Sr Security Engineer Remote across LATAM ID #00340

We are seeking a hands-on Security Engineer to join our team supporting a high-impact SaaS platform that handles sensitive data across large-scale environments. This role sits at the intersection of application security and cloud infrastructure security, working closely with engineering teams to identify, prioritize, and remediate real security risks.

This is an execution-focused role where success depends on the ability to cut through noise, focus on impactful vulnerabilities, and drive remediation across teams. Over time, the role evolves into building and leading proactive threat hunting capabilities.

Key Responsibilities

Vulnerability Management & Remediation (Initial Focus):
Triage and prioritize large volumes of vulnerabilities from SAST/DAST tools
Build and apply a risk-based prioritization model to identify critical issues
Partner with engineering teams to ensure remediation work is delivered
Own the lifecycle of security findings—from discovery through validation of fixes
Define and enforce remediation SLAs based on severity
Identify gaps in current security tooling and recommend improvements
Threat Hunting & Security Maturity (Ongoing):
Design and implement a proactive threat hunting program
Conduct hypothesis-driven investigations based on threat modeling insights
Develop detection mechanisms and improve signal-to-noise ratio
Collaborate with engineering teams on incident response and mitigation strategies

Basic Qualifications:

Upper-intermediate to advanced English (B2–C1), with strong written and verbal communication skills.
Self-motivated, quick learner, and adaptable to new technologies and legacy systems.
Thrives in a team environment, actively contributes to collaboration, and fosters a sense of community.
Excellent problem-solving and analytical skills, with a keen eye for detail and a proactive approach to issue resolution.
Requirements
Senior experience in Security Engineering, covering both application and infrastructure security
Hands-on experience with SAST and DAST tools, including tuning and managing false positives
Strong understanding of OWASP Top 10 vulnerabilities and modern API security risks
Working knowledge of Node.js, JavaScript, and/or Go (ability to read and understand code)
Experience triaging large volumes of vulnerabilities and identifying true risk exposure
Proven ability to collaborate with engineering teams and drive remediation efforts
Strong judgment in risk prioritization and technical decision-making

Nice to have:

Experience building or running a threat hunting program
Background in regulated environments (healthcare, fintech, or similar)
Experience evaluating or implementing vulnerability scanning tools
Cloud security expertise (AWS and/or GCP)
Detection engineering experience (SIEMs, rule creation, playbooks)

Location LATAM