Donorbox - Application Security Engineer
Upload My Resume
Drop here or click to browse · PDF, DOCX, DOC, RTF, TXT
Requirements
• Experience with Cloudflare at scale (WAF, Workers, rate limiting, bot management) • Cloudflare at scale • Experience with AWS security tooling (e.g., GuardDuty, IAM analysis, CloudTrail) • Familiarity with dependency and supply chain security practices • Familiarity with bug bounty platforms (e.g., Intigriti, HackerOne) • bug bounty platforms • Experience with vendor-approved security scanners and integrating them into workflows (e.g., SAST, DAST, dependency scanning) • vendor-approved security scanners • Familiarity with compliance automation tools (e.g., Vanta, Drata) • compliance automation tools • Compliance Literacy: Knowledge of PCI DSS or SOC II frameworks. You understand how to translate technical security controls into audit-ready evidence. • Compliance Literacy: • PCI DSS • SOC II • Details • Details • Fully remote based in Mexico or Brazil • Salary depending on experience and location
Responsibilities
• Edge Governance & Traffic Analysis: Own the Cloudflare stack. Monitor traffic patterns to identify threats (DDoS, credential stuffing, scraping) and implement real-time countermeasures. You know how to mitigate a threat without shutting down a "big customer."Cloudflare Mastery: You don't just click toggles; you write Cloudflare Workers and custom WAF expressions to intercept sophisticated L7 attacks before they hit our origin. • Edge Governance & Traffic Analysis • Vulnerability Ecosystem (Intigriti): Lead our 3rd-party researcher program. Triage and validate reports, ensuring we reward the first reporter and immediately implement "kills" at the source (e.g., via Cloudflare rules) to stop the noise.You are the bridge between external researchers and our internal dev teams. You move fast to validate, reward, and—most importantly—virtual-patch vulnerabilities at the edge while the permanent fix is escalated to the dev team. • Vulnerability Ecosystem (Intigriti) • Offensive Strategy & Internal Pen-tests: Proactively identify weaknesses across our systems Design and execute targeted internal penetration tests. Focus on real-world attack paths. You will identify and escalate flawed business logic. Not checkbox testing. Partner with engineering teams to ensure fixes are implemented effectively. You see the gaps in how the product is designed and advocate for systemic fixes. • Offensive Strategy & Internal Pen-tests • Application & Dependency Security: Monitor and respond to vulnerabilities in application dependencies and frameworks (e.g., reviewing alerts from tools like Dependabot and validating real impact). Evaluate real-world impact of supply chain risks (not all CVEs are equal). Work with engineering teams to prioritize and remediate issues effectively. Improve processes around dependency management and secure development practices • Application & Dependency Security • Incident Response & Global Collaboration: Communicate clearly and effectively under pressure. Coordinate across time zones with SRE, Support, and Product teams. In a crisis, you act decisively but keep the right stakeholders informed. Investigate and respond to cloud-native security signals (e.g., AWS GuardDuty, unusual IAM or network activity) • Incident Response & Global Collaboration
Benefits
• Fully remote work from the comfort of your home • Eligibility for employee equity plan (stock options) • Reimbursement package for home office expenses and professional development, up to $1.5k • Generous time off policy of 21 days (birthday included 🎉), 8 holidays of your choice, and 2 paid volunteer days • Wellness program with fitness and mindfulness classes • Love your work and our mission of serving nonprofits! • The Application Process • We have 6 stages: • We have 6 stages: • Prescreen Call with the Talent Team • Interview with Hiring Manager • Panel/Final Interview • Background & Reference Checks • If this sounds like the right role for you, please apply today and let us know why. We look forward to hearing from you!
No credit card. Takes 10 seconds.