Senior Application Security Engineer
1 dia atrás
OverviewRain is the fastest-growing earned wage access (EWA) fintech in the U.S., serving 3.5 million employees and backed by top investors like QED and Prosus.
We\'ve raised nearly $400M in funding—including the largest Series A in fintech history—and just closed our Series B to fuel our next stage of hypergrowth.
We are seeking a skilled and driven Senior Application Security Engineer to join Rain\'s growing Security team.
This role demands a proactive approach to secure software development and cloud-native defense.
You will partner closely with engineering and development squads, and work alongside our Cloud Security and GRC team members to improve Rain\'s application and platform security posture.
This position is technically grounded, requiring direct engagement in application-layer matters and security reviews, while also contributing to cloud security automation, awareness initiatives, and secure engineering practices across the SDLC.Key ResponsibilitiesCollaborate with development squads to validate vulnerabilities and provide actionable remediation guidance aligned with business risk.Drive threat modeling sessions (e.g., STRIDE, PASTA) for critical systems and APIs.Design, implement, and oversee automated processes for securely updating application and code dependencies, proactively mitigating issues and ensuring timely vulnerability remediation.Integrate security checks into CI/CD pipelines (SAST, DAST, SCA, IaC), working with tools like Semgrep, Snyk, Trivy, and Burp Suite.Contribute to runtime security initiatives, such as container/Kubernetes hardening, RASP, and eBPF-based detection.Build and maintain a security issues dashboard to track remediation status and metrics.Provide real-time support in the event of cybersecurity incidents impacting applications or cloud infrastructure (exploited vulnerability, credential stuffing, web/API attacks).
Partner with the Cloud Security team on security automation tasks and monitoring improvements (e.g., Security Hub remediation automations, DLP monitoring, etc.).
Conduct proactive research on new threats, vulnerabilities, and attack techniques relevant to Rain\'s architecture.Collaborate with the GRC team to develop and deliver internal security awareness initiatives, phishing campaigns, and developer training (e.g., secure coding, API security).
Participate in the continuous improvement of AppSec maturity (e.g., aligning with OWASP SAMM, ISO 27001, or SOC 2 frameworks).
Required QualificationsFluent English, including strong verbal and written skills.Strong problem-solving and analytical mindset.Excellent communication skills to convey security risks to technical and non-technical stakeholders.3–5+ years of experience in application security, penetration testing roles, and/or secure code development, including work with QA teams.Hands-on experience with SAST, DAST, and SCA tools (e.g., Semgrep, Burp, Snyk).
Deep understanding of web, mobile, and API vulnerabilities (OWASP Top 10, API Top 10, MITRE CWE).
Proven expertise in performing code review or security assessments and writing clear reports.Proficiency in at least one backend language (e.g., Go, Python, ) and understanding of React/React Native front-ends.Familiarity with secure architecture of microservices, event-driven systems, and REST APIs using OAuth2/OpenID Connect.Experience securing CI/CD pipelines and integrating AppSec tooling into SDLC.Solid knowledge of containerization and Kubernetes security fundamentals.Understanding of cloud security (preferably AWS), including IAM principles, cloud-native service configurations, and network segmentation.Comfortable with Agile development methodologies and working within cross-functional squads.Software supply chain security (e.g., SBOM, artifact signing).
Preferred QualificationsCertifications such as OSCP, OSWE, GWAPT, CPTE, or CSSLP.AWS, GCP, or Azure Security Specialty certification.Familiarity with bug bounty triage and vulnerability management platforms (e.g., DefectDojo).
Experience implementing RASP or eBPF runtime protection tools.Exposure to LLM/AI security considerations and secure code generation practices.Familiarity with logging and monitoring tools (e.g., CloudWatch, Datadog, Grafana).
Who We AreRain is filled with people with a deeply rooted passion for our mission, who embrace diversity throughout our global team, and grow personally and professionally.
We own what we do and let data guide our actions while working quickly and adapting to new challenges every day.As part of our dedication to the diversity of our workforce, Rain is committed to Equal Employment Opportunity and does not discriminate based on race, religion, color, national origin, ethnicity, gender, sex (including pregnancy), protected veteran status, age, disability, sexual orientation, gender identity, gender expression, or any unlawful criterion existing under applicable federal, state, or local laws.
If you need assistance or accommodation due to a disability, you may contact us at ******.
LocationsItapema, Santa Catarina, Brazil; Tijucas, Santa Catarina, Brazil; Brusque, Santa Catarina, Brazil; Gaspar, Santa Catarina, Brazil (1 month ago postings).
Seniority levelMid-Senior levelEmployment typeFull-timeJob functionInformation Technology
#J-18808-Ljbffr
-
Advanced Cloud Security Specialist
Há 2 dias
Balneário Camboriú, Santa Catarina, Brasil beBeeCloudSecurity Tempo inteiro US$125.000 - US$175.000Job OverviewRain is a rapidly growing fintech company that offers earned wage access to its clients. We are seeking a skilled Advanced Cloud Security Specialist to join our team. This role involves working closely with engineers and developers to ensure the security of our software development lifecycle.Key ResponsibilitiesCollaborate with cross-functional...
