Security Engineer - Cyber Security

Description

Job Summary: We are seeking a Security Engineer with both offensive and defensive mindsets to help build and maintain a robust security culture across the entire Trakto platform. Key Highlights: 1. Identify, assess, and mitigate vulnerabilities in applications and infrastructure. 2. Conduct security reviews of code and CI/CD processes. 3. Ensure compliance with security standards and regulations. **About Trakto:** **Hello, we are Trakto!** Latin America's first design platform. For over 10 years, we’ve helped individuals and businesses stand out using our professional templates, high-quality images, and content. **In partnership with Google, we created Trakto Studio**, a solution that revolutionizes scalable ad image generation. Create, edit, and manage brand content intuitively and easily. **About this role:** We’re looking for a Security Engineer with both offensive and defensive mindsets. You’ll help build and maintain a strong security culture across the platform. **Responsibilities and Duties** **Responsibilities:** * Identify, assess, and mitigate vulnerabilities in web applications, APIs, and cloud infrastructure * Conduct security code reviews (SAST/DAST) and review CI/CD processes * Implement and monitor intrusion detection tools, SIEM, and incident response systems * Perform penetration testing (pentest) on Trakto applications and environments * Ensure compliance with standards and regulations (LGPD, ISO 27001, SOC 2\) * Develop and disseminate security policies, processes, and best practices for engineering teams * Collaborate with product and infrastructure teams to apply Security-by-Design principles * Monitor emerging threats and proactively adapt security controls * Respond to customer due diligence inquiries. **Requirements and Qualifications** **Requirements:** * 3\+ years of experience in information security or security engineering * Solid knowledge of web application security (OWASP Top 10, injection, XSS, CSRF, authentication) * Experience with cloud environments (**GCP** \- **mandatory**, Azure or AWS are bonuses) * Familiarity with pentesting and vulnerability analysis tools (Burp Suite, Nmap, Metasploit, etc.) * Knowledge of cryptography, authentication (OAuth2, JWT, SSO), and API security * Ability to clearly communicate technical risks to non-technical audiences **Nice-to-Haves:** * Certifications such as OSCP, CEH, CISSP, or equivalents * Experience with bug bounty programs or red team/blue team activities * Knowledge of DevSecOps and integrating security into CI/CD pipelines * Experience in SaaS companies or platforms handling large volumes of user data * Intermediate or advanced English proficiency **Additional Information** ***Note:*** *This position does not have an immediate start date.* We offer: Remote work; Flash card with flexible benefits; Compensation to be discussed. **Hello, we are Trakto!** Latin America's first design platform. For over 10 years, we’ve helped individuals and businesses stand out using our professional templates, high-quality images, and content. Meet Bella, our AI assistant that helps create content via WhatsApp and other messaging apps — quickly and automatically, without opening our editor. We host the Trakto Show, the largest entrepreneurship event in Brazil’s Northeast region, delivering training and networking opportunities since 2016\. **In partnership with Google, we created Trakto Studio**, a solution that revolutionizes scalable ad image generation. Create, edit, and manage brand content intuitively and easily. Stand out with Trakto — join us as a \#Trakteiro! So take a look at our open positions and apply!