Application Security Engineer

Syffer is an all-inclusive consulting company focused on talent, tech and innovation. We exist to elevate companies and humans all around the world, making change, from the inside to the outside.

We believe that technology + human kindness positively impacts every community around the world. Our approach is simple, we see a world without borders, and believe in equal opportunities. We are guided by our core principles of spreading positivity, good energy and promote equality and care for others.

Our hiring process is unique! People are selected by their value, education, talent and personality. We dont present ethnicity, religion, national origin, age, gender, sexual orientation or identity.

Its time to burst the bubble, and we will do it together!

What You'll do:

- Execute Application Security activities across the Secure SDLC, ensuring the integration of security best practices from design through to production

-Analyze, track, and support the remediation of vulnerabilities identified through SAST, DAST, SCA, and penetration testing

-Perform secure code reviews and threat modeling for applications (APIs, microservices, and cloud-native architectures)

-Validate security controls and ensure their proper implementation across development and production environments

- Collaborate with development, DevOps, and security teams to integrate security controls into CI/CD pipelines

- Support the implementation of secure development practices in regulated financial environments

- Track vulnerabilities throughout their lifecycle, ensuring proper resolution and management (e.g., via JIRA)

- Support security audits and regulatory compliance requirements

Who You Are:

- Experience in Application Security, DevSecOps, or Cybersecurity

- Strong knowledge of application vulnerabilities (OWASP Top 10 and API Top 10) and Secure SDLC

- Hands-on experience with security tools: SAST, DAST, SCA, and analysis of penetration testing results

- Knowledge of cloud security (AWS and/or Azure) and modern architectures (APIs, microservices)

- Experience with tracking and vulnerability management tools (e.g., JIRA)

- Experience with threat modeling, secure code review, and/or OWASP ASVS is a plus

- Experience with security testing automation and/or working in financial or highly regulated environments is valued

- Strong analytical skills, attention to detail, and ability to work independently

- Effective communication skills and ability to collaborate with technical teams

- Comfortable working in dynamic and highly regulated environments

- Proactive, well-organized, and able to manage priorities effectively

What you'll get:

- Wage according to candidate's professional experience;

- Remote Work whenever possible;

- Delivery of work equipment adjusted to the performance of functions;

- Benefits plan;

- And others.

Work together with expert teams on projects of large magnitude and intensity, long term together with our clients, all leaders in their industries.

Are you ready to step into a diverse and inclusive world with us?

Together we will promote uniquess!