Application Security Engineer

Há 2 dias


Rio de Janeiro, Rio de Janeiro, Brasil Varsity Tutors, a Nerdy Company Tempo inteiro

Join to apply for the Application Security Engineer role at Varsity Tutors, a Nerdy Company

Overview

We are seeking an experienced Application Security Engineer to serve as a trusted partner to our software development teams. This role focuses on making our product secure by design—embedding security into how software is architected, written, deployed, and maintained. Unlike infrastructure security roles, this position centers on application-layer and code-level security, working closely with developers to enable fast, confident delivery by providing meaningful, actionable security tooling and feedback. This includes leveraging modern AI-assisted techniques to accelerate vulnerability analysis, exploit chaining, and demonstration of actual risk. You will ensure engineering teams move faster—not slower—while minimizing noise. This role is part of the IT & Security team and prioritizes embedding guardrails into developer workflows rather than enforcement gates.

About Nerdy

At Nerdy (NYSE: NRDY) - the company behind Varsity Tutors - we're redrawing the blueprint of learning. Our Live + AI platform fuses real-time human expertise with proprietary generative-AI systems, setting a new bar for measurable academic impact at global scale. We recruit the kind of technologists and operators you'd bet on as solo founders - people who turn ambiguous problems into shipping code, iterate faster than markets move, and compound their advantage with every data point. In an era where great employees can deliver 10-times the leverage of the merely good, we back those who play to win.

Fortune favors the bold. Join us.

How we compete
  • AI-Native at every level From the CEO to day-one hires, everyone builds and ships with generative AI. If you're not wielding AI, you're not done.
  • Entrepreneurial velocity Move at founder speed, prototype in hours, and measure in real user outcomes. Slow teams die.
  • Free-market rigor Ideas rise or fall on merit and results - no committees, no politics, no cap on upside.
  • Full-stack ownership You design, build, and run what you ship; accountability is a feature, not a bug.
  • Reward for contribution Pay rises with impact, not years. Outstanding results earn outsized rewards. We evaluate both what you achieve and how you achieve it: living our leadership principles and using AI effectively are formally measured and rewarded.
  • Relentless exploration Push the frontier of generative AI in live learning and - because only the paranoid survive - questioning every legacy assumption along the way.
  • Is Apolitical You stay focused on mission-aligned outcomes, not distractions or unrelated causes.

If you're a technically minded builder who thrives on open competition, personal responsibility, and the chance to redefine how the world learns - while continually stretching the limits of what generative AI can do - come do the most ambitious and rewarding work of your career here. Learn more at nerdy.com.

Nerdy's shareholder letters

Nerdy's shareholder letters below explain our latest products and strategy:

  • Q2-2025 Shareholder Letter
  • Q1-2025 Shareholder Letter
  • Q4-2024 Shareholder Letter
Qualifications Required
  • Experience as an Application Security Engineer, Security Consultant, or Security-focused Software Engineer.
  • Strong understanding of secure coding practices and common vulnerability patterns.
  • Ability to apply common web application attack techniques and create proof-of-concept exploits to validate whether vulnerabilities are exploitable in our environment.
  • Proven ability to analyze exploit chains and demonstrate actual risk, leveraging AI to accelerate discovery and validation.
  • Hands-on experience integrating security tooling into CI/CD pipelines.
  • Familiarity with Ruby, Go, JavaScript/React, and related frameworks.
  • Deep familiarity with OWASP guidance, including the OWASP Top 10, ASVS, and Secure Coding Guidelines.
  • Partner with DevOps to embed application security into CI/CD pipeline design and practices.
  • Ability to assess and communicate application risk in architectural and business context.
  • Comfortable demonstrating real-world exploits to technical and non-technical stakeholders.
  • Excellent written and verbal communication skills in an async-first, remote environment.
Preferred
  • Experience leveraging and adapting open-source tools and frameworks for application security testing and validation.
  • Experience with API security testing and continuous monitoring, leveraging AI for fuzzing, intelligent input generation, and automated discovery.
  • Experience building or maintaining secure development training programs.
  • Security certifications (OSWE, OSCP, GIAC) are a plus but not required.
Responsibilities
  • Enable engineering teams to move quickly while embedding security into development workflows—security and speed go hand-in-hand.
  • Partner with engineering on secure use of AI services, evaluating controls such as AI gateways, prompt inspection, and policy enforcement.
  • Identify, prioritize, and implement security tooling in developer environments and CI/CD pipelines, with AI-assisted triage to reduce noise and highlight exploitable risks.
  • Collaborate with developers to identify vulnerabilities in code, APIs, and dependencies; improve secure coding awareness; and participate in design reviews and threat modeling.
  • Demonstrate practical exploit techniques to raise security awareness and drive remediation, including chaining multiple weaknesses across services to illustrate end-to-end risk.
  • Analyze vulnerabilities across code, dependencies, APIs, and logic, with AI-assisted techniques to identify and prioritize exploit chains.
  • Build or adapt automation scripts and tools for continuous security validation, using AI copilots to accelerate script generation and validation.
  • Provide coaching, documentation, and embedded training to help developers understand and apply security guidance within their workflows.
  • Continuously evaluate emerging AI and application security threats and detection techniques.
  • Lead incident response activities as part of the incident commander rotation.
  • Drive continuous improvement of incident response runbooks and playbooks.
The Bottom Line

If you're driven by impact, energized by ownership, and excited to help shape what's next, you'll thrive here. We move fast, think big, and reward those who deliver. This isn't a traditional corporate environment - it's a place to do the most meaningful work of your career.

