Senior Application Security Engineer

São Paulo/SP or Porto Alegre/POA, Brazil

Who We Are

WillowTree is an award-winning digital product agency driven by innovation and grounded in strategy and user-centered design. We create long-term partnerships with the world’s leading brands to build and design digital flagship products crucial to our clients’ business needs. We’re one of the largest independent digital firms in the US and some of our clients include HBO, National Geographic, Hilton, Anheuser-Busch, PepsiCo, and more! Check out what others are saying about us.

Location and Flexibility

This is a hybrid role. This model requires the ability to work in a hybrid mode from one of our offices in São Paulo (2 times/ week or 8 days/ month) or Porto Alegre (3 times/ week or 12 days/ month). Our WFN culture is designed to foster in-person innovation, collaboration, and connection with team members local and visiting from other global offices.

The Opportunity

WillowTree is hiring empathetic, curious engineers to join our growing team. We work in a fast-paced and energizing atmosphere, helping our clients’ ideas come to life by building robust mobile and web applications. Our Application Security technologies vary by project, so we value flexibility and willingness to learn. We aim to develop amazing solutions for our clients with best practices for security in mind.

You’re a good candidate if you...

Are driven by curiosity and enthusiastic about learning new technologies
Are motivated by solving problems and finding creative solutions by taking the initiative
Have a degree in computer science, IT, systems engineering, and/or related qualification, experience, and/or certifications
Have proficiency in Python, Bash, and/or PowerShell
Possess the ability to work under pressure in a fast-paced environment
Pay strong attention to detail with an analytical mind and outstanding problem-solving skills
Have a great awareness of cybersecurity trends and hacking techniques
Are eager to participate in the change management process
Are comfortable balancing daily administrative tasks, reporting, and communication with the relevant departments in the organization
Have experience with Github Copilot and Actions

Qualifications

Have a degree in computer science, IT, systems engineering, and/or related qualification, experience, and/or certifications
2-5+ years of professional experience in the application security domain
Understanding of OWASP Top 10 and OWASP Top 10 Mobile
Have in-depth experience with many of our core languages: Swift, Java, Kotlin, and/or various versions of JS
Have proficiency in Python, Bash, and/or PowerShell
Experience working within an application security team
Skilled with mobile-related technologies (such as Mobile operating systems, IoT, Cross-platform tools, Mobile networks, and Mobile communication protocols)
Proficient with web-related technologies (Web applications, Web Services, and Service Oriented Architectures), and network/web-related protocols
Detailed technical knowledge of techniques, standards, and state-of-the-art capabilities for authentication, authorization, applied cryptography, security vulnerabilities, and remediation
Advanced English Skills

Skills

Experience with technologies like Snyk, Acunetix, GitHub Actions, and Burpsuite
Experience implementing, testing, and operating advanced application security techniques within an agile environment
Experience with security testing (including troubleshooting/debugging) and code reviews
Staying apprised and implementing the latest secure coding practices
Experience providing or integrating automated tests and tools for the SDLC
Experience identifying and proposing solutions to complex web and mobile application risks
Understand the best practices in various domains of web and mobile application security such as authentication, access control, and data protection

Bonus Points

Experience with CI/CD environments
Experience working in numerous Cloud environments, preferably Azure/AWS/GCP
Can safely perform penetration tests against a wide range of environments
Have a deep interest and curiosity in all aspects of security research and development
You've worked with emerging technologies like Machine Learning (Ml) and artificial intelligence (AI)

Why Poatek/ WillowTree?

In addition to being part of an international and innovative consultancy company, you will have:

Flexible hours and autonomy
Work with cutting edge technologies
Partner with global and relevant brands in the market
Collaborative team and learning ecosystem
Career development plan & growth
International travel opportunities (optional)

Some of our benefits:

Health and dental plan
Life insurance
Monthly voucher for meals, culture, education, health and mobility
Child care assistance and more!

If you love IT as much as we do, we look forward to meeting you!

Equality is a principle here at Poatek. We are committed to building an inclusive team that represents a variety of backgrounds, perspectives, beliefs, and experiences. Therefore we provide equal employment opportunities to all employees and applicants regardless of race, color, religion, gender identity, sexual orientation, national origin, age, or disability.

We will only use the information you provide to process your application and to produce tracking statistics. Since we do not request personal data deemed sensitive, we ask you to abstain from sharing that information with us.

For more information on how we use your information, see our Privacy Policy.

#LI-Hybrid

#WillowTree

Apply for this Job

* Required

First Name *

Last Name *

Email *

Phone *

Resume/CV *

Dropbox Google Drive

(File types: pdf, doc, docx, txt, rtf)

Cover Letter

Dropbox Google Drive

(File types: pdf, doc, docx, txt, rtf)

LinkedIn URL (Please list N/A if you don't have one) *

How did you hear about us? *

Where did you hear about us? *

If you were referred by a Poatek team member, please provide their name.

Have you interviewed with Poatek before? *

Are you legally authorized to work in Brazil? *

Please select your English language proficiency. We ask that you submit your resume and any other application materials in English. *

Are you able to work onsite in a hybrid model from our offices (São Paulo OR Porto Alegre)? This position will not be approved to work remotely. *

Let us know your salary expectation. *

Enter the verification code sent to to confirm you are not a robot, then submit your application.

Security Code *

This application was flagged as potential bot traffic. To resubmit your application, turn off any VPNs, clear the browser's cache and cookies, or try another browser. If you still can't submit it, contact our support team through the help center.