Cybersecurity Professional

Há 5 dias

Cajamar, Brasil beBeeApplication Tempo inteiro US$120.000 - US$150.000
Senior Application Security Engineer

We are seeking a seasoned professional to join our team as a Senior Application Security Engineer. In this role, you will partner closely with engineering and development squads to improve our application and platform security posture.

The ideal candidate will have a strong background in application security, penetration testing, and secure code development. You will be responsible for driving threat modeling sessions, designing and implementing automated processes for securely updating application and code dependencies, and integrating security checks into CI/CD pipelines.

You will also contribute to runtime security initiatives, build and maintain a security issues dashboard, and provide real-time support in the event of cybersecurity incidents. Additionally, you will partner with our Cloud Security team on security automation tasks and monitoring improvements.

Your expertise will be essential in conducting proactive research on new threats, vulnerabilities, and attack techniques relevant to our architecture. You will collaborate with our GRC team to develop and deliver internal security awareness initiatives, phishing campaigns, and developer training.

This is an excellent opportunity to grow personally and professionally with our organization, which values diversity and inclusivity throughout our global team.

Required Qualifications
  • Fluent English skills, including strong verbal and written communication.
  • Strong problem-solving and analytical mindset.
  • Excellent communication skills to convey security risks to technical and non-technical stakeholders.
  • 3–5+ years of experience in application security, penetration testing roles, and/or secure code development.
  • Hands-on experience with SAST, DAST, and SCA tools.
  • Deep understanding of web, mobile, and API vulnerabilities.
  • Proven expertise in performing code review or security assessments and writing clear reports.
  • Proficiency in at least one backend language and understanding of React/React Native front-ends.
  • Familiarity with secure architecture of microservices, event-driven systems, and REST APIs using OAuth2/OpenID Connect.
  • Experience securing CI/CD pipelines and integrating AppSec tooling into SDLC.
  • Solid knowledge of containerization and Kubernetes security fundamentals.
  • Understanding of cloud security, including IAM principles, cloud-native service configurations, and network segmentation.
  • Comfortable with Agile development methodologies and working within cross-functional squads.
Preferred Qualifications
  • Certifications such as OSCP, OSWE, GWAPT, CPTE, or CSSLP.
  • AWS, GCP, or Azure Security Specialty certification.
  • Familiarity with bug bounty triage and vulnerability management platforms.
  • Experience implementing RASP or eBPF runtime protection tools.
  • Exposure to LLM/AI security considerations and secure code generation practices.
  • Familiarity with logging and monitoring tools.

Rain is filled with people who are passionate about our mission, who embrace diversity throughout our global team, and grow personally and professionally.