Seniority level
  • Mid-Senior level
Employment type
  • Contract
Job function
  • Information Technology
Industries
  • Technology, Information and Internet

Referrals increase your chances of interviewing at Varsity Tutors, a Nerdy Company by 2x

Get notified about new Application Security Engineer jobs in Greater Rio de Janeiro .

We're unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

#J-18808-Ljbffr

  • Rio de Janeiro, Rio de Janeiro, Brasil Rain Tempo inteiro

    Rain is the fastest-growing earned wage access (EWA) fintech in the U.S., serving 3.5 million employees and backed by top investors like QED and Prosus. We've raised nearly $400M in funding—including the largest Series A in fintech history—and just closed our Series B to fuel our next stage of hypergrowth.We are seeking a skilled and driven Senior...


  • Rio de Janeiro, Rio de Janeiro, Brasil RecargaPay Tempo inteiro

    Come Make an Impact on Millions of BraziliansAt RecargaPay, we're on a mission to deliver the best payment experience for Brazilian consumers and small businesses — by building a powerful digital ecosystem where the banked and unbanked connect, and where consumers and merchants have a one-stop shop for all their financial needs.We serve over 10 million...


  • Rio de Janeiro, Rio de Janeiro, Brasil VTRAC Consulting Corporation (WBE) Tempo inteiro

    VTRAC Consulting Corporation Intelligent SolutionsThank you for applying to VTRAC opportunities. Please e-mail your resume as an MS-WORD document in confidence Subject: URGENT - Application Engineer (Java, XML) (CONTRACT, Remote-Brazil), Attention: , (508) 905-6468.Position #: 251188Position: URGENT - Application Engineer (Java, XML) (CONTRACT,...


  • Rio de Janeiro, Rio de Janeiro, Brasil beBeeSecurity Tempo inteiro US$90.000 - US$105.000

    Secure Our ApplicationsAs a dedicated and experienced Senior Application Security Engineer, you will safeguard our applications from potential threats and vulnerabilities. You will work with a dynamic group of professionals supporting our global business across 5 continents.The primary goal is to develop and implement effective security measures to prevent...


  • Rio de Janeiro, Rio de Janeiro, Brasil InComm Payments Tempo inteiro

    OverviewWhen you think of InComm Payments, think of Innovative Payments Technology. We were founded over 30 years ago and continue to be a pioneer in the payment (FinTech) industry. Since our inception, we have grown to be a team of over 3,000 employees in 35 countries around the world. We own over 400 global technical patents and a network that includes...


  • Rio de Janeiro, Rio de Janeiro, Brasil VTRAC Consulting Corporation (WBE) Tempo inteiro

    VTRAC Consulting Corporation Intelligent SolutionsThank you for applying to VTRAC opportunities. Please e-mail your resume as an MS-WORD document in confidence. Subject: URGENT – FullStack Application Engineer (Angular, Java, UML) (Remote-Brazil), Attention: , .Position #: Position: URGENT – FullStack Application Engineer (Angular, Java, UML)...


  • Rio de Janeiro, Rio de Janeiro, Brasil VTRAC Consulting Corporation (WBE) Tempo inteiro

    VTRAC Consulting Corporation Intelligent SolutionsThank you for applying to VTRAC opportunities. Please e-mail your resume as an MS-WORD document in confidence. Subject: URGENT – FullStack Application Engineer (Angular, Java, UML) (Remote-Brazil), Attention: , (508) 905-6468.Position #: 251190Position: URGENT – FullStack Application Engineer (Angular,...


  • Rio de Janeiro, Rio de Janeiro, Brasil beBeeApplicationSecurityEngineer Tempo inteiro US$120.000 - US$150.000

    Job DescriptionWe are seeking a skilled and driven Senior Application Security Engineer to join our growing Security team. This role demands a proactive approach to secure software development and cloud-native defense.You will partner closely with engineering and development squads, and work alongside our Cloud Security and GRC team members to improve our...

  • DevOps Engineer ID38563

    3 semanas atrás


    Rio de Janeiro, Rio de Janeiro, Brasil AgileEngine Tempo inteiro

    Join to apply for the DevOps Engineer ID38563 ($3,000 signing bonus) role at AgileEngine3 weeks ago Be among the first 25 applicantsJoin to apply for the DevOps Engineer ID38563 ($3,000 signing bonus) role at AgileEngineGet AI-powered advice on this job and more exclusive features.AgileEngine is an Inc. 5000 company that creates award-winning software for...

  • DevOps Engineer ID38563

    2 semanas atrás


    Rio de Janeiro, Rio de Janeiro, Brasil AgileEngine Tempo inteiro

    Join to apply for the DevOps Engineer ID38563 ($3,000 signing bonus) role at AgileEngine 3 weeks ago Be among the first 25 applicants Join to apply for the DevOps Engineer ID38563 ($3,000 signing bonus) role at AgileEngine Get AI-powered advice on this job and more exclusive features. AgileEngine is an Inc. 5000 company that creates award-winning...