Sr./Staff Security Engineer

This position is posted by Jobgether on behalf of a partner company. We are currently looking for a Sr./Staff Security Engineer in Brazil.

This is a foundational security engineering role where you will define and build the security posture of a fast-scaling AI-driven risk decisioning platform. You will be the first dedicated security hire, owning product security across APIs, infrastructure, and emerging LLM-based systems. The role combines hands-on engineering with strategic security architecture, shaping how authentication, authorization, and multi-tenant protections are designed from the ground up. You will play a key role in embedding security into the development lifecycle rather than applying it after the fact. The environment is highly technical, fast-moving, and deeply collaborative, working alongside experienced engineers building systems that process sensitive financial and behavioral data. This position offers high autonomy, strong ownership, and direct impact on the safety and trustworthiness of modern digital finance.

Accountabilities:

• Own threat modeling across core platform APIs, event ingestion systems, and AI/agent-based products, ensuring strong multi-tenant isolation and secure data handling.
• Design and implement authentication and authorization systems, including RBAC, SSO, OAuth2, JWT, and API security frameworks.
• Build and scale the application security program, including SAST, SCA, secret scanning, IaC scanning, and container security across cloud-native infrastructure.
• Develop and enforce secure-by-design patterns across engineering teams, integrating security early in the development lifecycle.
• Define and implement guardrails for LLM and AI systems, including prompt injection defenses, abuse monitoring, and output validation.
• Lead vulnerability management, security incident response, and responsible disclosure workflows.
• Establish and maintain security documentation, threat registries, and compliance-aligned evidence collection processes.
• Partner with IT and engineering teams on access reviews, audits, and cross-system incident response activities.
• Stay current with evolving security standards, including OWASP, MITRE ATT&CK, and emerging AI security practices.

Requirements:

• 5+ years of software engineering experience, including 3+ years focused on application or product security.
• Strong hands-on experience with secure code review in Java and/or Python.
• Deep knowledge of authentication and authorization systems (SSO, SAML, OAuth2, JWT, mTLS, JOSE) and multi-tenant architectures.
• Experience with cloud security in AWS (IAM, KMS, Secrets Manager, VPC) and containerized environments such as Kubernetes.
• Strong understanding of PII protection, tokenization, and secure data handling practices.
• Experience working in fintech or data-intensive SaaS environments is highly desirable.
• Ability to collaborate closely with engineering teams and influence secure design decisions.
• Strong analytical and problem-solving skills with a proactive, builder mindset.
• Nice to have: experience with SOC2/PCI/ISO27001 audits, SAST tuning (Semgrep/CodeQL), bug bounty programs, or security certifications (OSCP, CISSP).

Benefits:

• Competitive CLT compensation package.
• Stock options as part of long-term incentive alignment.
• Comprehensive healthcare and dental coverage for employees and dependents.
• Life insurance and disability coverage.
• Monthly meal allowance via Caju Card.
• Fully remote-first work culture.
• Strong focus on learning, development, and career growth.
• Inclusive, family-friendly environment with team events and offsites.
• Opportunity to directly improve the security of financial and AI-driven systems at scale.

How Jobgether works: We use an AI-powered matching process to ensure your application is reviewed quickly, objectively, and fairly against the role's core requirements. Our system identifies the top-fitting candidates, and this shortlist is then shared directly with the hiring company. The final decision and next steps (interviews, assessments) are managed by their internal team. We appreciate your interest and wish you the best!  Why Apply Through Jobgether?    Data Privacy Notice: By submitting your application, you acknowledge that Jobgether will process your personal data to evaluate your candidacy and share relevant information with the hiring employer. This processing is based on legitimate interest and pre-contractual measures under applicable data protection laws (including GDPR). You may exercise your rights (access, rectification, erasure, objection) at any time.     #LI-CL1