Application Security Engineer

Responsibilities:

• Own the Cloudflare stack for edge governance, monitoring traffic to identify DDoS or credential stuffing threats and implementing mitigations without disrupting legitimate customers.
• Lead the third-party bug bounty program, acting as the bridge to triage reports, reward researchers, and apply virtual patches while permanent fixes are developed.
• Proactively identify weaknesses by designing and executing internal penetration tests, focusing on real-world attack paths and escalating flawed business logic.

Qualifications:

• Experience with Cloudflare at scale, including writing Workers and custom WAF expressions to intercept L7 attacks before they reach the origin.
• Familiarity with AWS security tooling like GuardDuty, dependency security practices, and bug bounty platforms such as Intigriti.
• Knowledge of compliance frameworks like PCI DSS and SOC II, with the ability to translate technical controls into audit-ready evidence.

Details:

• This is a fully remote position for candidates based in Mexico or Brazil, with a salary dependent on experience and location.
• The role offers benefits including an employee equity plan, reimbursement for home office and professional development up to $1.5k, and a generous time-off policy.