Senior Application Security Architect – AppSec

This is a fully remote position, open to applicants in Brazil.

📋 Description

• Develop and execute security strategies for applications, including those that utilize LLMs and generative AI elements.

• Work collaboratively with development teams to embed security practices at the outset of the software development lifecycle.

• Perform architecture, code, and design assessments to detect potential vulnerabilities and security challenges.

• Establish guardrails and standards for LLM-based applications, addressing risks such as prompt injection, insecure output management, data leakage through outputs, excessive autonomy of agents, and cost-abuse (denial-of-wallet).

• Create guidelines for the secure utilization of AI-assisted development tools by engineering teams.

• Formulate and advocate for security standards and best practices throughout the development organization.

• Offer technical guidance and security training.

• Be knowledgeable about tools for automated quality validation in the CI/CD pipeline, including SAST, DAST, SCA, and Secret Scanning.

• Keep abreast of security threats and emerging attack techniques, continually updating protective measures.

• Generate innovative solutions to complex security challenges.

• Leverage your security expertise and intuition to identify threats in corporate and production environments.

• Proficient in reading and communicating in English.

⛳️ Requirements

• Bachelor's degree (completed or in progress) in Information Security, Computer Science, Information Systems, Software Engineering, or a related field.

• Capability to identify opportunities for enhancement, new solutions, and alerts that can improve or streamline operations.

• Employ influencing and negotiation skills to guide teams in resolving issues or adopting security-appropriate architectures.

• Clear, direct, and assertive communication style.

• Proactive in seeking or requesting information as necessary.

• Enthusiasm for learning in a dynamic environment.

• Understanding of common attack vectors.

• Experience in performing threat modeling.

• Familiarity with effective strategies to protect APIs and mobile applications.

• Knowledge of core cloud services and security principles (AWS, Azure, or GCP).

• Ability to collaborate within multidisciplinary teams using agile methodologies.

• Awareness of security risks in applications employing LLMs and generative AI, referencing standards such as OWASP Top 10 for LLM Applications and MITRE ATLAS.

🏝️ Benefits

• 🩺 Health and Dental Insurance

• 🏥 Green Virtual Hospital available 24/7 for quick and convenient care

• 🥗 Meal Voucher and/or Food Voucher

• 💻 Remote Work Allowance (exclusive to remote positions)

• 🕗 Flexible working hours

• ✏ Education Benefit - internal platform providing access to books, podcasts, trainings, and video lessons for self-development (Studa and StoneCo Library)

• 💪 Wellhub

• 💪 TotalPass

• 👶 Childcare Assistance

• 💰 Profit Sharing (PLR)

• 💚 Life Insurance

• 🚗 Transport Voucher (exclusive to on-site positions)