Senior Security Engineer

This is a fully remote position, open to applicants in Brazil.

📋 Description

• Take ownership of threat modeling for our core platform APIs, risk decisioning, event-ingestion systems, and agentic AI products; enhance multi-tenant isolation and data management throughout design processes and pull requests.

• Design, implement, and deploy authentication and authorization (both user and API), as well as RBAC across our platform: take charge of and propose innovative approaches as we expand.

• Establish our AppSec program from the ground up, incorporating SAST (Semgrep), SCA (Dependabot/Snyk), secret scanning, IaC scanning, and container scanning with Pulumi and EKS.

• Develop protective measures for LLM usage—prompt-injection defenses, output validation, and monitoring for costs and abuse for Bedrock/Anthropic/OpenAI calls.

• Lead the security incident management process, vulnerability assessment, and responsible disclosure workflow.

• Create a SECURITY.md, maintain a threat registry, and advocate for secure-by-default practices throughout the engineering organization.

• Collaborate with IT on shared responsibilities, including incident response for both corporate and product sectors, conducting access reviews, and gathering audit evidence.

• Work together with product and engineering teams on feature design, integrating security considerations early in the process rather than as an afterthought.

• Ensure alignment with current security standards and trends (OWASP, MITRE ATT&CK, and emerging guidance on LLM/agent security).

⛳️ Requirements

• Strong foundation in software engineering—over 5 years of software development experience, with a focus on application or product security for the last 3+ years, preferably in a fintech or data-intensive SaaS environment.

• Proficient hands-on skills in Java and/or Python code reviews—comfortable engaging in pull requests, not just generating reports.

• Familiarity with SSO, SAML, OAuth 2.0, JWT, mTLS, and JOSE; experience with multi-tenant authorization; knowledge of PII handling and tokenization.

• Working knowledge of AWS security features (IAM, KMS, Secrets Manager, VPC) and Kubernetes.

🏝️ Benefits

• 100% coverage of Medical/Dental (Care Plus) for you and your dependents.

• 100% Life/LTD (Prudential) coverage.

• Caju Card providing a monthly meal allowance.

• A remote-first culture.

• A family-friendly environment with regular team events and offsites.

• Exceptional opportunities for learning and professional development.

• Contribute to making the internet safer by protecting online transactions.