Senior Application Security Engineer

3 semanas atrás


Porto Alegre, Rio Grande do Sul, Brasil Rain Tempo inteiro
Overview

Senior Application Security Engineer at Rain

Rain is the fastest-growing earned wage access (EWA) fintech in the U.S., serving 3.5 million employees and backed by top investors like QED and Prosus. We have raised nearly $400M in funding—including the largest Series A in fintech history—and recently closed our Series B to fuel our next stage of hypergrowth. This role is focused on secure software development, cloud-native defense, and collaboration with engineering, Cloud Security, and GRC teams to improve Rain's application and platform security posture.

The position is technically hands-on, engaging in application-layer security matters and reviews while contributing to cloud security automation, awareness initiatives, and secure engineering practices across the SDLC.

Key Responsibilities
  • Collaborate with development squads to validate vulnerabilities and provide actionable remediation guidance aligned with business risk.
  • Drive threat modeling sessions (e.g., STRIDE, PASTA) for critical systems and APIs.
  • Design, implement, and oversee automated processes for securely updating application and code dependencies, proactively mitigating issues and ensuring timely vulnerability remediation.
  • Integrate security checks into CI/CD pipelines (SAST, DAST, SCA, IaC) using tools like Semgrep, Snyk, Trivy, and Burp Suite.
  • Contribute to runtime security initiatives, such as container/Kubernetes hardening, RASP, and eBPF-based detection.
  • Build and maintain a security issues dashboard to track remediation status and metrics.
  • Provide real-time support in cybersecurity incidents impacting applications or cloud infrastructure.
  • Partner with the Cloud Security team on security automation tasks and monitoring improvements (e.g., Security Hub remediations, DLP monitoring).
  • Conduct proactive research on new threats and attack techniques relevant to Rain's architecture.
  • Collaborate with the GRC team to develop and deliver internal security awareness initiatives, phishing campaigns, and developer training (secure coding, API security).
  • Participate in the continuous improvement of AppSec maturity (e.g., alignment with OWASP SAMM, ISO 27001, or SOC 2).
Required Qualifications
  • Fluent English with strong verbal and written skills.
  • Strong problem-solving and analytical mindset.
  • Excellent communication skills to convey security risks to technical and non-technical stakeholders.
  • 3–5+ years of experience in application security, penetration testing roles, and/or secure code development, including work with QA teams.
  • Hands-on experience with SAST, DAST, and SCA tools (e.g., Semgrep, Burp, Snyk).
  • Deep understanding of web, mobile, and API vulnerabilities (OWASP Top 10, API Top 10, MITRE CWE).
  • Proven expertise in performing code reviews or security assessments and writing clear reports.
  • Proficiency in at least one backend language (e.g., Go, Python, Node.js) and understanding of React/React Native front-ends.
  • Familiarity with secure architectures of microservices, event-driven systems, and REST APIs using OAuth2/OpenID Connect.
  • Experience securing CI/CD pipelines and integrating AppSec tooling into SDLC.
  • Solid knowledge of containerization and Kubernetes security fundamentals.
  • Understanding of cloud security (preferably AWS), including IAM principles, cloud-native service configurations, and network segmentation.
  • Comfortable with Agile development methodologies and cross-functional squads.
  • Software supply chain security (e.g., SBOM, artifact signing).
Preferred Qualifications
  • Certifications such as OSCP, OSWE, GWAPT, CPTE, or CSSLP.
  • AWS, GCP, or Azure Security Specialty certification.
  • Familiarity with bug bounty triage and vulnerability management platforms (e.g., DefectDojo).
  • Experience implementing RASP or eBPF runtime protection tools.
  • Exposure to LLM/AI security considerations and secure code generation practices.
  • Familiarity with logging and monitoring tools (e.g., CloudWatch, Datadog, Grafana).
Who We Are

Rain is a diverse, mission-driven team that owns what we do and uses data to guide actions while adapting to challenges. Rain is committed to Equal Employment Opportunity and does not discriminate based on race, religion, color, national origin, ethnicity, gender, sex (including pregnancy), protected veteran status, age, disability, sexual orientation, gender identity, gender expression, or any unlawful criterion under applicable laws. If you need assistance or accommodation due to a disability, you may contact us at ******.

