Accountabilities:
- Conduct security reviews and threat modeling across product features and system designs, translating findings into clear, actionable recommendations for engineering teams.
- Take ownership of end-to-end security initiatives, from initial design and planning through implementation and rollout.
- Build and maintain internal security tooling and automation to streamline reviews, detection, and remediation workflows.
- Coordinate penetration testing activities and ensure timely tracking and resolution of identified vulnerabilities.
- Support compliance programs such as SOC2 and PCI, including evidence gathering, audit preparation, and remediation tracking.
- Contribute to the broader Application Security roadmap, including initiatives in cloud security, supply chain security, AI-related risks, and ASPM.
- Engage in proactive security research and incident investigation to continuously improve system resilience.
- Partner closely with Cloud, Infrastructure, and Engineering teams to embed security into daily development practices.
Requirements:
- Proven experience in product or application security, including conducting threat modeling and security reviews in production environments.
- Strong ability to read and write code, with a hands-on mindset for building security tools and automation rather than only reviewing findings.
- Solid understanding of risk evaluation, with the ability to balance real-world threats against theoretical vulnerabilities and communicate trade-offs clearly.
- Experience delivering security projects independently while aligning with broader technical direction and collaborating with senior engineers when needed.
- Strong communication skills, particularly in translating security concepts to non-security engineering teams.
- Familiarity with cloud, distributed systems, or modern software architectures is highly beneficial.
Nice to have:
- Exposure to or interest in compliance frameworks such as SOC2 or PCI DSS.
- Experience in fintech, payments, or other regulated, high-security domains.
- Interest in advanced security areas such as supply chain security, detection engineering, or AI-related security challenges.
Benefits:
- Fully remote-first work environment with global flexibility.
- Competitive share options as part of long-term alignment.
- Minimum 25 days of paid vacation, with uncapped holiday allowance.
- Access to co-working spaces worldwide.
- Workations and annual company retreats to support team connection.
- Top-tier equipment and home office support (including setup budget).
- Generous learning and development budget for courses, certifications, and training.
- Private medical insurance and additional location-based benefits.
- Flexible, distributed culture designed to support deep technical work and autonomy.
🇧🇷 Essa vaga exige inglês. Você está pronto?
A DevSpeak Academy prepara desenvolvedores brasileiros para conquistar vagas internacionais. Domine o inglês técnico com professores que entendem o mundo dev.
Conheça a DevSpeak AcademyCandidaturas encerradasVer outras vagas
