
Senior Application Security Engineer
Há 5 dias
Rain is the fastest-growing earned wage access (EWA) fintech in the U.S., serving 3.5 million employees and backed by top investors like QED and Prosus. We are seeking a skilled and driven Senior Application Security Engineer to join Rain's growing Security team. This role is technically grounded and requires direct engagement in application-layer matters and security reviews, while contributing to cloud security automation, awareness initiatives, and secure engineering practices across the SDLC. You will partner closely with engineering and development squads, and work alongside our Cloud Security and GRC teams to improve Rain's application and platform security posture.
Responsibilities- Collaborate with development squads to validate vulnerabilities and provide actionable remediation guidance aligned with business risk.
- Drive threat modeling sessions (e.g., STRIDE, PASTA) for critical systems and APIs.
- Design, implement, and oversee automated processes for securely updating application and code dependencies, proactively mitigating issues and ensuring timely vulnerability remediation.
- Integrate security checks into CI/CD pipelines (SAST, DAST, SCA, IaC) with tools like Semgrep, Snyk, Trivy, and Burp Suite.
- Contribute to runtime security initiatives, such as container/Kubernetes hardening, RASP, and eBPF-based detection.
- Build and maintain a security issues dashboard to track remediation status and metrics.
- Provide real-time support during cybersecurity incidents impacting applications or cloud infrastructure.
- Partner with the Cloud Security team on security automation tasks and monitoring improvements (e.g., Security Hub remediation automations, DLP monitoring).
- Conduct proactive research on new threats, vulnerabilities, and attack techniques relevant to Rain's architecture.
- Collaborate with the GRC team to develop and deliver internal security awareness initiatives, phishing campaigns, and developer training (e.g., secure coding, API security).
- Participate in continuous improvement of AppSec maturity (e.g., OWASP SAMM, ISO 27001, or SOC 2).
- Fluent English, with strong verbal and written skills.
- Strong problem-solving and analytical mindset.
- Excellent communication skills to convey security risks to technical and non-technical stakeholders.
- 3–5+ years of experience in application security, penetration testing, and/or secure code development, including work with QA teams.
- Hands-on experience with SAST, DAST, and SCA tools (e.g., Semgrep, Burp, Snyk).
- Deep understanding of web, mobile, and API vulnerabilities (OWASP Top 10, API Top 10, MITRE CWE).
- Proven expertise in performing code reviews or security assessments and writing clear reports.
- Proficiency in at least one backend language (e.g., Go, Python, Node.js) and understanding of React/React Native front-ends.
- Familiarity with secure architecture of microservices, event-driven systems, and REST APIs using OAuth2/OpenID Connect.
- Experience securing CI/CD pipelines and integrating AppSec tooling into the SDLC.
- Solid knowledge of containerization and Kubernetes security fundamentals.
- Understanding of cloud security (preferably AWS), including IAM principles, cloud-native service configurations, and network segmentation.
- Comfortable with Agile development methodologies and cross-functional squads.
- Software supply chain security (e.g., SBOM, artifact signing).
- Certifications such as OSCP, OSWE, GWAPT, CPTE, or CSSLP.
- AWS, GCP, or Azure Security Specialty certification.
- Familiarity with bug bounty triage and vulnerability management platforms (e.g., DefectDojo).
- Experience implementing RASP or eBPF runtime protection tools.
- Exposure to LLM/AI security considerations and secure code generation practices.
- Familiarity with logging and monitoring tools (e.g., CloudWatch, Datadog, Grafana).
Rain is filled with people who are passionate about our mission, embrace diversity, and grow personally and professionally. We own what we do and let data guide our actions while working quickly and adapting to new challenges every day. Rain is committed to Equal Employment Opportunity and does not discriminate based on race, religion, color, national origin, ethnicity, gender, sex (including pregnancy), protected veteran status, age, disability, sexual orientation, gender identity, gender expression, or any unlawful criterion under applicable laws. If you need assistance or accommodation due to a disability, you may contact us at ******.
Seniority levelMid-Senior level
Employment typeFull-time
Job functionInformation Technology
Referrals increase your chances of interviewing at Rain by 2x.
Get notified about new Senior Application Security Engineer jobs in Salvador, Bahia, Brazil.
