Job Description
We are looking for a Security Engineer based in Latin America to work on a long-term project for one of our clients, one of the 100 fastest-growing tech companies in North America.
Our client transforms how audit, risk, and compliance professionals manage today’s dynamic risk landscape with a modern, connected platform that engages the front lines, surfaces the risks that matter, and drives better strategic decision-making.
The person in this role will serve as a Security liaison to the engineering team, supporting the implementation of security best practices across every layer of the SDLC. This role will primarily focus on threat modeling, secure design reviews, and the triage and prioritization of application security vulnerabilities identified by the InfoSec team. The person in this role will also play a key part in the continued development and evolution of secure SDLC practices.
Responsibilities
- Collaborate with product and engineering teams to implement security best practices throughout the software design and development lifecycle.
- Work across technologies including JavaScript, Node.js, Ember, Python, Go, Docker, PostgreSQL, and Kubernetes.
- Create application threat models, perform secure code reviews, and promote secure coding practices in partnership with the InfoSec team.
- Support the adoption and implementation of Secure SDLC solutions and practices, including SAST, DAST, SCA, IAST, and application runtime security tools.
- Provide subject matter expertise and training on encryption, authentication, key security controls, and secure software development practices.
- Validate, triage, and drive remediation efforts for vulnerabilities identified through internal testing, third-party penetration tests, and bug bounty programs.
- Guide the implementation, configuration, and operation of application-layer security controls, including Web Application Firewalls (WAF) and DDoS mitigation solutions.
- Support security compliance initiatives and related audit activities as required.
- Assist with the investigation and response to security incidents and web application attacks when necessary.
Requirements
- Advanced Level of English.
- 5+ years of experience developing or securing web-based applications.
- Experience with modern JavaScript technologies, including Node.js, ES6, and TypeScript, as well as front-end frameworks such as Ember, Angular, React, or Vue.
- Experience leading threat modeling and secure design reviews.
- Experience with application security assessment tools, including SCA, SAST, and DAST solutions such as Qualys, SonarCloud, Prisma, or similar platforms.
- Experience working with Docker and Kubernetes.
- Strong understanding of system architecture, scalability, and application performance considerations.
- Ability to communicate technical decisions effectively through design documentation, technical presentations, and knowledge-sharing initiatives.
- Experience participating in design review processes and providing constructive technical feedback
- Experience mentoring and providing technical guidance to junior and mid-level engineers.
- Strong organizational, time management, and collaboration skills, with a proactive and detail-oriented approach to problem-solving and cross-functional teamwork.
- Ability to participate in an on-call rotation.
Bonus Points
- Bachelor’s Degree in Computer Science, Systems Engineering or related fields.
- Experience building and maintaining internal tooling and orchestration solutions using Python and other scripting languages.
- Experience identifying and remediating security vulnerabilities in JavaScript and TypeScript applications.
- Experience leveraging, building, and securing AI-powered coding assistants, agents, and product solutions.
- Experience building and securing CI/CD pipelines, implementing software supply chain security best practices, and integrating application security solutions such as static code analysis tools and Web Application Firewalls (WAF).
- Experience coordinating bug bounty programs and third-party penetration testing engagements.
4tech