#J-18808-Ljbffr

  • Porto Alegre, Rio Grande do Sul, Brasil Varsity Tutors, a Nerdy Company Tempo inteiro

    Overview We are seeking an experienced Application Security Engineer to serve as a trusted partner to our software development teams. This role focuses on making our product secure by design—embedding security into how software is architected, written, deployed, and maintained. Unlike infrastructure security roles, this position centers on...


  • Porto Alegre, Rio Grande do Sul, Brasil Varsity Tutors LLC Tempo inteiro

    Overview We are seeking an experienced Application Security Engineer to serve as a trusted partner to our software development teams. This role focuses on making our product secure by design—embedding security into how software is architected, written, deployed, and maintained. Unlike infrastructure security roles, this position centers on...


  • Porto Alegre, Rio Grande do Sul, Brasil WEX Tempo inteiro

    Join to apply for the Information Security Engineer - IAM role at WEXJoin to apply for the Information Security Engineer - IAM role at WEXAbout The Team/RoleWe are the WEX Identity Protection Team, tasked with deploying and managing security IAM technologies and procedures across the enterprise. We work closely with internal teams and clients to ensure the...


  • Porto Alegre, Rio Grande do Sul, Brasil Canonical Tempo inteiro

    OverviewWe have opened several senior/staff Security Operations Engineer (SOC) positions, creating a new team reporting to the CISO. We are looking for a range of experience in these positions. At the high end, we seek deep experience defending highly contested critical assets and high-value cyber targets against advanced persistent threats and state-level...


  • Porto Alegre, Rio Grande do Sul, Brasil Canonical Tempo inteiro

    Overview We have opened several senior/staff Security Operations Engineer (SOC) positions, creating a new team reporting to the CISO. We are looking for a range of experience in these positions. At the high end, we seek deep experience defending highly contested critical assets and high-value cyber targets against advanced persistent threats and state-level...

  • Ubuntu Security Engineer

    4 semanas atrás


    Porto Alegre, Rio Grande do Sul, Brasil Canonical Tempo inteiro

    Join or sign in to find your next job Join to apply for the Ubuntu Security Engineer role at Canonical 3 days ago Be among the first 25 applicants Join to apply for the Ubuntu Security Engineer role at Canonical Canonical is a leading provider of open source software and operating systems to the global enterprise and technology markets. Our platform,...

  • Security Software Engineer

    4 semanas atrás


    Porto Alegre, Rio Grande do Sul, Brasil Canonical Tempo inteiro

    Join or sign in to find your next job Join to apply for the Security Software Engineer role at Canonical 1 week ago Be among the first 25 applicants Join to apply for the Security Software Engineer role at Canonical Get AI-powered advice on this job and more exclusive features. Canonical is a leading provider of open source software and operating...

  • Security Engineer

    4 semanas atrás


    Porto Alegre, Rio Grande do Sul, Brasil Varsity Tutors, a Nerdy Company Tempo inteiro

    Overview You are an AI-powered Security Engineer responsible for identifying and responding to malicious or suspicious activity across our environment with speed and confidence. This role leads the engineering work behind these capabilities—designing scalable systems to detect threats and trigger automated responses. You will integrate AI into detection...


  • Porto Alegre, Rio Grande do Sul, Brasil Canonical Tempo inteiro

    Overview Join to apply for the Staff Security Operations Engineer role at Canonical . We have opened several senior/staff Security Operations Engineer (SOC) positions, creating a new team reporting to the CISO. We are looking for a range of experience in these positions; at the high end we are seeking deep experience defending highly contested critical...

  • Senior Software Engineer

    4 semanas atrás


    Porto Alegre, Rio Grande do Sul, Brasil Azion Tempo inteiro

    Join to apply for the Senior Software Engineer (Go) role at Azion3 days ago Be among the first 25 applicantsJoin to apply for the Senior Software Engineer (Go) role at AzionAbout AzionWe are a global leader in the application and security industry. Our platform allows companies to operate with agility, reducing latency and increasing the reliability of their...