Remotery

Application Security Engineer

Posted 1 day ago

This is a fully remote position, open to applicants in Brazil.

📋 Description

• Perform secure code evaluations for Go-based microservices, identifying vulnerabilities early in the development process.

• Execute security assessments of APIs, web applications, and backend services prior to their production release.

• Develop and refine secure coding standards, guidelines, and reusable patterns for engineering teams.

• Facilitate threat modeling sessions with engineering and product teams during the design phase of new features and services.

• Establish and uphold security checkpoints in CI/CD pipelines, including SAST, DAST, SCA, and secrets scanning, with blocking criteria for high-severity issues.

• Manage the DAST process comprehensively: selecting tools, scheduling, escalation workflows, and tracking remediation.

• Incorporate container image scanning and infrastructure-as-code (IaC) security checks into deployment workflows.

• Assist in hardening initiatives across Kubernetes, ingress, and workloads.

• Participate in the security observability program by defining and adjusting alerting rules for authentication anomalies and unusual API usage.

• Promote secure development practices across engineering teams by offering guidance, training, and hands-on support.

• Create and maintain security documentation, runbooks, and standards.

• Assess, prioritize, and monitor the remediation of security findings across the platform.

• Organize external penetration tests and collaborate with vendors on scope, debriefs, and remediation strategies.

• Collaborate with product and business teams to understand risk from a product viewpoint.

• Ensure that no high-severity findings remain unresolved for longer than 30 days.


⛳️ Requirements

• 3–5 years of experience in application security, product security, or a related field.

• Hands-on experience with SAST/DAST tools such as Snyk, Checkmarx, OWASP ZAP, Burp Suite, or equivalents.

• Strong understanding of OWASP Top 10 for web and APIs and real-world exploitability assessments.

• Experience in reviewing code written in Go or similar compiled languages.

• Familiarity with Kubernetes, containers, and cloud-native architectures.

• Excellent written and verbal communication skills, capable of clearly conveying security risks to both technical and non-technical stakeholders.

• Self-motivated and adept at working autonomously in a dynamic environment.

• Proficient in English, both written and spoken (required).

• Relevant certifications such as OSCP, OSWE, CEH, or eWPT.

• Experience with Istio or service mesh security.

• Knowledge of compliance frameworks like ISO 27001, GDPR, or SOC 2.

• Experience with threat modeling techniques (e.g., STRIDE, PASTA, or similar).

• Background in fintech or regulated sectors.


🏝️ Benefits

• Opportunity to join a high-impact, mission-driven fintech organization with a regional focus.

• Cross-functional collaboration with outstanding teams across Latin America.

• Equipment provided by R2.

• Professional development training budget.

• Opportunities for career advancement within R2.

People also viewed

Canary Technologies17 hours ago

Senior Application Security Engineer

AR flagArgentina OnlyFull-timeApplication Engineer
ApplyView job
Armstrong Fluid Technology17 hours ago

Application Engineering Specialist

CA flagCanada OnlyFull-timeApplication Engineer
ApplyView job
Convatec17 hours ago

Lead PLM Application Engineer

IN flagIndia OnlyFull-timeApplication Engineer
ApplyView job
Barry-Wehmiller17 hours ago

Applications Controls Engineer

GB flagUnited Kingdom OnlyFull-timeApplication Engineer
ApplyView job
GE Vernova17 hours ago

Senior P&C Engineer – Technical Application Engineering

CA flagCanada OnlyFull-timeApplication Engineer$132k – $182k/year
ApplyView job
SGS17 hours ago

Application Solution Engineer – Oracle Fusion ERP

ES flagSpain OnlyFull-timeApplication Engineer
ApplyView job

Never miss a great job!

Get handpicked remote jobs straight to your inbox weekly.

Trusted by 7,400+ designers