
Application Security Engineer
Posted 1 day ago

Posted 1 day ago
This is a fully remote position, open to applicants in Brazil.
• Perform secure code evaluations for Go-based microservices, identifying vulnerabilities early in the development process.
• Execute security assessments of APIs, web applications, and backend services prior to their production release.
• Develop and refine secure coding standards, guidelines, and reusable patterns for engineering teams.
• Facilitate threat modeling sessions with engineering and product teams during the design phase of new features and services.
• Establish and uphold security checkpoints in CI/CD pipelines, including SAST, DAST, SCA, and secrets scanning, with blocking criteria for high-severity issues.
• Manage the DAST process comprehensively: selecting tools, scheduling, escalation workflows, and tracking remediation.
• Incorporate container image scanning and infrastructure-as-code (IaC) security checks into deployment workflows.
• Assist in hardening initiatives across Kubernetes, ingress, and workloads.
• Participate in the security observability program by defining and adjusting alerting rules for authentication anomalies and unusual API usage.
• Promote secure development practices across engineering teams by offering guidance, training, and hands-on support.
• Create and maintain security documentation, runbooks, and standards.
• Assess, prioritize, and monitor the remediation of security findings across the platform.
• Organize external penetration tests and collaborate with vendors on scope, debriefs, and remediation strategies.
• Collaborate with product and business teams to understand risk from a product viewpoint.
• Ensure that no high-severity findings remain unresolved for longer than 30 days.
• 3–5 years of experience in application security, product security, or a related field.
• Hands-on experience with SAST/DAST tools such as Snyk, Checkmarx, OWASP ZAP, Burp Suite, or equivalents.
• Strong understanding of OWASP Top 10 for web and APIs and real-world exploitability assessments.
• Experience in reviewing code written in Go or similar compiled languages.
• Familiarity with Kubernetes, containers, and cloud-native architectures.
• Excellent written and verbal communication skills, capable of clearly conveying security risks to both technical and non-technical stakeholders.
• Self-motivated and adept at working autonomously in a dynamic environment.
• Proficient in English, both written and spoken (required).
• Relevant certifications such as OSCP, OSWE, CEH, or eWPT.
• Experience with Istio or service mesh security.
• Knowledge of compliance frameworks like ISO 27001, GDPR, or SOC 2.
• Experience with threat modeling techniques (e.g., STRIDE, PASTA, or similar).
• Background in fintech or regulated sectors.
• Opportunity to join a high-impact, mission-driven fintech organization with a regional focus.
• Cross-functional collaboration with outstanding teams across Latin America.
• Equipment provided by R2.
• Professional development training budget.
• Opportunities for career advancement within R2.
Canary Technologies
Armstrong Fluid Technology
Convatec
Barry-Wehmiller
Get handpicked remote jobs straight to your inbox weekly.