
Senior Application Security Engineer
2 semanas atrás
Overview
Rain is the fastest-growing earned wage access (EWA) fintech in the U.S., serving 3.5 million employees and backed by top investors like QED and Prosus.
We\'ve raised nearly $400M in funding—including the largest Series A in fintech history—and just closed our Series B to fuel our next stage of hypergrowth.
We are seeking a skilled and driven Senior Application Security Engineer to join Rain\'s growing Security team.
This role demands a proactive approach to secure software development and cloud-native defense.
You will partner closely with engineering and development squads, and work alongside our Cloud Security and GRC team members to improve Rain\'s application and platform security posture.
This position is technically grounded, requiring direct engagement in application-layer matters and security reviews, while also contributing to cloud security automation, awareness initiatives, and secure engineering practices across the SDLC.
Responsibilities- Collaborate with development squads to validate vulnerabilities and provide actionable remediation guidance aligned with business risk.
- Drive threat modeling sessions (e.g., STRIDE, PASTA) for critical systems and APIs.
- Design, implement, and oversee automated processes for securely updating application and code dependencies, proactively mitigating issues and ensuring timely vulnerability remediation.
- Integrate security checks into CI/CD pipelines (SAST, DAST, SCA, IaC), working with tools like Semgrep, Snyk, Trivy, and Burp Suite.
- Contribute to runtime security initiatives, such as container/Kubernetes hardening, RASP, and eBPF-based detection.
- Build and maintain a security issues dashboard to track remediation status and metrics.
- Provide real-time support in the event of cybersecurity incidents impacting applications or cloud infrastructure (exploited vulnerabilities, credential stuffing, web/API attacks).
- Partner with the Cloud Security team on security automation tasks and monitoring improvements (e.g., Security Hub remediation automations, DLP monitoring, etc.).
- Conduct proactive research on new threats, vulnerabilities, and attack techniques relevant to Rain\'s architecture.
- Collaborate with the GRC team to develop and deliver internal security awareness initiatives, phishing campaigns, and developer training (e.g., secure coding, API security).
- Participate in the continuous improvement of AppSec maturity (e.g., aligning with OWASP SAMM, ISO 27001, or SOC 2 frameworks).
- Fluent English, including strong verbal and written skills.
- Strong problem-solving and analytical mindset.
- Excellent communication skills to convey security risks to technical and non-technical stakeholders.
- 3–5+ years of experience in application security, penetration testing roles, and/or secure code development, including work with QA teams.
- Hands-on experience with SAST, DAST, and SCA tools (e.g., Semgrep, Burp, Snyk).
- Deep understanding of web, mobile, and API vulnerabilities (OWASP Top 10, API Top 10, MITRE CWE).
- Proven expertise in performing code review or security assessments and writing clear reports.
- Proficiency in at least one backend language (e.g., Go, Python, Node.js) and understanding of React/React Native front-ends.
- Familiarity with secure architecture of microservices, event-driven systems, and REST APIs using OAuth2/OpenID Connect.
- Experience securing CI/CD pipelines and integrating AppSec tooling into SDLC.
- Solid knowledge of containerization and Kubernetes security fundamentals.
- Understanding of cloud security (preferably AWS), including IAM principles, cloud-native service configurations, and network segmentation.
- Comfortable with Agile development methodologies and working within cross-functional squads.
- Software supply chain security (e.g., SBOM, artifact signing).
- Certifications such as OSCP, OSWE, GWAPT, CPTE, or CSSLP.
- AWS, GCP, or Azure Security Specialty certification.
- Familiarity with bug bounty triage and vulnerability management platforms (e.g., DefectDojo).
- Experience implementing RASP or eBPF runtime protection tools.
- Exposure to LLM/AI security considerations and secure code generation practices.
- Familiarity with logging and monitoring tools (e.g., CloudWatch, Datadog, Grafana).
Rain is filled with people with a deeply rooted passion for our mission, who embrace diversity throughout our global team, and grow personally and professionally.
We own what we do and let data guide our actions while working quickly and adapting to new challenges everyday.
As part of our dedication to the diversity of our workforce, Rain is committed to Equal Employment Opportunity and does not discriminate based on race, religion, color, national origin, ethnicity, gender, sex (including pregnancy), protected veteran status, age, disability, sexual orientation, gender identity, gender expression, or any unlawful criterion existing under applicable federal, state, or local laws.
