Senior Application Security Engineer

4 semanas atrás


Passo Fundo, Brasil Rain Tempo inteiro

Overview

Join to apply for the Senior Application Security Engineer role at Rain . Rain is the fastest-growing earned wage access (EWA) fintech in the U.S., serving 3.5 million employees and backed by top investors. We are seeking a skilled and driven Senior Application Security Engineer to join Rain's growing Security team. This role emphasizes secure software development, cloud-native defense, and collaboration with engineering, Cloud Security, and GRC teams to improve application and platform security posture.

This position is technically grounded, requiring direct engagement in application-layer matters and security reviews, while contributing to cloud security automation, awareness initiatives, and secure engineering practices across the SDLC.

Responsibilities
  • Collaborate with development squads to validate vulnerabilities and provide actionable remediation guidance aligned with business risk.
  • Drivethe threat modeling sessions (e.g., STRIDE, PASTA) for critical systems and APIs.
  • Design, implement, and oversee automated processes for securely updating application and code dependencies, proactively mitigating issues and ensuring timely vulnerability remediation.
  • Integrate security checks into CI/CD pipelines (SAST, DAST, SCA, IaC), using tools like Semgrep, Snyk, Trivy, and Burp Suite.
  • Contribute to runtime security initiatives, including container/Kubernetes hardening, RASP, and eBPF-based detection.
  • Build and maintain a security issues dashboard to track remediation status and metrics.
  • Provide real-time support during cybersecurity incidents affecting applications or cloud infrastructure.
  • Partner with the Cloud Security team on security automation tasks and monitoring improvements (e.g., Security Hub remediation automations, DLP monitoring).
  • Conduct proactive research on new threats, vulnerabilities, and attack techniques relevant to Rain's architecture.
  • Collaborate with the GRC team to develop and deliver internal security awareness initiatives, phishing campaigns, and developer training (secure coding, API security).
  • Participate in continuous improvement of AppSec maturity (e.g., OWASP SAMM, ISO 27001, SOC 2).
Qualifications
  • Fluent English with strong verbal and written communication skills.
  • Strong problem-solving and analytical mindset; ability to convey security risks to both technical and non-technical stakeholders.
  • 3–5+ years of experience in application security, penetration testing roles, and/or secure code development; experience working with QA teams.
  • Hands-on experience with SAST, DAST, and SCA tools (e.g., Semgrep, Burp, Snyk).
  • Deep understanding of web, mobile, and API vulnerabilities (OWASP Top 10, API Top 10, MITRE CWE).
  • Proven expertise in code review or security assessments and clear reporting.
  • Proficiency in at least one backend language (e.g., Go, Python, Node.js) and familiarity with React/React Native front-ends.
  • Familiarity with secure architecture of microservices, event-driven systems, and REST APIs using OAuth2/OpenID Connect.
  • Experience securing CI/CD pipelines and integrating AppSec tooling into the SDLC.
  • Solid knowledge of containerization and Kubernetes security fundamentals.
  • Understanding of cloud security (preferably AWS), including IAM, cloud-native configurations, and network segmentation.
  • Comfortable with Agile development and cross-functional squads.
  • Software supply chain security experience (e.g., SBOM, artifact signing).
Preferred Qualifications
  • Certifications such as OSCP, OSWE, GWAPT, CPTE, or CSSLP.
  • AWS, GCP, or Azure Security Specialty certification.
  • Familiarity with bug bounty triage and vulnerability management platforms (e.g., DefectDojo).
  • Experience implementing RASP or eBPF runtime protection tools.
  • Exposure to LLM/AI security considerations and secure code generation practices.
  • Familiarity with logging and monitoring tools (e.g., CloudWatch, Datadog, Grafana).
Who We Are

Rain is a diverse team dedicated to our mission, with a commitment to Equal Employment Opportunity and non-discrimination based on race, religion, color, national origin, ethnicity, gender, sex (including pregnancy), protected veteran status, age, disability, sexual orientation, gender identity, or any unlawful criterion under applicable laws. If you need assistance or accommodation due to a disability, you may contact us. Rain is committed to creating an inclusive environment for all employees.

referrals increase your chances of interviewing. Get notified about new Senior Application Security Engineer jobs in Passo Fundo, Rio Grande do Sul, Brazil.

