Senior Application Security Engineer

3 semanas atrás

Mogi das Cruzes, São Paulo, Brasil Rain Tempo inteiro
Overview

Senior Application Security Engineer role at Rain. This position focuses on secure software development, cloud-native defense, and improving Rain's application and platform security posture. You will partner with engineering squads and collaborate with Cloud Security and GRC teams to advance security in the SDLC.

Responsibilities
  • Collaborate with development squads to validate vulnerabilities and provide actionable remediation guidance aligned with business risk.
  • Drive threat modeling sessions (e.g., STRIDE, PASTA) for critical systems and APIs.
  • Design, implement, and oversee automated processes for securely updating application and code dependencies, proactively mitigating issues and ensuring timely vulnerability remediation.
  • Integrate security checks into CI/CD pipelines (SAST, DAST, SCA, IaC), using tools such as Semgrep, Snyk, Trivy, and Burp Suite.
  • Contribute to runtime security initiatives (e.g., container/Kubernetes hardening, RASP, and eBPF-based detection).
  • Build and maintain a security issues dashboard to track remediation status and metrics.
  • Provide real-time support during cybersecurity incidents impacting applications or cloud infrastructure (exploited vulnerability, credential stuffing, web/API attacks).
  • Partner with the Cloud Security team on security automation tasks and monitoring improvements (e.g., Security Hub automations, DLP monitoring).
  • Conduct proactive research on new threats, vulnerabilities, and attack techniques relevant to Rain's architecture.
  • Collaborate with the GRC team to develop and deliver internal security awareness initiatives, phishing campaigns, and developer training (e.g., secure coding, API security).
  • Participate in the continuous improvement of AppSec maturity (e.g., alignment with OWASP SAMM, ISO 27001, or SOC 2 frameworks).
Required Qualifications
  • Fluent English, including strong verbal and written skills.
  • Strong problem-solving and analytical mindset.
  • Excellent communication skills to convey security risks to technical and non-technical stakeholders.
  • 3–5+ years of experience in application security, penetration testing roles, and/or secure code development, including work with QA teams.
  • Hands-on experience with SAST, DAST, and SCA tools (e.g., Semgrep, Burp, Snyk).
  • Deep understanding of web, mobile, and API vulnerabilities (OWASP Top 10, API Top 10, MITRE CWE).
  • Proven expertise in performing code reviews or security assessments and writing clear reports.
  • Proficiency in at least one backend language (e.g., Go, Python, Node.js) and understanding of React/React Native front-ends.
  • Familiarity with secure architecture of microservices, event-driven systems, and REST APIs using OAuth2/OpenID Connect.
  • Experience securing CI/CD pipelines and integrating AppSec tooling into the SDLC.
  • Solid knowledge of containerization and Kubernetes security fundamentals.
  • Understanding of cloud security (preferably AWS), including IAM principles, cloud-native service configurations, and network segmentation.
  • Comfortable with Agile development methodologies and cross-functional squads.
  • Software supply chain security (e.g., SBOM, artifact signing).
Preferred Qualifications
  • Certifications such as OSCP, OSWE, GWAPT, CPTE, or CSSLP.
  • AWS, GCP, or Azure Security Specialty certification.
  • Familiarity with bug bounty triage and vulnerability management platforms (e.g., DefectDojo).
  • Experience implementing RASP or eBPF runtime protection tools.
  • Exposure to LLM/AI security considerations and secure code generation practices.
  • Familiarity with logging and monitoring tools (e.g., CloudWatch, Datadog, Grafana).
Who We Are

Rain is a fast-growing earned wage access (EWA) fintech in the U.S., serving 3.5 million employees and backed by top investors like QED and Prosus. We have raised nearly $400M in funding—including the largest Series A in fintech history—and recently closed our Series B to accelerate growth. Rain is committed to Equal Employment Opportunity and does not discriminate on race, religion, color, national origin, ethnicity, gender, sex (including pregnancy), protected veteran status, age, disability, sexual orientation, gender identity, gender expression, or any unlawful criterion under applicable laws. If you need assistance or accommodation due to a disability, you may contact us at ******.

