Senior Application Security Engineer

3 semanas atrás


Teresina, Brasil Rain Tempo inteiro

Rain is the fastest-growing earned wage access (EWA) fintech in the U.S., serving 3.5 million employees and backed by top investors like QED and Prosus. We\'ve raised nearly $400M in funding—including the largest Series A in fintech history—and just closed our Series B to fuel our next stage of hypergrowth.

We are seeking a skilled and driven Senior Application Security Engineer to join Rain\'s growing Security team. This role demands a proactive approach to secure software development and cloud-native defense. You will partner closely with engineering and development squads, and work alongside our Cloud Security and GRC team members to improve Rain\'s application and platform security posture. This position is technically grounded, requiring direct engagement in application-layer matters and security reviews, while also contributing to cloud security automation, awareness initiatives, and secure engineering practices across the SDLC.

Key Responsibilities
  • Collaborate with development squads to validate vulnerabilities and provide actionable remediation guidance aligned with business risk.
  • Drive threat modeling sessions (e.g., STRIDE, PASTA) for critical systems and APIs.
  • Design, implement, and oversee automated processes for securely updating application and code dependencies, proactively mitigating issues and ensuring timely vulnerability remediation.
  • Integrate security checks into CI/CD pipelines (SAST, DAST, SCA, IaC), working with tools like Semgrep, Snyk, Trivy, and Burp Suite.
  • Contribute to runtime security initiatives, such as container/Kubernetes hardening, RASP, and eBPF-based detection.
  • Build and maintain a security issues dashboard to track remediation status and metrics.
  • Provide real-time support in the event of cybersecurity incidents impacting applications or cloud infrastructure (exploited vuln, credential stuffing, web/API attacks).
  • Partner with the Cloud Security team on security automation tasks and monitoring improvements (e.g., Security Hub remediation automations, DLP monitoring).
  • Conduct proactive research on new threats, vulnerabilities, and attack techniques relevant to Rain\'s architecture.
  • Collaborate with the GRC team to develop and deliver internal security awareness initiatives, phishing campaigns, and developer training (e.g., secure coding, API security).
  • Participate in the continuous improvement of AppSec maturity (e.g., aligning with OWASP SAMM, ISO 27001, or SOC 2 frameworks).
Required Qualifications
  • Fluent English, including strong verbal and written skills.
  • Strong problem-solving and analytical mindset.
  • Excellent communication skills to convey security risks to technical and non-technical stakeholders.
  • 3–5+ years of experience in application security, penetration testing roles, and/or secure code development, including work with QA teams.
  • Hands-on experience with SAST, DAST, and SCA tools (e.g., Semgrep, Burp, Snyk).
  • Deep understanding of web, mobile, and API vulnerabilities (OWASP Top 10, API Top 10, MITRE CWE).
  • Proven expertise in performing code review or security assessments and writing clear reports.
  • Proficiency in at least one backend language (e.g., Go, Python, Node.js) and understanding of React/React Native front-ends.
  • Familiarity with secure architecture of microservices, event-driven systems, and REST APIs using OAuth2/OpenID Connect.
  • Experience securing CI/CD pipelines and integrating AppSec tooling into SDLC.
  • Solid knowledge of containerization and Kubernetes security fundamentals.
  • Understanding of cloud security (preferably AWS), including IAM principles, cloud-native service configurations, and network segmentation.
  • Comfortable with Agile development methodologies and working within cross-functional squads.
  • Software supply chain security (e.g., SBOM, artifact signing).
Preferred Qualifications
  • Certifications such as OSCP, OSWE, GWAPT, CPTE, or CSSLP.
  • AWS, GCP, or Azure Security Specialty certification.
  • Familiarity with bug bounty triage and vulnerability management platforms (e.g., DefectDojo).
  • Experience implementing RASP or eBPF runtime protection tools.
  • Exposure to LLM/AI security considerations and secure code generation practices.
  • Familiarity with logging and monitoring tools (e.g., CloudWatch, Datadog, Grafana).
Who We Are

Rain is filled with people with a deeply rooted passion for our mission, who embrace diversity throughout our global team, and grow personally and professionally. We own what we do and let data guide our actions while working quickly and adapting to new challenges every day.

