Senior Application Security Engineer Job Description:
The Global Enterprise Security Team is expanding in Brazil, and we are seeking a dedicated and experienced Senior Application Security Engineer to join our growing team.
You will work with a dynamic group of professionals dispersed across North and South America supporting our global business that spans 5 continents.
Your primary role will be to safeguard our applications from potential threats and vulnerabilities by conducting thorough security assessments, implementing robust security measures, and ensuring compliance with industry standards.
Your strong analytical skills and deep understanding of modern security protocols and tools will be essential in identifying and mitigating risks early in the development lifecycle.
You will report to the Enterprise Application Security group, which works closely with software development and application ownership teams across various business units to help develop more secure applications and products.
This is a fully remote position, requiring you to reside in Brazil. Benefits include health and dental insurance, meal and restaurant vouchers, fixed monthly stipend for internet and mobile expenses, and company-issued devices.
Responsibilities
* Integrate SAST tooling into CI/CD pipelines, ensuring compatibility and efficient scanning within development workflows.
* Provide tailored SAST integration support for development teams at varying maturity levels with diverse toolsets and security requirements.
* Analyze application logs for anomalous patterns, communicate findings to leadership, and persuade them to take appropriate action.
* Participate in on-call rotation in support of WAF incidents.
* Validate security vulnerabilities identified by automated tools and fine-tune configurations to minimize false positives and reduce noise.
* Develop threat models with development teams to help expose risks in their deliverables.
* Participate in application design and architectural reviews.
* Facilitate activities such as blue/red team events and bug bounty programs.
* Lead prioritization discussions to gain traction on important security issues.
* Act as a liaison with 3rd parties performing vulnerability scans and penetration testing to validate findings and inform priorities and strategies for remediation.
* Draft, evaluate, and monitor compliance with application and development security standards.
* Ensure development teams are validating for OWASP Top 10 and performing industry leading application security practices.
Qualifications
* A minimum of 5 years of experience in application security.
* Strong background with CI/CD processes and associated tooling, such as Jenkins, GitHub Actions, Azure Pipelines, or similar.
* Strong scripting experience - PowerShell, Python, etc.
* Extensive experience with SAST & DAST application scanning tools and knowledge of OWASP methodologies.
* Application security experience with high level programming languages (e.g., Java, C, C++, C#, VB, .NET, ASP.NET, ASP, PHP, J2EE, JSP).
* Experience with Container technologies - Docker, Docker Swarm, Kubernetes.
* Experience with Cloud Service Providers (Azure and/or AWS).
* Knowledge of Web Application Firewalls (WAF).
* Experience with performing web, API, and mobile manual penetration testing; preparing reports to document findings; and presenting the report to development teams.
* Familiarity with regulatory controls and industry best practices such as HIPAA, PCI, HiTrust, NIST etc.
* Communication skills to create documentation, videos and conduct training classes.
* Ability to manage multiple tasks simultaneously and meet established deadlines.
* Ability to collaborate with IT teams on security-related tasks and projects.
* Ability to work productively while remote and communicate effectively in a virtual team environment.
* Ability to stay current with new technology.
Education & Certifications
* Education: Associate Degree, or Technologo (Technologist) Degree, or higher is required.
* A CISSP certification is preferred but not required, career development plan to include certifications upon hire.