If you need assistance or accommodation due to a disability, you may contact us at ******.
#J-18808-Ljbffr-
Ubuntu Security Engineer
3 semanas atrás
Londrina, Brasil Canonical Tempo inteiroJoin to apply for the Ubuntu Security Engineer role at Canonical 3 days ago Be among the first 25 applicants Join to apply for the Ubuntu Security Engineer role at Canonical Canonical is a leading provider of open source software and operating systems to the global enterprise and technology markets. Our platform, Ubuntu, is very widely used in...
-
Senior Devops Engineer
Há 5 dias
Londrina, Brasil Wizdaa Tempo inteiroRole OverviewLead development of internal Kubernetes platform enabling scalable application deployment through GitOps.Engineer solutions for deployment complexity, database migrations, multi-environment management, and developer productivity.Drive DevOps practices including CI/CD automation, infrastructure operations, system reliability, and cross-team...
-
Senior/Staff/Principal Engineer
3 semanas atrás
Londrina, Brasil Canonical Tempo inteiroJoin or sign in to find your next job Join to apply for the Senior/Staff/Principal Engineer role at Canonical 3 days ago Be among the first 25 applicants Join to apply for the Senior/Staff/Principal Engineer role at Canonical Canonical is a leading provider of open source software and operating systems to the global enterprise and technology markets....
-
Senior/Staff/Principal Engineer
3 semanas atrás
Londrina, Brasil Canonical Tempo inteiroJoin or sign in to find your next job Join to apply for the Senior/Staff/Principal Engineer role at Canonical 3 days ago Be among the first 25 applicants Join to apply for the Senior/Staff/Principal Engineer role at Canonical Get AI-powered advice on this job and more exclusive features. Canonical is a leading provider of open source software and...
-
Senior Software Engineer
3 semanas atrás
Londrina, Brasil dLocal Tempo inteiroSenior Software Engineer - Payouts Integration Join to apply for the Senior Software Engineer - Payouts Integration role at dLocal Senior Software Engineer - Payouts Integration 1 day ago Be among the first 25 applicants Join to apply for the Senior Software Engineer - Payouts Integration role at dLocal Why should you join dLocal?dLocal enables the...
-
Senior Infrastructure
2 semanas atrás
Londrina, Brasil BairesDev Tempo inteiroOverviewJoin to apply for the Senior Infrastructure & Cloud Engineer - Remote Work role at BairesDev . At BairesDev, we've been leading technology projects for over 15 years, delivering solutions to Google and innovative startups in Silicon Valley. Our diverse 4,000+ team, composed of the world's Top 1% tech talent, works remotely on roles that...
-
Senior Site Reliability Engineer
3 semanas atrás
Londrina, Brasil Canonical Tempo inteiroCanonical is a leading provider of open source software and operating systems to the global enterprise and technology markets. Our platform, Ubuntu, is widely used in breakthrough enterprise initiatives such as public cloud, data science, AI, engineering innovation and IoT. Our customers include the world's leading public cloud and silicon providers, and...
-
Senior Security Architect 2
2 semanas atrás
Londrina, Brasil Mitchell Tempo inteiroOverview At Enlyte, we combine innovative technology, clinical expertise, and human compassion to help people recover after workplace injuries or auto accidents. We support their journey back to health and wellness through our industry-leading solutions and services. Whether you're supporting a Fortune 500 client or a local business, developing cutting-edge...
-
Senior Data Engineer
Há 10 horas
Londrina, Brasil Nearform Tempo inteiroOverview Senior Data Engineer (Contract, Brazil, Remote) – contract full-time remote position for those based in Brazil. The initial contract is for 6 months, with strong potential for extension. Nearform is an independent team of engineers, designers, data experts and strategists who build intelligent digital solutions and capability at pace. Nearform...
-
Senior Full Stack Frontend Engineer
Há 11 horas
Londrina, Brasil AlfaDocs.com Tempo inteiroSenior Full Stack Frontend Engineer (React + PHP) AlfaDocs, we're on a mission to transform healthcare. Our software platform makes the daily lives of medical practices and patients easier by streamlining practice management and patient relationships. With our all-in-one, cloud-based solution, healthcare professionals can focus more on care and less on...