As part of our dedication to the diversity of our workforce, Rain is committed to Equal Employment Opportunity and does not discriminate based on race, religion, color, national origin, ethnicity, gender, sex (including pregnancy), protected veteran status, age, disability, sexual orientation, gender identity, gender expression, or any unlawful criterion existing under applicable federal, state, or local laws. If you need assistance or accommodation due to a disability, you may contact us at ******.

#J-18808-Ljbffr

  • Teresina, Piauí, Brasil Rain Tempo inteiro

    Rain is the fastest-growing earned wage access (EWA) fintech in the U.S., serving 3.5 million employees and backed by top investors like QED and Prosus. We\'ve raised nearly $400M in funding—including the largest Series A in fintech history—and just closed our Series B to fuel our next stage of hypergrowth. We are seeking a skilled and driven Senior...

  • Security Engineer

    Há 19 horas


    Teresina, Brasil Canonical Tempo inteiro

    Join or sign in to find your next jobJoin to apply for the Security Engineer - Ubuntu role at Canonical1 day ago Be among the first 25 applicantsJoin to apply for the Security Engineer - Ubuntu role at CanonicalCanonical is a leading provider of open source software and operating systems to the global enterprise and technology markets.Our platform, Ubuntu,...

  • Senior Security Engineer

    2 semanas atrás


    Teresina, Brasil Wizdaa Tempo inteiro

    Let’s be direct: We’re looking for a technical powerhouse. If you’re the developer who: Is the clear technical leader on your team Consistently solves problems others can’t crack Ships complex features in half the time it takes others Writes code so clean it could be published as a tutorial Takes pride in elevating the entire codebase Then we want...

  • Lead AI Engineer

    3 semanas atrás


    Teresina, Piauí, Brasil AI Engineer Brasil Tempo inteiro

    Overview Lead AI Engineer role at AI Engineer Brasil. Sierra Studio is a product development company focused on AI. We're based in Los Angeles, with teammates worldwide, building products across software, including AI and large language models. About The Role As a Lead AI Engineer, you'll lead engineering for one or more AI initiatives at Sierra. You'll...


  • Teresina, Brasil buscojobs Brasil Tempo inteiro

    Senior Site Reliability Engineer (SRE) Location : Remote (LATAM). Must be able to work US time zones. Level: Senior. 5+ years of experience. Type of Employment : Long-term contract, hourly in USD. About Us Concord isn't your typical consulting firm; we're an execution-focused company passionate about delivering results. Our mission is to help clients...

  • Senior Software Engineer

    2 semanas atrás


    Teresina, Brasil Alloy Automation Tempo inteiro

    Overview Alloy Automation (YC W20) is the connectivity layer for companies building AI Agents. With our platform, companies can power their agents and products with 400+ ready-to-use connectors in minutes, not months. Our engineering team’s goal is to deliver an incredible experience for our customers and users, trusted by global leaders including Amazon,...

  • Senior Network Engineer

    3 semanas atrás


    Teresina, Brasil People Centro Tempo inteiro

    Get AI-powered advice on this job and more exclusive features. Job Title: Senior Network Engineer (Remote – U.S. Business Hours) Project Summary: We’re partnering with a major brand on a large-scale network deployment involving approximately 500 sites, running through the end of 2025. We’re seeking skilled and independent Senior Network Engineers to...


  • Teresina, Brasil Chainlink Labs Tempo inteiro

    Overview Senior Smart Contract Engineer, Solidity – Join to apply for the Senior Smart Contract Engineer, Solidity role at Chainlink Labs . About Chainlink Labs Chainlink Labs is one of the primary contributing developers of Chainlink, the industry-standard oracle platform bringing the capital markets onchain and powering the majority of decentralized...


  • Teresina, Brasil WatchGuard Technologies, Inc. Tempo inteiro

    Overview We are seeking a passionate senior software engineer to develop solutions for our mission critical services supporting WatchGuard’s firewall and security products. You will be responsible for updating systems already in operation as well as develop brand new applications. As a senior developer, you’ll help define responsibilities for the rest of...


  • Teresina, Brasil buscojobs Brasil Tempo inteiro

    Overview Você quer fazer parte de uma empresa com propósito? VemSerNumen Estamos com oportunidade para: Consultor SAP Basis Security Sênior Requisitos Experiência em projetos greenfield onde será necessário o desenho da melhor estratégia de security para o cliente Experiência em auditorias Análise de SOD e mitigação de risco Definição...