-
Azure Devops Engineer
Há 3 dias
Balneário Camboriú, Santa Catarina, Brasil Decskill Tempo inteiroOverview Join to apply for the Azure Devops Engineer role at Decskill . Decskill was founded in 2014 as an IT Consulting Company and their main mission is to deliver value through knowledge. We enable companies to meet the challenges of the digital world by providing our clients with business models that ensure technological capacity, flexibility and...
-
Desenvolvedor Fullstack Sênior
2 semanas atrás
Balneário Camboriú, Santa Catarina, Brasil Videosoft Soluções Em Autoatendimento Tempo inteiroJoin to apply for the Desenvolvedor Fullstack Sênior role at Videosoft Soluções em AutoatendimentoA Videosoft atua em todos os processos que envolvem um projeto de sucesso.Desde a fabricação dos terminais, através da nossa fábrica própria, passando pelo desenvolvimento dos softwares/integrações e o monitoramento dos periféricos e aplicativos, até...
-
Desenvolvedor Fullstack Sênior
1 semana atrás
Balneário Camboriú, Santa Catarina, Brasil Videosoft Soluções em Autoatendimento Tempo inteiroJoin to apply for the Desenvolvedor Fullstack Sênior role at Videosoft Soluções em AutoatendimentoA Videosoft atua em todos os processos que envolvem um projeto de sucesso. Desde a fabricação dos terminais, através da nossa fábrica própria, passando pelo desenvolvimento dos softwares/integrações e o monitoramento dos periféricos e aplicativos,...
-
Desenvolvedor Fullstack Sênior
Há 5 dias
Balneário Camboriú, Santa Catarina, Brasil Videosoft Soluções em Autoatendimento Tempo inteiroJoin to apply for the Desenvolvedor Fullstack Sênior role at Videosoft Soluções em AutoatendimentoA Videosoft atua em todos os processos que envolvem um projeto de sucesso. Desde a fabricação dos terminais, através da nossa fábrica própria, passando pelo desenvolvimento dos softwares/integrações e o monitoramento dos periféricos e aplicativos,...
-
Especialista Em Devsecops
Há 2 dias
Balneário Camboriú, Santa Catarina, Brasil Grupo CPA Tempo inteiroOverview VAGA ESPECIALISTA DEVSECOPS II | Grupo Easy Local: Santo Amaro/SP - Híbrido Modalidade de Contratação: PJ ou Cooperado Tempo de Projeto: Indeterminado Descrição Do Cargo: Buscamos um(a) Analista Sênior DevSecOps com sólida experiência em práticas de desenvolvimento seguro, automação de segurança em pipelines CI/CD e integração de...
-
Banco de Talentos Videosoft
2 semanas atrás
Balneário Camboriú, Santa Catarina, Brasil Videosoft Soluções em Autoatendimento Tempo inteiroJoin to apply for the Banco de Talentos Videosoft role at Videosoft Soluções em Autoatendimento Não encontrou a oportunidade que estava procurando? Envie o seu currículo para o nosso banco de talentos. A Videosoft está crescendo e estamos sempre buscando profissionais interessados em participar dessa jornada conosco. Aqui, além de você ter a...
-
Engenheiro de Soluções Integradas
2 semanas atrás
Balneário Camboriú, Santa Catarina, Brasil beBeeDesenvolvimento Tempo inteiro R$80.000 - R$120.000Estamos em busca de um profissional talentoso para integrar nossa equipe como Desenvolvedor Fullstack Sênior. A missão da vaga é ser protagonista no desenvolvimento de soluções robustas, escaláveis e modernas, atuando com foco em performance, segurança e boas práticas de arquitetura. O ideal é alguém que combine autonomia técnica com...
-
Desenvolvedor fullstack sênior
2 semanas atrás
Balneário Camboriú, Santa Catarina, Brasil Netvagas Tempo inteiroA Videosoft atua em todos os processos que envolvem um projeto de sucesso. Desde a fabricação dos terminais, através da nossa fábrica própria, passando pelo desenvolvimento dos softwares/integrações e o monitoramento dos periféricos e aplicativos, até uma ampla rede de Assistências Técnicas distribuída por todo território Nacional. Com mais de...
-
Desenvolvedor fullstack sênior
Há 3 dias
Balneário Camboriú, Santa Catarina, Brasil Videosoft Tempo inteiroA Videosoft atua em todos os processos que envolvem um projeto de sucesso. Desde a fabricação dos terminais, através da nossa fábrica própria, passando pelo desenvolvimento dos softwares/integrações e o monitoramento dos periféricos e aplicativos, até uma ampla rede de Assistências Técnicas distribuída por todo território Nacional. Com mais de...
