Senior Application Security Engineer

Posted:
8/26/2024, 8:36:08 AM

Location(s):
São Paulo, Brazil ⋅ Rio Grande do Sul, Brazil

Experience Level(s):
Senior

Field(s):
IT & Security ⋅ Software Engineering

Workplace Type:
Hybrid

Senior Application Security Engineer 

São Paulo/SP or Porto Alegre/POA, Brazil

Who We Are

WillowTree is an award-winning digital product agency driven by innovation and grounded in strategy and user-centered design. We create long-term partnerships with the world’s leading brands to build and design digital flagship products crucial to our clients’ business needs. We’re one of the largest independent digital firms in the US and some of our clients include HBO, National Geographic, Hilton, Anheuser-Busch, PepsiCo, and more! Check out what others are saying about us.

Location and Flexibility

This is a hybrid role. This model requires the ability to work in a hybrid mode from one of our offices in São Paulo (2 times/ week or 8 days/ month) or Porto Alegre (3 times/ week or 12 days/ month). Our WFN culture is designed to foster in-person innovation, collaboration, and connection with team members local and visiting from other global offices.

The Opportunity

WillowTree is hiring empathetic, curious engineers to join our growing team. We work in a fast-paced and energizing atmosphere, helping our clients’ ideas come to life by building robust mobile and web applications. Our Application Security technologies vary by project, so we value flexibility and willingness to learn. We aim to develop amazing solutions for our clients with best practices for security in mind.

You’re a good candidate if you...

  • Are driven by curiosity and enthusiastic about learning new technologies 
  • Are motivated by solving problems and finding creative solutions by taking the initiative
  • Have a degree in computer science, IT, systems engineering, and/or related qualification, experience, and/or certifications
  • Have proficiency in Python, Bash, and/or PowerShell
  • Possess the ability to work under pressure in a fast-paced environment
  • Pay strong attention to detail with an analytical mind and outstanding problem-solving skills
  • Have a great awareness of cybersecurity trends and hacking techniques
  • Are eager to participate in the change management process
  • Are comfortable balancing daily administrative tasks, reporting, and communication with the relevant departments in the organization
  • Have experience with Github Copilot and Actions

Qualifications

  • Have a degree in computer science, IT, systems engineering, and/or related qualification, experience, and/or certifications
  • 2-5+ years of professional experience in the application security domain
  • Understanding of OWASP Top 10 and OWASP Top 10 Mobile
  • Have in-depth experience with many of our core languages: Swift, Java, Kotlin, and/or various versions of JS
  • Have proficiency in Python, Bash, and/or PowerShell
  • Experience working within an application security team
  • Skilled with mobile-related technologies (such as Mobile operating systems, IoT, Cross-platform tools, Mobile networks, and Mobile communication protocols)
  • Proficient with web-related technologies (Web applications, Web Services, and Service Oriented Architectures), and network/web-related protocols
  • Detailed technical knowledge of techniques, standards, and state-of-the-art capabilities for authentication, authorization, applied cryptography, security vulnerabilities, and remediation
  • Advanced English Skills

Skills

  • Experience with technologies like Snyk, Acunetix, GitHub Actions, and Burpsuite
  • Experience implementing, testing, and operating advanced application security techniques within an agile environment
  • Experience with security testing (including troubleshooting/debugging) and code reviews
  • Staying apprised and implementing the latest secure coding practices
  • Experience providing or integrating automated tests and tools for the SDLC
  • Experience identifying and proposing solutions to complex web and mobile application risks
  • Understand the best practices in various domains of web and mobile application security such as authentication, access control, and data protection

Bonus Points

  • Experience with CI/CD environments
  • Experience working in numerous Cloud environments, preferably Azure/AWS/GCP
  • Can safely perform penetration tests against a wide range of environments
  • Have a deep interest and curiosity in all aspects of security research and development
  • You've worked with emerging technologies like Machine Learning (Ml) and artificial intelligence (AI)

Why Poatek/ WillowTree?

In addition to being part of an international and innovative consultancy company, you will have:
  • Flexible hours and autonomy
  • Work with cutting edge technologies
  • Partner with global and relevant brands in the market
  • Collaborative team and learning ecosystem
  • Career development plan & growth
  • International travel opportunities (optional)
Some of our benefits:
  • Health and dental plan
  • Life insurance
  • Monthly voucher for meals, culture, education, health and mobility
  • Child care assistance and more!

If you love IT as much as we do, we look forward to meeting you!

Equality is a principle here at Poatek. We are committed to building an inclusive team that represents a variety of backgrounds, perspectives, beliefs, and experiences. Therefore we provide equal employment opportunities to all employees and applicants regardless of race, color, religion, gender identity, sexual orientation, national origin, age, or disability.

We will only use the information you provide to process your application and to produce tracking statistics. Since we do not request personal data deemed sensitive, we ask you to abstain from sharing that information with us.

For more information on how we use your information, see our Privacy Policy.

#LI-Hybrid

#WillowTree