Senior Application Security Engineer

4 semanas atrás


Serra, Brasil Rain Tempo inteiro
Overview

Rain is the fastest-growing earned wage access (EWA) fintech in the U.S., serving 3.5 million employees and backed by top investors like QED and Prosus. We have raised nearly $400M in funding—including the largest Series A in fintech history—and recently closed our Series B to fuel our next stage of hypergrowth. We are seeking a skilled and driven Senior Application Security Engineer to join Rain's growing Security team. This role is technically grounded, requiring direct engagement in application-layer matters and security reviews, while also contributing to cloud security automation, awareness initiatives, and secure engineering practices across the SDLC.

You will partner closely with engineering and development squads, and work alongside our Cloud Security and GRC team members to improve Rain's application and platform security posture.

Responsibilities
  • Collaborate with development squads to validate vulnerabilities and provide actionable remediation guidance aligned with business risk.
  • Drive threat modeling sessions (e.g., STRIDE, PASTA) for critical systems and APIs.
  • Design, implement, and oversee automated processes for securely updating application and code dependencies, proactively mitigating issues and ensuring timely vulnerability remediation.
  • Integrate security checks into CI/CD pipelines (SAST, DAST, SCA, IaC), working with tools like Semgrep, Snyk, Trivy, and Burp Suite.
  • Contribute to runtime security initiatives, such as container/Kubernetes hardening, RASP, and eBPF-based detection.
  • Build and maintain a security issues dashboard to track remediation status and metrics.
  • Provide real-time support in the event of cybersecurity incidents impacting applications or cloud infrastructure (exploited vulnerability, credential stuffing, web/API attacks).
  • Partner with the Cloud Security team on security automation tasks and monitoring improvements (e.g., Security Hub remediation automations, DLP monitoring).
  • Conduct proactive research on new threats, vulnerabilities, and attack techniques relevant to Rain's architecture.
  • Collaborate with the GRC team to develop and deliver internal security awareness initiatives, phishing campaigns, and developer training (e.g., secure coding, API security).
  • Participate in the continuous improvement of AppSec maturity (e.g., aligning with OWASP SAMM, ISO 27001, or SOC 2 frameworks).
Required Qualifications
  • Fluent English, including strong verbal and written skills.
  • Strong problem-solving and analytical mindset.
  • Excellent communication skills to convey security risks to technical and non-technical stakeholders.
  • 3–5+ years of experience in application security, penetration testing roles, and/or secure code development, including work with QA teams.
  • Hands-on experience with SAST, DAST, and SCA tools (e.g., Semgrep, Burp, Snyk).
  • Deep understanding of web, mobile, and API vulnerabilities (OWASP Top 10, API Top 10, MITRE CWE).
  • Proven expertise in performing code reviews or security assessments and writing clear reports.
  • Proficiency in at least one backend language (e.g., Go, Python, Node.js) and understanding of React/React Native front-ends.
  • Familiarity with secure architecture of microservices, event-driven systems, and REST APIs using OAuth2/OpenID Connect.
  • Experience securing CI/CD pipelines and integrating AppSec tooling into SDLC.
  • Solid knowledge of containerization and Kubernetes security fundamentals.
  • Understanding of cloud security (preferably AWS), including IAM principles, cloud-native service configurations, and network segmentation.
  • Comfortable with Agile development methodologies and working within cross-functional squads.
  • Software supply chain security (e.g., SBOM, artifact signing).
Preferred Qualifications
  • Certifications such as OSCP, OSWE, GWAPT, CPTE, or CSSLP.
  • AWS, GCP, or Azure Security Specialty certification.
  • Familiarity with bug bounty triage and vulnerability management platforms (e.g., DefectDojo).
  • Experience implementing RASP or eBPF runtime protection tools.
  • Exposure to LLM/AI security considerations and secure code generation practices.
  • Familiarity with logging and monitoring tools (e.g., CloudWatch, Datadog, Grafana).
Who We Are

Rain is filled with people who are passionate about our mission, embrace diversity, and grow personally and professionally. We own what we do and let data guide our actions while working quickly and adapting to new challenges every day. Rain is committed to Equal Employment Opportunity and does not discriminate based on race, religion, color, national origin, ethnicity, gender, sex (including pregnancy), protected veteran status, age, disability, sexual orientation, gender identity, gender expression, or any unlawful criterion under applicable laws. If you need assistance or accommodation due to a disability, you may contact us at ******.