#J-18808-Ljbffr

  • Passo Fundo, Brasil Ledn Tempo inteiro

    OverviewJoin to apply for the Staff Application Security Engineer role at LEDN . Ledn is a global financial services company built for digital assets, helping to improve the everyday lives of Bitcoin holders while building generational wealth for the future. Ledn offers egalitarian lending, savings and trading products to digital asset holders in over 150...

  • Security Engineer

    2 semanas atrás


    Passo Fundo, Brasil Ledn Tempo inteiro

    OverviewSecurity Engineer role at LEDN is a hands-on engineering position focused on application security, authentication/identity, and confidential computing. The role strengthens the security of our Bitcoin-backed loan platform and drives both tactical improvements and long-term strategy for securing applications and authentication systems. The team works...


  • Passo Fundo, Brasil Brick Abode Tempo inteiro

    Join to apply for the Senior/Mid Software Engineer role at Brick Abode . We are a software development company that serves clients from multiple countries around the world, with differing technological needs. We value a solid computer science base and give autonomy to work across topics. Our engineers are in touch with the business needs of our clients and...


  • Passo Fundo, Brasil Bebeeendpoint Tempo inteiro

    Lead a team of engineers to maintain and secure corporate devices globally.Focus on process automation, efficiency, and compliance across multiple frameworks.Key Responsibilities:Manage a teamOversee maintenance, patching, and compliance for Windows and macOS endpoints using NinjaOneDrive automation initiatives to reduce manual processesEnsure endpoints meet...


  • Passo Fundo, Brasil Bebeesoftwareengineer Tempo inteiro

    We are seeking a skilled Full Stack Software Engineer to join our team on a full-time remote basis.The ideal candidate will have 4+ years of experience in developing commercial-grade software.Key responsibilities include maintaining and enhancing an existing web application, designing and developing modern application components, taking technical ownership...

  • DevOps Engineer

    Há 4 dias


    Passo Fundo, RS, Brasil Flowmentum, Inc. Tempo inteiro

    We’re Flowmentum and our clients are fast-moving teams building reliable, scalable, and secure infrastructure for companies shaping the future of AI, fintech, cloud services, and beyond. Our engineers work on high-traffic, mission-critical systems that power millions of users across the globe. We believe in autonomy, ownership, and solving hard problems...


  • Passo Fundo, Brasil Bebeesoftware Tempo inteiro

    We are seeking a skilled Software Architect to design and develop innovative web applications across the entire technology stack.The ideal candidate will have expertise in full-stack software development with emphasis on back-end development, as well as experience with serverless APIs and services written with .NET/C# and user-facing software features using...


  • Passo Fundo, Brasil Bebeemobile Tempo inteiro

    About UsWe specialize in agile product and content development, captivating users with innovative solutions.Job OverviewWe are seeking a skilled professional to lead mobile application development using Kotlin Multiplatform (KMP) and Jetpack Compose.Develop high-quality mobile applications leveraging KMP for shared business logic and Compose for modern UI...

  • Senior MLOps

    2 semanas atrás


    Passo Fundo, Brasil Acendeo Tempo inteiro

    Description We’re seeking an experienced DevOps/LLMOps or MLOps/ LLMOps Engineer to design, deploy, and maintain the infrastructure supporting Large Language Model (LLM) platforms. This role blends DevOps best practices with AI/ML expertise, with a focus on building and scaling agentic AI systems that integrate directly with LLMs. You’ll drive...


  • Passo Fundo, Brasil Bebeearchitect Tempo inteiro

    Job OverviewThe role of a Senior Solution Architect involves creating architecture for each business service by integrating business, information, and technology.The individual collaborates with Service Management Leads, Business Analysts, and Enterprise Architects to understand the implications on solution architecture.This position is viewed as an expert...