Senior Application Security Engineer

Information Security Recife, Brazil

About Liferay 

Liferay is a uniquely profitable open source software company with 850+ fiery-eyed employees scattered across the known world. Our flagship product is Liferay Digital Experience Platform which companies like HP, Barclays, and Coach use to build great web experiences for their customers and employees. Along with making cool software, we have a greater-than-profit vision that fuels us. We give employees 5 days paid off to volunteer at charities they’re excited about and we donate a portion of our profits to various charities around the world each year. Oh, we’re also self-funded which gives us the freedom to work on whatever we think brings the most value to customers and communities in the long run. 

Key Responsibilities

  • Conduct application security code reviews of Liferay applications (esp. Liferay’s SAAS, PAAS offerings), identify design flaws and vulnerabilities, help Engineering team to address the findings
  • Lead security reviews and threat modelling of new features, architecture changes and security tests
  • Identify security gaps in the software development lifecycle and enforce use of security practices through automation
  • Perform security assessments of the application
  • Organize and manage security vulnerabilities from identification to resolution (security vulnerability management)
  • Cooperate with various product teams to secure the build and release pipeline
  • Work with Information Security team on improving Application Security program through policies and procedures
  • Improve product protections based on new threats and vulnerabilities
  • Support team members with the best security practices, tools and procedures, documentation, raise security awareness and help with security trainings

Required Qualifications

  • Bachelor's degree in computer science or equivalent
  • Security experience
  • Strong understanding and experience with security libraries, security controls implementation and security vulnerabilities
  • General security experience and knowledge of internet protocols, networking and application level attacks
  • Solid experience with software development
  • Experience with JavaScript in both backend and frontend
  • Experience with REST APIs, GraphQL or both
  • Experience in Agile software development
  • Excellent communication skills
  • Ability to identify repeatable processes and automate them quickly

Preferred Qualifications

  • Professional experience with NodeJS
  • Professional experience with React
  • Professional experience with Java
  • Professional experience with Kubernetes
  • Professional experience with cloud environment like GCP, Azure or AWS
  • Experience leading small teams (2 to 4 devs)
  • Knowledge of OWASP Application Security Verification Standard and OWASP SAMM
  • Experience with bug hunting or penetration testing

Awesome, but what does Liferay offer to me?

  • Salary package w/ competitive benefits according to qualifications and experience
  • Opportunities to take responsibility and grow professionally
  • A positive and collaborative work culture
  • Flexible schedule
  • Work in a fast-growing, successful company with incredible mission and values


Equal Opportunities Employer - Statement

Liferay is committed to the equal treatment of all candidates, customers and employees and to fostering a culture of dignity at work. Our operating procedure provides for equal opportunities in recruitment and employment with the aim to eliminate discrimination against any job applicant or employee on the basis of race, age, sexual orientation, gender or gender reassignment, religion or beliefs, marital or civil partnerships status, family or dependency status, disability, pregnancy and maternity or membership of a traveling community.