Staff Application Security Engineer - Yalo Inc. Brasília, Federal District, Brazil Bookmark Share Print 144 0 0

Listing Description

Yalo


Hi! This is Yalo! We are on a mission to bring conversational commerce to the world...


Remember how it used to be to interact with businesses that knew and understood you, that could recommend exactly what you needed, and that with a simple message could get you what you wanted??? Yep... neither do we. That is why at Yalo we are marrying the scale of digital commerce with the personalization and simplicity of conversations to help companies delight their users.


We know that traditional SAAS companies focus on first world problems... we don't! Having started in Latin America, our roots are in Emerging Markets and therefore we care about bringing amazing experiences to a population that traditionally has been underserved, such as the small shop owner in Brazil that is ordering online for the first time.


If you're looking for a place to make shit happen, learn fast, and impact emerging markets in a way that hasn't been done before, look no further. 💫


Come join us in our mission of improving billions of lives through the power of conversational commerce!


Security Team


As a Staff Application Security Engineer you will help build a culture of continuous improvement, raising awareness and understanding of important security practices and considerations throughout Yalo.  


What are the activities of a Staff Security Engineer?



  • Lead security design reviews in partnership with Yalo engineering, product design and research and development teams.

  • Perform secure code review of Yalo proprietary services, partner services and third-party application services to include review of newly released product features.

  • Develop and maintain a catalog of technical security requirements for Yalo's Software Development and release lifecycle.(OWASP/API/Mobile top 10, CWE/SANS top 25)

  • Select and implement a framework for conducting web application security testing and validation such as OWASP (ASVS).

  • Design security tooling such as (SAST/DAST) code scanning for the continuous identification of system/software vulnerabilities and common misconfigurations. 

  • Act as a security team delegate participating in routine product architecture reviews responsible for defining the minimum level of security requirements and secure design principles needed to mitigate risk without compromising on customer experience. 

  • Conduct security research to identify emerging threats and vulnerabilities.

  • Conduct routine training sessions to educate software engineering teams on how to identify and prevent commonly exploited weaknesses such as XSS, IDOR, RCE, CSRF.

  • Mentor junior team members by conducting AppSec knowledge sharing sessions.

  • Provide product and application security related coaching, mentoring, and training to elevate security expertise of development teams.


Experience you need to perform this role:



  • 8+ years of experience as an application security engineer or a mix of security engineering and software development.

  • Bachelor’s degree in Computer Science, Information Systems or related field or equivalent work experience. 

  • Deep expertise in using web application security scanning and penetration testing tools such as BurpSuite, Metasploit, Qualys, CANVAS, Code Pulse, Nettacker, ZAP, OWTF.

  • Strong knowledge of networking and internet protocols (TCP/IP, DNS, SMTP, HTTP etc.)

  • Strong knowledge in web security protocols (SSL/TLS, REST, SAML, OAuth, OIDC etc)

  • Work experience, open-source code, or coursework in any of the following languages:Java, C#, Python/Django, Ruby/Ruby on Rails. Javascript/typescript, Golang

  • Any of the following certifications are desirable, but not required:
    Certified Ethical Hacker (CEH), GIAC Penetration Tester (GPEN), Offensive Security Certified Professional (OSCP).

  • Deep understanding of Security in the Software Development Life Cycle.

  • Familiar with security frameworks and standards. (SOC2, ISO27001, NIST CSF)


What soft skills matter to us?



  • Excellent time-management skills

  • Team player

  • Critical thinker and problem-solving skills

  • Sense of ownership and pride in your performance and its impact on the company’s success.

  • Interpersonal and communication skills.


What do we offer?


  • Unlimited PTO policy

  • Competitive rewards on the market range

  • Remote working (-+3 hours CT)

  • Flexible time (driven by results)

  • Friday Off once a month

  • No Meetings Wednesday

  • Start-up environment

  • International teamwork

  • You and nothing else limit your career here.


We care,


We keep it simple,


We make it happen


 


 


#LI-Remote

Listing Details

  • Citizenship: Not Provided
  • Incentives: Not Provided

 

  • Education: Not Provided
  • Travel: Not Provided
  • Telework: Not Provided

About Us

NinjaJobs is a community-run job platform developed by information security professionals. Our unique approach of focusing strictly on cybersecurity positions allows us to personalize the user experience.

Useful Links

Our Contacts

1765 Greensboro Station Pl.
Suite 900
Tysons Corner Va 22102

(703) 594-7765

requests@ninjajobs.org
www.ninjajobs.org
Chat with us!