Senior Application Security Engineer

4 semanas atrás


Niterói, Brasil Rain Tempo inteiro

Join to apply for the Senior Application Security Engineer role at Rain

Rain is the fastest-growing earned wage access (EWA) fintech in the U.S., serving 3.5 million employees and backed by top investors like QED and Prosus. We've raised nearly $400M in funding—including the largest Series A in fintech history—and just closed our Series B to fuel our next stage of hypergrowth.

Overview

We are seeking a skilled and driven Senior Application Security Engineer to join Rain's growing Security team. This role demands a proactive approach to secure software development and cloud-native defense. You will partner closely with engineering and development squads, and work alongside our Cloud Security and GRC team members to improve Rain's application and platform security posture. This position is technically grounded, requiring direct engagement in application-layer matters and security reviews, while also contributing to cloud security automation, awareness initiatives, and secure engineering practices across the SDLC.

Key Responsibilities
  • Collaborate with development squads to validate vulnerabilities and provide actionable remediation guidance aligned with business risk.
  • Drive threat modeling sessions (e.g., STRIDE, PASTA) for critical systems and APIs.
  • Design, implement, and oversee automated processes for securely updating application and code dependencies, proactively mitigating issues and ensuring timely vulnerability remediation.
  • Integrate security checks into CI/CD pipelines (SAST, DAST, SCA, IaC), working with tools like Semgrep, Snyk, Trivy, and Burp Suite.
  • Contribute to runtime security initiatives, such as container/Kubernetes hardening, RASP, and eBPF-based detection.
  • Build and maintain a security issues dashboard to track remediation status and metrics.
  • Provide real-time support in the event of cybersecurity incidents impacting applications or cloud infrastructure (exploited vulnerability, credential stuffing, web/API attacks).
  • Partner with the Cloud Security team on security automation tasks and monitoring improvements (e.g., Security Hub remediation automations, DLP monitoring).
  • Conduct proactive research on new threats, vulnerabilities, and attack techniques relevant to Rain's architecture.
  • Collaborate with the GRC team to develop and deliver internal security awareness initiatives, phishing campaigns, and developer training (e.g., secure coding, API security).
  • Participate in the continuous improvement of AppSec maturity (e.g., aligning with OWASP SAMM, ISO 27001, or SOC 2 frameworks).
Required Qualifications
  • Fluent English, including strong verbal and written skills.
  • Strong problem-solving and analytical mindset.
  • Excellent communication skills to convey security risks to technical and non-technical stakeholders.
  • 3–5+ years of experience in application security, penetration testing roles, and/or secure code development, including work with QA teams.
  • Hands-on experience with SAST, DAST, and SCA tools (e.g., Semgrep, Burp, Snyk).
  • Deep understanding of web, mobile, and API vulnerabilities (OWASP Top 10, API Top 10, MITRE CWE).
  • Proven expertise in performing code reviews or security assessments and writing clear reports.
  • Proficiency in at least one backend language (e.g., Go, Python, Node.js) and understanding of React/React Native front-ends.
  • Familiarity with secure architecture of microservices, event-driven systems, and REST APIs using OAuth2/OpenID Connect.
  • Experience securing CI/CD pipelines and integrating AppSec tooling into SDLC.
  • Solid knowledge of containerization and Kubernetes security fundamentals.
  • Understanding of cloud security (preferably AWS), including IAM principles, cloud-native service configurations, and network segmentation.
  • Comfortable with Agile development methodologies and working within cross-functional squads.
  • Software supply chain security (e.g., SBOM, artifact signing).
Preferred Qualifications
  • Certifications such as OSCP, OSWE, GWAPT, CPTE, or CSSLP.
  • AWS, GCP, or Azure Security Specialty certification.
  • Familiarity with bug bounty triage and vulnerability management platforms (e.g., DefectDojo).
  • Experience implementing RASP or eBPF runtime protection tools.
  • Exposure to LLM/AI security considerations and secure code generation practices.
  • Familiarity with logging and monitoring tools (e.g., CloudWatch, Datadog, Grafana).
Who We Are

Rain is filled with people with a deeply rooted passion for our mission, who embrace diversity throughout our global team, and grow personally and professionally. We own what we do and let data guide our actions while working quickly and adapting to new challenges every day.