Seniority level
  • Mid-Senior level
Employment type
  • Full-time
Job function
  • Information Technology
#J-18808-Ljbffr

  • Senior Application Security Engineer

    3 semanas atrás

    Mogi Guaçu, São Paulo, Brasil Rain Tempo inteiro

    Rain is the fastest-growing earned wage access (EWA) fintech in the U.S., serving 3.5 million employees and backed by top investors like QED and Prosus. We\u2019ve raised nearly $400M in funding 1he largest Series A in fintech history 1 and just closed our Series B to fuel our next stage of hypergrowth. We are seeking a skilled and driven Senior Application...

  • Azure Devops Engineer

    3 semanas atrás

    Mogi das Cruzes, São Paulo, Brasil Decskill Tempo inteiro

    Overview DECSKILL was founded in 2014 as an IT Consulting Company and their main mission is to deliver value through knowledge. We enable companies to meet the challenges of the digital world by providing our clients with business models that ensure technological capacity, flexibility and agility. We are more than 500 consultants with offices in Lisbon,...

  • Especialista de segurança da informação

    3 semanas atrás

    Mogi das Cruzes, São Paulo, Brasil SIMPAR Tempo inteiro

    Sólido conhecimento em protocolos de rede (TCP/IP, DNS, DHCP, HTTP/S, etc.). Experiência com configuração e segurança de equipamentos de rede: firewalls (Fortinet, Palo Alto, Cisco ASA), switches, roteadores e balanceadores. Conhecimento em redes locais (LAN), redes de longa distância (WAN), VPNs e redes sem fio seguras. Experiência com...

  • Senior Data Engineer

    Há 5 dias

    Mogi Guaçu, São Paulo, Brasil Sylvamo Tempo inteiro R$90.000 - R$120.000 por ano

    Venha desempenhar o seu melhor papel com uma equipe de profissionais que sempre fazem as coisas certas, do jeito certo e pelas razões certas. Pronto para se juntar à nossa equipe?Modelo de trabalho: HíbridoWHAT YOU WILL NEEDBachelor's or Master's degree in Data Engineering, Computer Science or a related technical field or Industrial, Electrical,...

  • especialista de segurança da informação

    Há 5 dias

    Mogi das Cruzes, São Paulo, Brasil Simpar Tempo inteiro R$80.000 - R$120.000 por ano

    Oi, somos a HOLDING SIMPAR Somos um Grupo com mais de 50 mil colaboradores sob a mesma Cultura, Valores e um Modelo de Gestão único, que produz resultados sustentáveis e alinhados às melhores práticas de ESG. Uma holding que empresaria 8 negócios com operações independentes e complementares nos segmentos de logística, mobilidade, saneamento,...

  • Supply Chain

    4 semanas atrás

    Mogi Guaçu, São Paulo, Brasil Sylvamo Corporation Tempo inteiro

    Supply Chain & Manufacturing Application Services - IT Business ConsultantJob DescriptionPosted Thursday, July 24, 2025 at 5:00 AM | Expires Thursday, August 7, 2025 at 4:59 AMAt Sylvamo, we're a team on a mission. Joining us, you'll be helping to sustain forests and renew ecosystems, while delivering on the promise of paper to educate, communicate and...

  • Senior Application Security Engineer

    3 semanas atrás

    Rio das Ostras, Brasil Rain Tempo inteiro

    Overview Rain is the fastest-growing earned wage access (EWA) fintech in the U.S., serving 3.5 million employees and backed by top investors like QED and Prosus. We have raised nearly $400M in funding—including the largest Series A in fintech history—and just closed our Series B to fuel our next stage of hypergrowth. We are seeking a skilled and driven...

