Sr./Staff Security Engineer

This position is posted by Jobgether on behalf of a partner company. We are currently looking for a Sr./Staff Security Engineer in Brazil.

In this high-impact role, you will be the first dedicated security engineering hire, shaping the foundation of product security across a fast-scaling AI risk decisioning platform. You will operate at the intersection of product, infrastructure, and AI/LLM security, defining how security is embedded into every layer of the system. This is a hands-on, strategic position where you will influence architecture, engineering practices, and company-wide security culture. You will work closely with product and engineering teams to design secure-by-default systems for fintech and enterprise customers. The environment is highly technical, fast-moving, and mission-driven, with strong ownership expectations. Your work will directly contribute to safer digital transactions and more resilient financial systems.

Accountabilities:

• Own end-to-end threat modeling across APIs, event ingestion systems, and AI-driven products, ensuring secure multi-tenant architecture and safe data handling.
• Design and implement authentication, authorization, and role-based access control systems across platforms, including scalable identity and access strategies.
• Build and lead the application security program from the ground up, including SAST, SCA, secret scanning, IaC scanning, and container security in cloud-native environments.
• Define and enforce security guardrails for LLM and agent-based systems, including prompt injection defenses, output validation, and abuse monitoring.
• Lead incident response processes, vulnerability management, and responsible disclosure workflows.
• Establish secure-by-default engineering practices, including documentation such as SECURITY.md and a centralized threat registry.
• Partner with IT and engineering teams on audits, access reviews, and security evidence collection.

Requirements:

• 5+ years of software engineering experience, with at least 3+ years focused on application or product security in fintech or data-intensive environments.
• Strong hands-on experience in Java and/or Python with the ability to review and secure production-grade code.
• Deep understanding of authentication and authorization standards such as SSO, SAML, OAuth 2.0, JWT, mTLS, and JOSE.
• Experience with multi-tenant architectures, PII handling, and data protection strategies.
• Solid knowledge of AWS security services such as IAM, KMS, Secrets Manager, and VPC, as well as Kubernetes environments.
• Experience collaborating with engineering teams to integrate security early in the development lifecycle.
• Strong communication skills and ability to influence technical decisions across teams.

Benefits:

• Competitive salary under a CLT employment model.
• Stock options in the company.
• Full coverage of medical and dental insurance for employees and dependents.
• Life insurance and long-term disability coverage fully covered.
• Monthly meal allowance via Caju Card.
• Remote-first and flexible working culture.
• Family-friendly environment with regular team events and offsites.
• Strong focus on learning, growth, and professional development.
• Opportunity to directly impact the security of global digital financial systems.

How Jobgether works: We use an AI-powered matching process to ensure your application is reviewed quickly, objectively, and fairly against the role's core requirements. Our system identifies the top-fitting candidates, and this shortlist is then shared directly with the hiring company. The final decision and next steps (interviews, assessments) are managed by their internal team. We appreciate your interest and wish you the best!  Why Apply Through Jobgether?    Data Privacy Notice: By submitting your application, you acknowledge that Jobgether will process your personal data to evaluate your candidacy and share relevant information with the hiring employer. This processing is based on legitimate interest and pre-contractual measures under applicable data protection laws (including GDPR). You may exercise your rights (access, rectification, erasure, objection) at any time.     #LI-CL1