Remote Application Security Engineer

Description:

• dLocal enables the biggest companies in the world to collect payments in 40 countries in emerging markets.
• Global brands rely on dLocal to increase conversion rates and simplify payment expansion effortlessly.
• The company operates as both a payments processor and a merchant of record in the markets where it operates.
• The role involves implementing a software assurance model designed to address security defects early in the delivery pipeline.
• The engineer will perform security design reviews for new features and product releases.
• Responsibilities include performing code reviews and advising developers on remediation techniques.
• The position requires designing controls to detect and respond to common attacks on the platform.
• The engineer will triage and respond to external inquiries regarding security vulnerabilities.
• Facilitating internal training on various security topics to raise awareness and interest is also part of the role.

Requirements:

• Strong proficiency in at least one programming language like Java and/or NodeJS, along with knowledge of any scripting languages.
• Hands-on experience working with developers in building a software assurance model is required.
• The candidate must demonstrate the ability to manually fix/mitigate security flaws on web applications and APIs at the code level.
• Experience in designing secure web services, APIs, and microservice architectures is necessary.
• Familiarity with threat modeling frameworks in cloud-based environments such as OWASP, STRIDE, and MITRE is expected.
• Experience with application/development security tools, including but not limited to Burp Suite, Qualys/WAS, Checkmarx, Bitbucket, Jenkins, and Docker, is required.
• Familiarity with the implementation and maintenance of SAST/DAST/IAST/SCA security sensors in a development pipeline is needed.
• In-depth knowledge of OWASP10, SANS25, and other well-known application security frameworks is essential.
• Understanding of a complete Software Development Life Cycle (SDLC) and how to secure it (S-SDLC) is required.
• Familiarity with cloud platforms such as AWS or equivalent is necessary.
• The ability to lead teams to problem resolution regarding security, particularly integrating with the Engineering Team, is important.
• Effective written and oral communication skills involving both business and technical aspects are required.
• The candidate must be able to quickly identify issues and solve them.
• The ability to present technical risks to a broader audience, both in written and spoken formats, is necessary.

Benefits:

• dLocal offers a flexible, remote-first dynamic culture with travel, health, and learning benefits.
• Employees will be part of an amazing global team that impacts millions of people's daily lives.
• The company promotes a culture of building and facing challenges head-on.
• Team members will have the opportunity to develop an international career with colleagues from 25+ different nationalities.