SR Application Security Engineer - Argentina, Brazil, Uruguay & Spain

Why should you join dLocal?dLocal enables the biggest companies in the world to collect payments in 40 countries in emerging markets. Global brands rely on us to increase conversion rates and simplify payment expansion effortlessly. As both a payments processor and a merchant of record where we operate, we make it possible for our merchants to make inroads into the world’s fastest-growing, emerging markets.By joining us you will be a part of an amazing global team that makes it all happen, in a flexible, remote-first dynamic culture with travel, health and learning benefits, among others. Being a part of dLocal means working with 1000+ teammates from 30+ different nationalities and developing an international career that impacts millions of people’s daily lives. We are builders, we never run from a challenge, we are customer-centric, and if this sounds like you, we know you will thrive in our team.What will I be doing?Implement a software assurance model designed to address security defects early in the delivery pipelinePerform security design reviews for new features and product releasesPerform code reviews and advise developers on remediation techniquesDesign controls to detect and respond to common attacks on our platformTech talks in high technical level to engineersTriage and respond to external inquiries around security vulnerabilitiesFacilitate internal training on various security topics to raise awareness and interestWhat skills will I need to have?Strong proficiency in at least one programming language like Java, goLang, Python and/or NodeJS/TypeScript and also knowledge in any scripting languages5+ years of hands-on experience working with developers in building a software assurance modelDemonstrate the ability to manually fix/mitigate security flaws on web applications and APIs code-levelExperience designing secure web services, APIs and microservice architecturesFamiliarity with threat modeling frameworks in cloud-base environments (OWASP, STRIDE, MITRE, etc)Familiarity with OWASP verification guidelines (ASVS), OWASP Top 10s (web, API, LLM) and NIST special publicationsExperience with application/development security tools, including but not limited to: Burp Suite, Qualys/WAS (Tenable or similar), Apiiro (Wiz, GHAS, or similar), Github (Gitlab, Bitbucket or similar), ECS/EKS, Github Actions, etcFamiliarity with the implementation and maintenance of SAST/DAST/IAST/SCA security sensors in a development pipelineIn-depth knowledge of OWASP10, SANS25 and other world-known application security frameworksUnderstanding of a complete SDLC and how to make it secured (S-SDLC)Familiarity with Cloud platforms (AWS preferably)Ability to lead people to problem resolution when it comes to Security (Integrate teams, especially the Engineering Team)Experience on how to secure LLMs and generative AI applicationsWill be considered a plus:Certified in any related security development certifications like CSSLP, CASE or othersExposure to PCI-DSS, ISO27001 and/or SOC2 framework or any other relevant security standard will be valuedExtensive knowledge of security architectures, both monoliths and microservices, including how they are developed and operate at scaleHave had developed a personal or enterprise software/script with focus on security (exploitation of vulnerabilities, hardening automation, API integration for securityWhat do we offer? Besides the tailored benefits we have for each country, dLocal will help you thrive and go that extra mile by offering you: Remote work: work from anywhere or one of our offices around the globe!* Flexibility: we have flexible schedules and we are driven by performance Fintech industry: work in a dynamic and ever-evolving environment, with plenty to build and boost your creativity Referral bonus program: our internal talents are the best recruiters - refer someone ideal for a role and get rewarded Learning & development: get access to a Premium Coursera subscription Language classes: we provide free English, Spanish, or Portuguese classes Social budget: you'll get a monthly budget to chill out with your team (in person or remotely) and deepen your connections! dLocal Houses: want to rent a house to spend one week anywhere in the world coworking with your team? We’ve got your back!For people based in Montevideo (Uruguay) applying to non-IT roles, 55% monthly attendance to the office is requiredWhat happens after you apply?Our Talent Acquisition team is invested in creating the best candidate experience possible, so don’t worry, you will definitely hear from us. We will review your CV and keep you posted by email at every step of the process!Also, you can check out our webpage, Linkedin, Instagram, and Youtube for more about dLocal!We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.