Embed security into software development lifecycle, build and automate secure CI/CD pipelines, and drive vulnerability management. Hands-on experience with security scanning tools, scripting languages, and cloud-native technologies. Strong understanding of web application vulnerabilities and secure architecture principles.
Key Highlights
Key Responsibilities
Technical Skills Required
Job Description
Open to all Latam - 100% Remote
Long term
English B2 - C1
This is a full-time contractor engagement on a dedicated, exclusive basis for a single client. The selected contractor will not take on additional clients or projects during the term of the engagement.
You will be responsible for embedding security into every stage of our software development lifecycle (SDLC). This is a hands-on role for a builder who is passionate about shifting security left and empowering developers to ship secure code, quickly and confidently. You will be instrumental in maturing our DevSecOps practices, building out our security automation, and ensuring our platform meets the stringent security and compliance requirements of the fintech landscape, including our goals for SOC 2 Type I readiness.
Responsibilities
Interested in remote work opportunities in Cyber Security? Discover Cyber Security Remote Jobs featuring exclusive positions from top companies that offer flexible work arrangements.
Build and Automate Secure CI/CD Pipelines: Design, implement, and maintain security controls within our GitHub Actions CI/CD pipelines. You will be hands-on with tools for Static Application Security Testing (SAST), Software Composition Analysis (SCA), Infrastructure-as-Code (IaC) scanning, and secret detection.
Drive Vulnerability Management: Take ownership of our vulnerability management program using platforms like DefectDojo. You will work closely with engineering teams to triage findings, prioritize remediation efforts, and reduce our overall risk profile.
Champion Secure Development: Act as a security subject matter expert for our product engineering teams. You will conduct security architecture reviews, perform threat modeling for new features, and promote secure coding best practices across our Python-based services.
Coordinate Security Assessments: Manage and support internal and external penetration testing engagements, track findings, and drive remediation efforts with the relevant teams.
Develop Security Standards: Help define and document foundational security requirements for source code management, secrets management, and our CI/CD processes to ensure they are secure by design.
Support Compliance Initiatives: Partner with our GRC function to implement necessary application security controls and gather evidence to support our SOC 2 and PCI compliance audits.
Requirements
Browse our curated collection of remote jobs across all categories and industries, featuring positions from top companies worldwide.
Proven experience as an Application Security Engineer, Product Security Engineer, or in a similar role.
Hands-on experience building, securing, and operating CI/CD pipelines, preferably with GitHub Actions.
Strong proficiency with security scanning tools (e.g., SAST, DAST, SCA, secret scanning).
Proficiency in a scripting or programming language, with a strong preference for Python to align with our primary tech stack.
Deep understanding of web application vulnerabilities, secure architecture principles, and the OWASP Top 10.
Experience working with cloud-native technologies and environments (GCP, Kubernetes/GKE, Docker).
Experience in a regulated industry (Fintech, Healthcare, etc.) and familiarity with compliance frameworks like SOC 2 and PCI DSS.
Experience with Infrastructure-as-Code tools like Terraform and related security scanners (e.g., Checkov).
Familiarity with vulnerability management platforms like DefectDojo.
Equivalent competencies in any of the above will also be considered.
Similar Jobs
Explore other opportunities that match your interests
Security Architect
Synapri
Security Architect SME
Valiant Solutions
