
Senior Application Security Engineer
Há 2 dias
Rain is the fastest-growing earned wage access (EWA) fintech in the U.S., serving 3.5 million employees and backed by top investors like QED and Prosus. We have raised nearly $400M in funding—including the largest Series A in fintech history—and just closed our Series B to fuel our next stage of hypergrowth. We are seeking a skilled and driven Senior Application Security Engineer to join Rain's growing Security team. This role requires a proactive approach to secure software development and cloud-native defense. You will partner closely with engineering and development squads, and work alongside our Cloud Security and GRC team members to improve Rain\'s application and platform security posture. This position is technically grounded, requiring direct engagement in application-layer matters and security reviews, while also contributing to cloud security automation, awareness initiatives, and secure engineering practices across the SDLC.
Responsibilities- Collaborate with development squads to validate vulnerabilities and provide actionable remediation guidance aligned with business risk.
- Drive threat modeling sessions (e.g., STRIDE, PASTA) for critical systems and APIs.
- Design, implement, and oversee automated processes for securely updating application and code dependencies, mitigating issues, and ensuring timely vulnerability remediation.
- Integrate security checks into CI/CD pipelines (SAST, DAST, SCA, IaC) using tools like Semgrep, Snyk, Trivy, and Burp Suite.
- Contribute to runtime security initiatives, such as container/Kubernetes hardening, RASP, and eBPF-based detection.
- Build and maintain a security issues dashboard to track remediation status and metrics.
- Provide real-time support in the event of cybersecurity incidents impacting applications or cloud infrastructure.
- Partner with the Cloud Security team on security automation tasks and monitoring improvements (e.g., Security Hub remediations, DLP monitoring).
- Conduct proactive research on new threats, vulnerabilities, and attack techniques relevant to Rain\'s architecture.
- Collaborate with the GRC team to develop and deliver internal security awareness initiatives, phishing campaigns, and developer training (e.g., secure coding, API security).
- Participate in the continuous improvement of AppSec maturity (e.g., aligning with OWASP SAMM, ISO 27001, or SOC 2 frameworks).
- Fluent English with strong verbal and written skills.
- Strong problem-solving and analytical mindset.
- Excellent communication skills to convey security risks to technical and non-technical stakeholders.
- 3–5+ years of experience in application security, penetration testing, and/or secure code development, including work with QA teams.
- Hands-on experience with SAST, DAST, and SCA tools (e.g., Semgrep, Burp, Snyk).
- Deep understanding of web, mobile, and API vulnerabilities (OWASP Top 10, API Top 10, MITRE CWE).
- Proven experience in code review or security assessments and clear reporting.
- Proficiency in at least one backend language (e.g., Go, Python, Node.js) and understanding of React/React Native front-ends.
- Familiarity with secure architecture of microservices, event-driven systems, and REST APIs using OAuth2/OpenID Connect.
- Experience securing CI/CD pipelines and integrating AppSec tooling into SDLC.
- Solid knowledge of containerization and Kubernetes security fundamentals.
- Understanding of cloud security (preferably AWS), including IAM, cloud-native service configurations, and network segmentation.
- Comfortable with Agile development and cross-functional squads.
- Software supply chain security experience (e.g., SBOM, artifact signing).
- Certifications such as OSCP, OSWE, GWAPT, CPTE, or CSSLP.
- AWS, GCP, or Azure Security Specialty certification.
- Familiarity with bug bounty triage and vulnerability management platforms (e.g., DefectDojo).
- Experience implementing RASP or eBPF runtime protection tools.
- Exposure to LLM/AI security considerations and secure code generation practices.
- Familiarity with logging and monitoring tools (e.g., CloudWatch, Datadog, Grafana).
- Seniority level: Mid-Senior level
- Employment type: Full-time
- Job function: Information Technology
Rain is filled with people who are deeply passionate about our mission, embracing diversity across our global team and growing personally and professionally. We own what we do and let data guide our actions while working quickly and adapting to new challenges every day.
Rain is committed to Equal Employment Opportunity and does not discriminate based on race, religion, color, national origin, ethnicity, gender, sex (including pregnancy), protected veteran status, age, disability, sexual orientation, gender identity, gender expression, or any unlawful criterion under applicable laws. If you need assistance or accommodation due to a disability, you may contact us at ******.
