Principal Application Security Engineer | Product Security (Remote, LATAM)
Share
Job Location:
Monthly Salary:
Experience Required:
Posted on:
3 hours ago
Vacancies:
1 Vacancy
Job Summary
This is a remote position.
Location
100% Remote - Open to candidates in LATAM region
Employment Type
Contractor
About Our Client
A leading cloud-native SaaS company in the Human Capital Management (HCM) space serving a global customer base across North America EMEA and Asia Pacific. Their award-winning platform enables organizations worldwide to manage their workforce with efficiency compliance and confidence. With a strong mission of making work life better this company is committed to its employees customers partners and communities globally.
About the Opportunity
We are looking for a Principal Application Security Engineer to join their Product Security this role you will be a key driver of security across the engineering organization - leading security reviews shaping architecture decisions owning high-impact initiatives and enabling engineering teams to build with security by design. This is a senior hands-on individual contributor role with significant influence over the companys overall security posture.
What You Will Do
Product Security Reviews: Lead and scale product security reviews across multiple engineering teams and services including code reviews threat modeling and dynamic/static analysis. Establish patterns and reusable approaches to improve consistency and coverage.
Architecture & Design: Serve as a security thought partner for product architects and engineers. Guide threat modeling efforts assess technical risk and champion security best practices throughout the SDLC.
Strategic Initiatives: Own high-impact security projects that shape the future of the clients product security posture - including supply chain security automation advanced SAST/DAST integrations and secure development training programs.
Vulnerability Remediation: Leverage available tools to investigate security issues assess root causes and design effective remediation strategies. Partner closely with engineering teams to ensure fixes align with security best practices.
Engineering Enablement: Build frameworks guidance and tooling that empower engineering teams to independently build secure systems. Act as a mentor and subject matter expert across teams.
What You Bring
Hands-on experience in application or product security with a strong foundation in software engineering and secure system design.
Technical depth in at least one modern programming language (C# Java or Python).
Familiarity with secure CI/CD practices and software supply chain security.
Cloud security expertise in Azure and/or AWS including IAM containerization networking and native security controls.
Experience defining or scaling application security programs in a cloud-native environment.
Ability to analyze complex distributed and microservices-based systems.
Excellent communication skills able to articulate risk and trade-offs to both technical and non-technical audiences.
Experience with SAST/DAST tools Atlassian suite and pentesting tools such as Burp Suite and sqlmap.
Ability to perform black-box and grey-box testing of web applications and APIs.
Nice to Have
Prior experience in a SaaS or cloud-native company.
Contributions to open-source security tools or research.
Certifications: CISSP CEH or OSCP.
