Application Security Specialist

At RecargaPay, we’re on a mission to deliver the best payment experience for Brazilian consumers and small businesses — by building a powerful digital ecosystem where the banked and unbanked connect, and where consumers and merchants have a one-stop shop for all their financial needs.

We serve over 10 million users and process more than USD 4 billion annually. We’ve been profitable since 2022 and operate our own credit business. We are an AI-first, 100% remote team, scaling in the rapidly changing Brazilian financial market.

Our goal? Deliver the best payment experience in Brazil for people and small businesses alike.

We value autonomy, ownership, and a bias for action. We’re looking for people who are curious, hands‑on, and driven by impact — who want to solve real problems, work with strong teams, and rethink what’s possible.

We are looking for a qualified AppSec Specialist to implement secure development processes and analyze application security through methodologies. In addition, will guide the development team on vulnerability remediation, integration of security testing into the SDLC/DevOps cycle. Finally, you will seed the application security culture for the entire company.

• Responsible for the implementation of Secure Development and Application Security Analysis processes in large corporate clients, including: source code security review using SAST solution, validation of vulnerabilities found in source code, discussion of false positive cases, guidance to developers on vulnerability remediation, development and execution of training and support in application security operation with SAST solution;
• Work with development teams to ensure that security is integrated into the software development life cycle;
• Provide technical recommendations and remediation to teams;
• Accompany meetings with business and development areas, providing appropriate advice;
• Develop and apply security training and coding best practices;
• Promote the Application security culture to several areas of the company;
• Developing and maintaining documentation of application security controls;
• Perform regular security audits of applications and systems;
• Stay up-to-date on new security technologies and approaches;
• Drive initiatives which scale application security and holistically address multiple vulnerabilities.

• Experience in development using Java and Spring Boot;
• Experience identifying security issues through code review.
• Education in information technology or related field;
• Understanding of modern web application structure;
• Experience in codereview and applying SSDLC technique;
• Familiarity with web and mobile internet related technologies (web applications, mobile applications, API oriented architecture) and network related protocols;
• Feeling comfortable in Agile / DevOps environment;
• Familiarity with secure development practices
• Proficiency with security tools and technologies
• Strong development or scripting experience and skills. Python is a must.

• Competitive and market-aligned salary.
• Remote work — wherever you are, you’re part of the team!
• Home office allowance through a monthly deposit in the RecargaPay app.
• Health and dental plans with no co-pay.
• Life insurance.
• Flexible meal allowance (via Flash).
• TotalPass membership to take care of your health.
• Spanish classes.

At RecargaPay, you’ll have the freedom to be who you are because we believe that diverse perspectives and experiences make us more creative and stronger. Here, everyone is welcome to express themselves authentically. We value the richness of each journey and the multiple ways of seeing the world, without distinctions of gender, race, sexual orientation, age, religion, or any other characteristic that makes us unique.

By sharing your resume with us, you authorize the use of your data for analysis during the selection process and possibly for other opportunities within the RecargaPay group. You can request the update or deletion of your information at any time, in accordance with LGPD (General Data Protection Law).