As part of our dedication to the diversity of our workforce, Rain is committed to Equal Employment Opportunity and does not discriminate based on race, religion, color, national origin, ethnicity, gender, sex (including pregnancy), protected veteran status, age, disability, sexual orientation, gender identity, gender expression, or any unlawful criterion existing under applicable federal, state, or local laws. If you need assistance or accommodation due to a disability, you may contact us at ******.

#J-18808-Ljbffr
  • Security Engineer

    Há 4 dias


    Niterói, Brasil Ledn Tempo inteiro

    OverviewSecurity Engineers, Ledn is a global financial services company built for digital assets, helping to improve the everyday lives of Bitcoin holders while building generational wealth for the future. Ledn offers a suite of egalitarian lending, savings and trading products to digital asset holders in over 150 countries. The core values are act with...


  • Niterói, Brasil Brick Abode Tempo inteiro

    Join to apply for the Senior/Mid Software Engineer role at Brick Abode We are a software development company serving clients from multiple countries with diverse technological needs. We value a solid computer science foundation and give autonomy to explore across areas, not just one narrow focus. Our team is in Brazil and the USA, with most communication in...


  • Niterói, Brasil Bebeeautomation Tempo inteiro

    Job DescriptionWe are seeking a skilled IT professional to work on a 1+ year project in Brazil.Key Responsibilities:Design and implement efficient automation solutions.Ensure adherence to standards, policies, and procedures.Integrate systems using various protocols like REST, SOAP, MQ, TCP/IP, JSON, and others.Understand customer requirements and project...


  • Niterói, Brasil Bebeecompliance Tempo inteiro

    Job OpportunityWe are looking for a skilled professional to lead our SOC 2 Compliance Initiative.This role requires expertise in SaaS environments, compliance management platforms, and strong leadership skills.The successful candidate will oversee the client's SOC 2 compliance efforts, streamline evidence collection, ensure continuous monitoring, and support...


  • Niterói, Brasil Bebeeinfrastructure Tempo inteiro

    Cloud Infrastructure EngineerWe are seeking a skilled Cloud Infrastructure Engineer to support large-scale cloud operations across multiple providers and SaaS solutions.This role involves supporting high-visibility events (such as major live broadcasts and global digital launches) and contributing to the delivery of key product updates, infrastructure...


  • Niterói, Brasil Bebeebackend Tempo inteiro

    We are developing an innovative data collection pipeline on AWS, utilizing Go and Typescript.Our focus is on delivering high-quality, accessible solutions as we develop a one-stop lead generator platform.The customer-facing part of our solution is a web application built with Typescript and GraphQL, deployed on AWS.We employ a serverless paradigm, with most...


  • Niterói, Brasil Astra AI Tempo inteiro

    Job Location: San Francisco, CA, US (Remote) Job Type: Full-Time 1. About the Role We’re a fast-growing platform connecting Silicon Valley startups with remote tech professionals ready to step in where they’re needed most. Our technology helps engineers secure properly paid, innovative products—and helps startups build provide excellent products with...

  • Full Stack Engineer

    Há 2 dias


    Niterói, Brasil ValueLabs Tempo inteiro

    Role: Senior Full Stack Developer (Java Spring Boot | Ruby on Rails | Angular) Experience: 7+ years Work location: Heredia, Costa Rica & remote for LATAM English Required: B2+ - C1 Job Summary: We are seeking a highly skilled Senior Full Stack Developer with deep expertise in Java Spring Boot, Ruby on Rails, and Angular to lead complex application...

  • Solution Engineer Jr.

    2 semanas atrás


    Niterói, Brasil Iquall Networks Tempo inteiro

    Somos a Iquall Networks, uma empresa de software reconhecida globalmente, especializada na melhoria e transformação de redes de provedores de telecomunicações.O que estamos buscando?Procuramos umSolution Engineer Júnior, com foco emimplementação e suporte técnico de soluções de automação, baseado noRio de Janeiro, que trabalhará junto com...

  • Solution Engineer Jr.

    1 semana atrás


    Niterói, Brasil Iquall Networks Tempo inteiro

    Somos a Iquall Networks, uma empresa de software reconhecida globalmente, especializada na melhoria e transformação de redes de provedores de telecomunicações.O que estamos buscando?Procuramos um Solution Engineer Júnior, com foco em implementação e suporte técnico de soluções de automação, baseado no Rio de Janeiro, que trabalhará junto com um...