Application Security Engineer

TL;DR

Application Security Engineer (Cloudflare/AWS): Own edge governance, traffic analysis, vulnerability triage via bug bounty programs, internal penetration tests, application dependency security, and incident response with an accent on real-time threat mitigation and collaboration across teams. Focus on designing countermeasures for sophisticated attacks, validating researcher reports, and prioritizing fixes based on real-world impact.

Fully remote based in Mexico or Brazil

Company

SaaS platform serving nonprofits with donation and fundraising tools.

What you will do

• Own Cloudflare stack for traffic monitoring, DDoS mitigation, credential stuffing prevention, and custom WAF rules with Workers.
• Lead Intigriti bug bounty program: triage reports, reward researchers, implement edge kills, and bridge to dev teams.
• Conduct proactive internal penetration tests focusing on real-world attack paths and business logic flaws.
• Monitor and remediate application dependencies and supply chain risks using tools like Dependabot.
• Handle incident response, coordinating with SRE, Support, and Product across time zones using AWS security tools.
• Improve secure development practices and ensure compliance with PCI DSS and SOC II.

Requirements

• Experience with Cloudflare at scale (WAF, Workers, rate limiting, bot management)
• AWS security tooling (GuardDuty, IAM analysis, CloudTrail)
• Dependency and supply chain security practices
• Bug bounty platforms (Intigriti, HackerOne)
• Vendor-approved security scanners (SAST, DAST, dependency scanning) integrated into workflows
• Compliance automation tools (Vanta, Drata) and PCI DSS/SOC II knowledge

Culture & Benefits

• Fully remote work from home
• Employee equity plan (stock options)
• Reimbursement for home office and professional development up to $1.5k
• 21 days time off (birthday included), 8 holidays of your choice, 2 paid volunteer days
• Wellness program with fitness and mindfulness classes