Home
Jobs
Saved
Resumes
Application Security Engineer at R2 Companies | JobVerse
JobVerse
Home
Jobs
Recruiters
Companies
Pricing
Blog
Jobs
/
Application Security Engineer
R2 Companies
Remote
Website
LinkedIn
Application Security Engineer
Brazil
Contract
2 hours ago
No Sponsorship
Apply Now
Key skills
Cloud
Kubernetes
Microservices
Go
Istio
Service Mesh
CI/CD
Communication
Collaboration
Snyk
Checkmarx
OWASP
About this role
Role Overview
Conduct secure code reviews for Go-based microservices and identify vulnerabilities early in the development cycle
Perform security testing of APIs, web applications, and backend services before they reach production
Establish and evolve secure coding standards, guardrails, and reusable patterns for engineering teams
Lead threat modeling sessions with engineering and product teams at the design phase of new features and services
Define and enforce security gates in CI/CD pipelines: SAST, DAST, SCA, and secrets scanning with blocking criteria for high-severity findings
Own the DAST process end-to-end: tool selection, scheduling, escalation workflows, and remediation tracking
Integrate container image scanning and infrastructure-as-code (IaC) security checks into deployment pipelines
Support hardening initiatives across Kubernetes, ingress, and workloads
Contribute to the security observability program by defining and tuning alerting rules for authentication anomalies and suspicious API usage
Drive the adoption of secure development across engineering teams by providing guidance, training, and hands-on support
Build and maintain security documentation, runbooks, and standards
Triage, prioritize, and track remediation of security findings across the platform
Coordinate external penetration tests and work with vendors on scope, debriefs, and remediation plans
Sit with product and business teams to understand risk from a product perspective
Ensure there are no open high-severity findings older than 30 days
Requirements
3–5 years of experience in application security, product security, or a similar role
Hands-on experience with SAST/DAST tools (Snyk, Checkmarx, OWASP ZAP, Burp Suite, or equivalent)
Solid knowledge of OWASP Top 10 for web and APIs and real-world exploitability assessment
Experience reviewing code in Go or similar compiled languages
Familiarity with Kubernetes, containers, and cloud-native architectures
Strong written and verbal communication, able to explain security risks clearly to both engineers and non-technical stakeholders
Self-driven and comfortable working with autonomy in a fast-paced environment
English proficiency — written and spoken (required)
Certifications such as OSCP, OSWE, CEH or eWPT
Experience with Istio or service mesh security
Familiarity with compliance frameworks such as ISO 27001, GDPR, or SOC 2
Threat modeling experience (STRIDE, PASTA, or similar)
Experience in fintech or regulated environments.
Tech Stack
Cloud
Kubernetes
Microservices
Go
Benefits
The chance to join a high-impact, mission-driven fintech with regional scale
Cross-functional collaboration with exceptional teams across Latin America
Equipment provided by R2
Training budget for professional development
Career growth within R2
Apply Now
Home
Jobs
Saved
Resumes