#J-18808-Ljbffr-
Senior Application Security Engineer
3 semanas atrás
Salvador, Bahia, Brasil Rain Tempo inteiroOverview Rain is the fastest-growing earned wage access (EWA) fintech in the U.S., serving 3.5 million employees and backed by top investors like QED and Prosus. We are seeking a skilled and driven Senior Application Security Engineer to join Rain's growing Security team. This role is technically grounded and requires direct engagement in application-layer...
-
Senior Application Security Engineer
2 semanas atrás
Salvador, Brasil Rain Tempo inteiroOverviewJoin to apply for the Senior Application Security Engineer role at Rain.Rain is the fastest-growing earned wage access (EWA) fintech in the U.S., serving 3.5 million employees and backed by top investors like QED and Prosus.We\'ve raised nearly $400M in funding—including the largest Series A in fintech history—and just closed our Series B to fuel...
-
Senior Offensive Security Analyst
3 semanas atrás
Salvador, Bahia, Brasil Conviso Application Security Tempo inteiroVis e3o geral Transforme o futuro da seguran e7a de aplica e7 f5es com a Conviso Nosso prop f3sito 6ita;empoderar pessoas desenvolvedoras para constru e7 f5es seguras, ajudando empresas a alcançar maior maturidade em desenvolvimento seguro, mitigar riscos e proteger o que importa: seus neg f3cios. Somos movidos pela inovac e3o, investindo em pesquisa e...
-
Information Security Engineer
Há 3 dias
San Salvador Barrio, Brasil WEX Tempo inteiro R$80.000 - R$160.000 por anoAbout The Team/RoleWe are the WEX Identity Protection Team, tasked with deploying and managing security IAM technologies and procedures across the enterprise. We work closely with internal teams and clients to ensure the company functions securely. Our team maintains a high standard and collaborates closely to foster robust, dependable, and efficient...
-
Application Support Engineer
2 semanas atrás
Salvador, Brasil HCLTech Tempo inteiroJob Summary: We are seeking a talented Application Support Engineer to join our team. This is an exciting opportunity for a motivated and skilled individual to provide technical and functional support for business-critical applications. Key Responsibilities: Provide level 2/3 support for applications including LIMS, EHS-INTELEX, DIMEP, MATICS, ST-One, and...
-
Senior Backend Engineer
2 semanas atrás
Salvador, Brasil Sphise Tempo inteiroSenior Backend Engineer (PHP/Laravel) Location: Brazil (Remote) Our trusted high-growth healthcare technology partner is seeking a talented Senior Backend Engineer (PHP/Laravel) to join their dynamic team. This innovative company is dedicated to revolutionizing the healthcare industry through cutting-edge technology solutions. Position Overview: As a...
-
Part-Time Security Engineer
Há 5 dias
Salvador, Brasil Fullstack Labs Tempo inteiroPart-time Security Engineer - Remote - Latin AmericaJoin to apply for the Part-time Security Engineer - Remote - Latin America role at FullStack LabsOverviewPart-time Security Engineer - Remote - Latin AmericaAbout FullStackFullStack is the most transparent IT talent network, connecting highly skilled individuals with top global companies and Silicon Valley...
-
Application Support Engineer
2 semanas atrás
Salvador, Brasil HCLTech Tempo inteiroThe Application Support Engineer will provide technical and functional support for a portfolio of business-critical applications, including maintenance, quality, EHS, production monitoring, IoT integration, and access control systems. The role requires troubleshooting, user support, system monitoring, and collaboration with vendors and internal teams to...
-
Senior Software Engineer
Há 13 horas
Salvador, Brasil Nearshore Business Solutions Tempo inteiroOverview Job Title: Senior Software Engineer Location: Remote – Latin America Preferred Type of Contract: Full-Time Salary Range: 3,500 - 4,500 USD/Month Language Requirements: English (professional proficiency) We are seeking a skilled Senior Software Engineer with expertise in TypeScript, Node.js, and React to join our growing team. You will play a...
-
Senior Network Engineer
3 semanas atrás
Salvador, Bahia, Brasil Acronis Tempo inteiroJoin to apply for the Senior Network Engineer role at Acronis 3 days ago Be among the first 25 applicants Join to apply for the Senior Network Engineer role at Acronis Get AI-powered advice on this job and more exclusive features. Direct message the job poster from Acronis Global TA @ Acronis | HR & Talent Strategy | Talent Coaching | Social Media...