São Paulo, Brazil

As an Application Security Engineer will be contributing to improve the security within the SDLC by identifying and implementing appropriate security controls such as training the teams in secure development practices, implementing SAST flows and growing security testing capabilities. You’ll be the POC for AppSec for development and operations teams.

Key accountabilities:

Develop and implement security protocols for our applications and services.
Write and maintain security tooling and automations.
Conduct regular security assessments and recommend improvements.
Collaborate with the development team to ensure the application designs are secure.
Assist with security incidents and provide post-event reports and analysis.
Stay up-to-date with the latest security trends and countermeasures.

Minimum Qualifications:

Bachelor's degree in Computer Science, Information Technology or a related field and 3 years of experience, or 5+ years of experience in application security or product security related roles.
Strong knowledge of a programming language (Python, Javascript, Go, etc.).
Experience with writing and maintaining security tooling and automations.
Deep understanding of application and network security.
Deep understanding with Threat Modeling methodologies and processes
Ability to work independently and manage multiple tasks simultaneously.
Excellent problem-solving skills and attention to detail.

Preferred Qualifications:

AWS or GCP Architect certification (AWS Certified Solutions Architect, Professional Cloud Architect)
Familiarity with DevSecOps and agile methodologies.
Knowledge of cloud security best practices.
Security certification, such as OSCP, CSSLP, CASE, etc.
Experience in working with security frameworks like OWASP, SANS, NIST, or CIS.
Proficiency in secure coding practices and a familiarity with static code analysis tools.
Knowledge of encryption algorithms, secure communications, and data protection.
Hands-on experience with implementation of Application Security Architecture and Controls (Web-Application Firewalls, SAST, DAST, SCA, etc.) in hybrid environments.

#LI-MT1

#LI-Hybrid

About Media.Monks:

Media.Monks is the global, purely digital, unitary operating brand of S4Capital plc. Since 2021, Media.Monks has combined diverse solutions—media, data, social, platforms, studio, experience, brand and technology services—to serve as a consultative partner integrating systems and workflows that deliver unfettered content production, scaled experiences and data science fueled by AI and the industry’s very best talent and teams.

Media.Monks was named a Contender in The Forrester Wave™: Global Marketing Services. It has earned a constant presence on Adweek’s Fastest Growing lists (2019-23), ranks among Cannes Lions' Top 10 Creative Companies (2022-23), and earns continual inclusion in AdExchanger’s Programmatic Power Players (2020-23). It has also been named Adweek’s first AI Agency of the Year (2023). Business Intelligence has recognized Media.Monks in its 2024 Excellence in Artificial Intelligence Awards program in three categories: the Individual category, Organizational Winner in AI Strategic Planning, and AI Product for its service Monks.Flow. Media.Monks has earned the title of Webby Production Company of the Year (2021-23), won a record number of FWAs, and a spot on Newsweek’s Top 100 Global Most Loved Workplaces 2023.

Disclaimer:

Responsible for resourcing and implementing security controls for your teams processes and systems
Responsible that all your personnel apply information security in accordance with the established information security policy

Apply for this job

Disclaimer:

Responsible for resourcing and implementing security controls for your teams processes and systems

Responsible that all your personnel apply information security in accordance with the established information security policy