#J-18808-Ljbffr

  • Serra, Brasil Rain Tempo inteiro

    Overview Rain is the fastest-growing earned wage access (EWA) fintech in the U.S., serving 3.5 million employees and backed by top investors like QED and Prosus. We have raised nearly $400M in funding—including the largest Series A in fintech history—and recently closed our Series B to fuel our next stage of hypergrowth. We are seeking a skilled and...

  • Security Engineer

    Há 6 dias


    Serra, Brasil LEDN Tempo inteiro

    Overview Ledn is a global financial services company built for digital assets. We are seeking a full-time Security Engineer with deep expertise in Application Security, Identity & Access Management, and Confidential Computing to strengthen the security of our Bitcoin-backed loan platform. Security is fundamental to protecting customers and the business, and...

  • Security Software Engineer

    1 semana atrás


    Serra, Brasil Canonical Tempo inteiro

    Join to apply for the Security Software Engineer role at Canonical1 day ago Be among the first 25 applicantsJoin to apply for the Security Software Engineer role at CanonicalCanonical is a leading provider of open source software and operating systems to the global enterprise and technology markets.Our platform, Ubuntu, is widely used in breakthrough...


  • Serra, Brasil Canonical Tempo inteiro

    Overview Canonical is a leading provider of open source software and operating systems to the global enterprise and technology markets. Our platform, Ubuntu, is widely used in breakthrough enterprise initiatives such as public cloud, data science, AI, engineering innovation, and IoT. Canonical is building a team dedicated to providing security coverage...

  • Devops Engineer

    1 dia atrás


    Serra, Brasil Georgiatek Systems Inc. Tempo inteiro

    ?? We're Hiring – DevOps Engineer Location: [Insert Remote/Hybrid/Onsite – as applicable]Employment Type: Full-timeExperience: Senior-levelAbout the RoleWe are looking for an experienced DevOps Engineer to join our team and support large-scale cloud operations across multiple providers and SaaS solutions.This role involves supporting high-visibility...


  • Serra, Brasil Staffed Tempo inteiro

    Join to apply for the Full Stack Product Engineer Senior role at Staffed . We are looking for a Senior Fullstack Engineer with expertise in React (frontend) and Python (backend) to build scalable applications in multi-cloud or flexible architectures. Responsibilities Develop and maintain fullstack applications (React + Python). Implement data ingestion and...


  • Serra, Brasil Staffed Tempo inteiro

    Join to apply for the Data Engineer Senior role at Staffed . This job was posted 1 week ago. Be among the first 25 applicants. Get AI-powered advice on this job and access more exclusive features. Key Responsibilities Design, develop, and optimize data pipelines and ETL processes. Implement scalable big data solutions using AWS, Spark, Scala, Java, and...

  • Ubuntu Security Engineer

    1 semana atrás


    Serra, Brasil Canonical Tempo inteiro

    Canonical is a leading provider of open source software and operating systems to the global enterprise and technology markets. Our platform, Ubuntu, is very widely used in breakthrough enterprise initiatives such as public cloud, data science, AI, engineering innovation, and IoT. The company is founder-led, profitable, and growing. Canonical is building a...

  • Senior AI/ML Engineer

    4 semanas atrás


    Serra, Brasil FullStack Labs Tempo inteiro

    Overview Senior AI/ML Engineer - Remote - Latin America at FullStack Labs Join our talent network to connect with U.S. clients for flexible, project-based development work as a Senior AI/ML Engineer. About FullStack FullStack is the most transparent IT talent network, connecting highly skilled individuals with top global companies and Silicon Valley...


  • Serra, Brasil Loadsmart Tempo inteiro

    Senior Software Engineer, Full Stack - Loadsmart Join to apply for the Senior Software Engineer, Full Stack role at Loadsmart . Loadsmart is a growth-stage technology company focused on logistics technology. We are a remote-first team with headquarters in Chicago. We seek professionals who embody our core values: curiosity, clarity, results, commitment,...