  • IT Compliance

    2 semanas atrás

    Mogi Guaçu, Brasil Sylvamo Corporation Tempo inteiro

    IT Compliance & Application Security ManagerJob DescriptionPosted Thursday, July 17, 2025 at 5:00 AM | Expires Wednesday, July 30, 2025 at 4:59 AM At Sylvamo, we’re a team on a mission. Joining us, you’ll be helping to sustain forests and renew ecosystems, while delivering on the promise of paper to educate, communicate and entertain the world. Come grow...

  • IT Compliance

    2 semanas atrás

    Mogi Guaçu, Brasil Sylvamo Corporation Tempo inteiro

    IT Compliance & Application Security Manager Job Description Posted Thursday, July 17, 2025 at 5:00 AM | Expires Wednesday, July 30, 2025 at 4:59 AM At Sylvamo, we’re a team on a mission. Joining us, you’ll be helping to sustain forests and renew ecosystems, while delivering on the promise of paper to educate, communicate and entertain the world. Come...

  • Senior React Engineer

    Há 6 dias

    Ribeirão das Neves, Brasil Sware Tempo inteiro

    Senior React EngineerWe are seeking a highly skilled Senior React Engineer to focus on building modern, scalable, and high-performance web applications. This role emphasizes frontend engineering with React, ensuring seamless user experiences, responsive design, and tight integration with backend APIs. You'll be expected to write clean, maintainable code,...

  • Senior data engineer

    Há 22 horas

    Mogi Guaçu, Brasil Netvagas Tempo inteiro

    Overview 2 days ago Be among the first 25 applicants Venha desempenhar o seu melhor papel com uma equipe de profissionais que sempre fazem as coisas certas, do jeito certo e pelas razões certas. Pronto para se juntar à nossa equipe? Modelo de trabalho: Híbrido What You Will Need Bachelors or Masters degree in Data Engineering, Computer Science or a...

  • Subchefe De Máquinas/ Second Engineer

    1 semana atrás

    Rio das Ostras, Brasil Fugro Tempo inteiro

    Job DescriptionExecutes planned maintenance or repairs to all systems, equipment, machinery etc..When standing watch or when in charge of other work the 2/E supervises, executes leadership, transfers knowledge or trains personnel assigned to that work.In charge of the engine room, associated and mission machinery spaces.Provides support in areas such as...

  • Especialista De Segurança Da Informação

    2 semanas atrás

    Mogi das Cruzes, Brasil Simpar Tempo inteiro

    Sólido conhecimento em protocolos de rede (TCP/IP, DNS, DHCP, HTTP/S, etc.).Experiência com configuração e segurança de equipamentos de rede: firewalls (Fortinet, Palo Alto, Cisco ASA), switches, roteadores e balanceadores.Conhecimento em redes locais (LAN), redes de longa distância (WAN), VPNs e redes sem fio seguras.Experiência com ferramentas de...

  • Subchefe De Máquinas/ Second Engineer

    Há 6 dias

    Rio das Ostras, Brasil Fugro Tempo inteiro

    Executes planned maintenance or repairs to all systems, equipment, machinery etc..When standing watch or when in charge of other work the 2/E supervises, executes leadership, transfers knowledge or trains personnel assigned to that work.In charge of the engine room, associated and mission machinery spaces.Provides support in areas such as production,...

  • Subchefe de Máquinas/ Second Engineer

    2 semanas atrás

    Rio das Ostras, Brasil Fugro Tempo inteiro R$90.000 - R$120.000 por ano

    Executes planned maintenance or repairs to all systems, equipment, machinery etc.. When standing watch or when in charge of other work the 2/E supervises, executes leadership, transfers knowledge or trains personnel assigned to that work. In charge of the engine room, associated and mission machinery spaces.Provides support in areas such as production,...

  • Experienced Recruiter For The Swedish It Industry

    2 semanas atrás

    Rio Das Ostras, Brasil Nexer Telescope Tempo inteiro

    OverviewExperienced Recruiter For The Swedish IT Industry – join Nexer Telescope to apply for this role. Sweden needs skilled engineers. About 30,000 of them by 2030, according to the Swedish Statistical Central Bureau. We have ~200 open positions for Software Engineers with our clients in Sweden. You will help us find engineers and inform them about the...