#J-18808-Ljbffr-
Senior Application Security Engineer
Há 2 dias
Praia Grande, Brasil Rain Tempo inteiroOverview Rain is the fastest-growing earned wage access (EWA) fintech in the U.S., serving 3.5 million employees and backed by top investors like QED and Prosus. We have raised nearly $400M in funding—including the largest Series A in fintech history—and just closed our Series B to fuel our next stage of hypergrowth. We are seeking a skilled and driven...
-
Senior Application Security Engineer
2 semanas atrás
Campina Grande, Brasil Rain Tempo inteiroOverviewJoin to apply for the Senior Application Security Engineer role at Rain . Rain is the fastest-growing earned wage access (EWA) fintech in the U.S., serving 3.5 million employees and backed by top investors like QED and Prosus. We\'ve raised nearly $400M in funding—including the largest Series A in fintech history—and just closed our Series B...
-
Senior Application Security Engineer
3 semanas atrás
Rio Grande do Sul, Brasil Rain Tempo inteiroOverview Rain is the fastest-growing earned wage access (EWA) fintech in the U.S., serving 3.5 million employees and backed by top investors like QED and Prosus. We have raised nearly $400M in funding—including the largest Series A in fintech history—and just closed our Series B to fuel our next stage of hypergrowth. We are seeking a skilled and driven...
-
Senior Security Operations Engineer
3 semanas atrás
Campo Grande, Brasil Canonical Tempo inteiroJoin or sign in to find your next job Join to apply for the Senior Security Operations Engineer role at Canonical Continue with Google Continue with Google 3 months ago Be among the first 25 applicants Join to apply for the Senior Security Operations Engineer role at Canonical Get AI-powered advice on this job and more exclusive features. We have opened...
-
Linux Cryptography and Security Engineer
3 semanas atrás
Campo Grande, Brasil Canonical Tempo inteiroLinux Cryptography and Security Engineer Join or sign in to find your next job Join to apply for the Linux Cryptography and Security Engineer role at Canonical Linux Cryptography and Security Engineer 3 days ago Be among the first 25 applicants Join to apply for the Linux Cryptography and Security Engineer role at Canonical Get AI-powered advice on this...
-
Lead Devops Engineer
2 semanas atrás
Praia Grande, Brasil Concord Tempo inteiroLead DevOps EngineerEmployment type: 12-month contract with possibility of renewal depending on business needs and personal performance.Pay in USD.Location: Remote in Latin America.Preferred locations include Peru, Mexico, Brazil, Chile, Bolivia, Ecuador, or Colombia.Timezone: Must be able to work on US time zone.About UsConcord isn't your typical consulting...
-
Senior Backend Engineer
3 semanas atrás
Campo Grande, Mato Grosso do Sul, Brasil buscojobs Brasil Tempo inteiroOverviewOur trusted high-growth healthcare technology partner is seeking a talented Senior Backend Engineer (PHP/Laravel) to join their dynamic team. This innovative company is dedicated to revolutionizing the healthcare industry through cutting-edge technology solutions. Position OverviewAs a Senior Backend Engineer, you will play a key role in the...
-
Senior Backend Engineer
2 semanas atrás
Campo Grande, Brasil buscojobs Brasil Tempo inteiroOverviewOur trusted high-growth healthcare technology partner is seeking a talented Senior Backend Engineer (PHP/Laravel) to join their dynamic team. This innovative company is dedicated to revolutionizing the healthcare industry through cutting-edge technology solutions. Position OverviewAs a Senior Backend Engineer, you will play a key role in the...
-
Senior Devops Engineer
Há 4 dias
Campo Grande, Brasil Workana Tempo inteiroBase pay range$50,000.00/yr - $60,000.00/yrWorkana is the largest remote work platform for talents in Latin America.Our new segment, Workana Premium, focuses on matching the most exceptional professionals with leading and innovative companies around the globe.Enjoy competitive compensation, dedicated support, and the flexibility of remote work within a...
-
Cloud Security Architect
Há 2 dias
Campo Grande, Brasil 4DF Connect Tempo inteiroOverview The Cloud Security Architect will be responsible for assessing and enhancing the security posture of client cloud environments, identifying vulnerabilities, and recommending remediation strategies. This role requires a strong focus on both technical security controls and process governance to ensure resilient, compliant, and secure cloud...