Senior Application Security Engineer

November 6

Apply Now

Receive Emails with Similar Jobs

dLocal

WebsiteLinkedInAll Job Openings

Fintech • eCommerce

dLocal is a payment solutions platform that connects global merchants with consumers in emerging markets. The company offers a variety of services including payins, payouts, and real-time fraud management to enhance payment processes for businesses. As a Nasdaq-listed company, dLocal supports transactions in over 40 countries, enabling local payment methods and currencies for billions of emerging market consumers. dLocal’s platform simplifies cross-border payments, providing a comprehensive solution for eCommerce, shared economy, digital media, financial services, and more, with an emphasis on high-growth markets such as Africa, Asia, and Latin America.

201 - 500 employees

Founded 2016

💳 Fintech

🛍️ eCommerce

💰 $150M Venture Round on 2021-04

📋 Description

• Implement a software assurance model designed to address security defects early in the delivery pipeline • Perform security design reviews for new features and product releases • Perform code reviews and advise developers on remediation techniques • Design controls to detect and respond to common attacks on our platform • Tech talks in high technical level to engineers • Triage and respond to external inquiries around security vulnerabilities • Facilitate internal training on various security topics to raise awareness and interest

🎯 Requirements

• Strong proficiency in at least one programming language like Java, goLang, Python and/or NodeJS/TypeScript and also knowledge in any scripting languages • 5+ years of hands-on experience working with developers in building a software assurance model • Demonstrate the ability to manually fix/mitigate security flaws on web applications and APIs code-level • Experience designing secure web services, APIs and microservice architectures • Familiarity with threat modeling frameworks in cloud-base environments (OWASP, STRIDE, MITRE, etc) • Familiarity with OWASP verification guidelines (ASVS), OWASP Top 10s (web, API, LLM) and NIST special publications • Experience with application/development security tools, including but not limited to: Burp Suite, Qualys/WAS (Tenable or similar), Apiiro (Wiz, GHAS, or similar), Github (Gitlab, Bitbucket or similar), ECS/EKS, Github Actions, etc • Familiarity with the implementation and maintenance of SAST/DAST/IAST/SCA security sensors in a development pipeline • In-depth knowledge of OWASP10, SANS25 and other world-known application security frameworks • Understanding of a complete SDLC and how to make it secured (S-SDLC) • Familiarity with Cloud platforms (AWS preferably) • Ability to lead people to problem resolution when it comes to Security (Integrate teams, especially the Engineering Team) • Experience on how to secure LLMs and generative AI applications • Certified in any related security development certifications like CSSLP, CASE or others will be considered a plus • Exposure to PCI-DSS, ISO27001 and/or SOC2 framework or any other relevant security standard will be valued • Extensive knowledge of security architectures, both monoliths and microservices, including how they are developed and operate at scale • Have had developed a personal or enterprise software/script with focus on security (exploitation of vulnerabilities, hardening automation, API integration for security

🏖️ Benefits

• Remote work: work from anywhere or one of our offices around the globe!* • Flexibility: we have flexible schedules and we are driven by performance. • Fintech industry: work in a dynamic and ever-evolving environment, with plenty to build and boost your creativity. • Referral bonus program: our internal talents are the best recruiters - refer someone ideal for a role and get rewarded. • Learning & development: get access to a Premium Coursera subscription. • Language classes: we provide free English, Spanish, or Portuguese classes. • Social budget: you'll get a monthly budget to chill out with your team (in person or remotely) and deepen your connections! • dLocal Houses: want to rent a house to spend one week anywhere in the world coworking with your team? We’ve got your back!