Security Analyst – MCP & Application

🔥 2 hours ago

Apply Now

Find Similar Remote Jobs

Receive Emails For Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Upload Resume

OneSeven Tech (OST)

WebsiteLinkedInAll Job Openings

11 - 50 employees

🤝 B2B

🤖 Artificial Intelligence

☁️ SaaS

B2B • Artificial Intelligence • SaaS

OneSeven Tech (OST) is a digital product studio specializing in software design and engineering for startups, SMBs, and enterprises. With a team of global software and AI experts, OST has been in business for 7 years, successfully completing 88 projects for over 62 clients across various industries. The company focuses on providing services such as product strategy, web and mobile app development, and AI/ML integration. Known for its innovative solutions, OST has expanded its expertise from startups to large enterprises, including publicly traded companies. Their services cater to clients at every stage, from idea generation to growth and enterprise scaling. OST prides itself on a 4. 9 out of 5-star rating from clients for on-time delivery and high-fidelity designs, successfully meeting regulatory requirements in sectors like healthcare with HIPAA compliance.

📋 Description

• Own the security posture of the MCP infrastructure: define and implement JWT-based authentication, manage secrets, and establish controls for tool-use and agent interactions • Identify and remediate prompt injection risks, unauthorized tool invocations, and privilege escalation vectors in the agentic layer • Review and harden AWS infrastructure configurations: IAM policies, VPC rules, secrets exposure, logging and alerting • Work through the client's existing application security backlog — issues currently handled ad hoc by IT and senior devs that need a permanent, focused owner • Partner with the engineering team to review new integrations and MCP components before they ship, and establish a repeatable pre-ship security review process • Document security controls, threat models, and remediation history so the client team can operate independently over time

🎯 Requirements

• Hands-on application security engineering experience — not consulting or auditing only. • JWT token validation and API key management in production — scoped access patterns, token lifecycle, revocation logic • Authentication and authorization design: OAuth 2.0, API key management, scoped access patterns in production systems • Secrets management in cloud environments: AWS Secrets Manager, Vault, or equivalent — not just knowing they exist, but owning the implementation • Experience identifying and mitigating prompt injection, tool misuse, and trust boundary issues in AI/LLM systems — or a strong OWASP Top 10 foundation with demonstrated ability to apply it to new attack surfaces • Comfortable working as the sole security voice on a team — able to raise concerns diplomatically, hold the line technically, and prioritize a backlog without a security manager above you • Near-native English — daily async communication with a US-based client team and technical lead

🏖️ Benefits

• $4000 - $5500/month — paid in USD, bi-weekly via Deel • US Eastern Time hours (EST) — Monday to Friday, 9:00 AM–6:00 PM EST • Fully Remote — work from anywhere in Latin America • Long-term contract — starting with a 6-month contract, with potential to extend • Paid PTO — accrual begins after 3-month trial period • Referral Program — earn a bonus for referring talent that gets hired