Application Security Engineer
Remote · Mexico or Brazil
Job Summary
Application Security Engineer role focused on end-to-end security for a globally distributed PaaS platform. Responsibilities include owning the Cloudflare stack, monitoring and mitigating edge threats (DDoS, credential stuffing, scraping) without impacting large customers, writing Cloudflare Workers and custom WAF rules, leading the vulnerability disclosure program via Intigriti, performing internal penetration tests, prioritizing and remediating vulnerabilities in dependencies and supply chain, and coordinating incident response across time zones with SRE, Support, and Product teams. Candidates should bring hands-on experience with Cloudflare at scale, AWS security tooling, dependency and supply chain security practices, bug bounty programs, security scanners, and compliance frameworks, and be able to communicate effectively under pressure across global teams.
Required Qualifications
- Experience with Cloudflare at scale (WAF, Workers, rate limiting, bot management)
- Experience with AWS security tooling (GuardDuty, IAM analysis, CloudTrail)
- Familiarity with dependency and supply chain security practices
- Familiarity with bug bounty platforms (Intigriti, HackerOne)
- Experience with vendor-approved security scanners and integrating them into workflows (SAST, DAST, dependency scanning)
- Familiarity with compliance automation tools (Vanta, Drata)
- Compliance Literacy: Knowledge of PCI DSS or SOC II frameworks (translate security controls into audit-ready evidence)
Apply with one swipe on Sorce. We auto-fill applications and apply on your behalf — no cover letters, no 40-minute forms.
Hiring someone like this?
Get your role in front of qualified candidates on Sorce.