ourselves and each other. We're constantly evolving - and we're doing it fast.


Grow With Us.

###

About the

Security

team

The security team at Yoco sits within our rapidly growing Engineering function and is responsible for end-to-end security threat and risk identification, protection, detection, response and recovery of Yoco Technology Group.


Working closely with other engineering and product delivery teams you'd ensure that our external, internal systems, apps and APIs are continuously monitored and improved upon.


Being a first-line defensive function, you will ensure that threats across Yoco's external and internal threat landscape are detected, responded to and recovered from in a timely manner.


Similarly to the other teams which make up the function, one of the Security team's key goals is to enable and contribute to a solid foundation on which all our products and services can be built upon. The teams strive to not be blockers and provide as much autonomy as possible to the areas they support and work alongside.

###

About the role

The Intermediate SOC Engineer role is a technical position primarily tasked with improving and managing our security monitoring and incident response capabilities to continuously detect, respond and recover to any threats across Yoco's digital and physical assets. It is critical to the long-term success of Yoco in enabling people to make payments across our market segments in a secure manner. Our users trust us with their most sensitive information, and Yoco treats this responsibility with the highest priority.


A SOC Engineer will be responsible for the continuous monitoring and analysis of events across our systems, and recommending or developing solutions to address current and emerging threats. Importantly, this role will engage closely with teams within engineering and make recommendations on detection strategies, security tooling, operational controls, and improvements to our incident response processes.


Security concerns are ever-evolving, making this team an extremely dynamic environment to work in.

###

What you will be doing

Maintenance and improvement to Yoco's security detection and response procedures and processes You'll be assisting in the identification of threats for new and existing systems as the business continues to evolve Security monitoring and visibility of our external and internal facing applications Review and make recommendations on areas not limited to but including security incident response, security monitoring, continuous assurance and measurement of continuous improvement Work closely with third-party security and auditing firms and help monitor and improve security visibility across the rest of engineering Responsible for security detection, response and coordinate recovery across the Group Log management of security related events Perform product security reviews on existing and new features being built by Yoco Ensure identified security risks are remediated in line with internal SLA and industry best practice Assist with improving the overall information security posture of Yoco Technology Group
###

About you

At least 3 years of full-time information security experience within a blue team function Knowledge of how to detect offensive security techniques applicable to cloud based and remote environments Strong communication and teamwork skills, you should be able to guide others in the engineering organisation through security incidents, preserve evidence and effectively communicate next steps Strong knowledge of SIEM platforms (Splunk, QRadar, Logz.io, ELK stack, Lucerne QL, etc.) Hands-on experience in incident response & forensic investigation A keen interest in information security and an understanding of how cyber security related attack vectors can translate to monetary loss Willingness to learn fast and leverage automation to increase visibility and decrease the resolution time of security risks
###

The people we're looking for

We're looking for people who want to grow and have a thirst for learning. And as Yoco grows, we hope they stay with us for the long-term.


Building solutions for a more equal society is a daunting task - and it's not for everyone. We never stop pushing, we break things to rebuild, and we challenge ourselves and our teammates. We start over, we constantly evolve - and we do it fast. We know that it's just the right kind of meaningful madness for our kind of visionary human.


So, who are you? You're someone who resonates with our mission and our values, and you're relentlessly effective in your execution.


You're a curious problem-solver with a passion for doing good. You're bright, grounded, experimental and bold. You play open cards and get stuck in. You're not afraid of change. You close the loop.


At Yoco, we laugh, embrace each other's quirks, and support one another's growth, all while staying authentic.


If this sounds like your kind of challenge, apply below and come grow with us.

We encourage applicants from diverse backgrounds to apply and ask that you please send your application in English and help us reduce unconscious bias by leaving out your picture, age, address, and other unnecessary information in your CV.