Sobre VeriTran

Creamos una plataforma Low Code que permite a nuestros clientes crear sus apps de negocio sin tener que preocuparse de escribir una sola línea de código. Con nuestra plataforma, el ciclo completo de desarrollo, tanto Web como Nativas, se hace de forma visual e intuitiva, logrando experiencias de usuario superadoras con el mejor Time to Market.

Nuestra tecnología es utilizada por más de 50 bancos y otras entidades, beneficiando a +14 millones de usuarios que ejecutan anualmente más de 10 mil millones de transacciones, de forma segura y performante.

Somos una compañía global con sedes en Argentina, Chile, Colombia, Estados Unidos, México y Perú, que nos expandimos y encaramos nuevos desafíos. Después de trece años de éxito en la industria bancaria, ampliamos nuestra oferta extendiendo nuestra plataforma y abriéndola en un modelo Cloud. También desarrollamos un Marketplace que conecta a nuestros partners y clientes, permitiéndoles multiplicar el valor de la plataforma mediante extensiones que aceleran la innovación.

Nuestra cultura de ingeniería

En VeriTran estamos fuertemente comprometidos por mejorar en forma continua tanto nuestra capacidad de innovación y entrega, como la calidad de nuestros productos y servicios. Reconocemos que hemos llegado lejos gracias a los compromisos que hemos tomado a nivel técnico, y queremos rodearnos de personas que nos potencien para llegar mucho más lejos aún.

Trabajamos duro para germinar una cultura de excelencia y agilidad técnica y asegurar la más alta calidad en nuestros productos y servicios. Para ello sabemos que es importante poner foco en la automatización de procesos, generación de métricas, monitoreo, acciones preventivas y la formación continua. Por eso buscamos personas entusiasmadas por trabajar de esta manera y con ganas de hacer más. Valoramos la actitud, la autonomía y la capacidad de aprendizaje y mejora por encima de todo. También la pasión por trabajar en equipo, la innovación y el interés por el negocio.

What are we looking for

This position is a senior individual contributor role in our Application Security team.

The position requires good understanding of architecture, design and coding in multiple languages.

As an experienced Application Security Engineer, you are responsible for conducting security reviews on all VeriTran’s products. This ranges from code reviews, vulnerability analyzes, penetration tests, and architectural reviews on new features and existing code, to providing security education and guidance for the entire organization.

This position is not for someone who operates solely on scanner-based vulnerabilities. You will be required to demonstrate a strong technical understanding of both mobile and web applications, backend services, penetration techniques and methodologies. Furthermore, you should have the desire to automate tasks by building tools to help discovery vulnerabilities and be comfortable explaining and communicating vulnerabilities to developers, management and leadership by creating thorough documentation of findings.

Because of the nature of VeriTran’s product, nearly every component we develop needs to interact with sensitive financial and personal data, making the Application Security team an extremely dynamic environment to join.

The most important quality we are looking for is someone who has an “evil bit” - an innate ability to think and operate like an attacker while solving complex problems with expertise and creativity.

Do you thrive on finding security risks in designs? Do you find yourself wondering how attackers could exploit a complex architecture? Do you find new technologies exciting and the puzzle of their security strengths and weaknesses irresistible to solve? Come join us!

What will you do?

  • Think like an attacker and solve complex problems with expertise and ingenuity.
  • Work closely with Product teams on software design for both existing and new features, or for major changes.
  • Work closely with cross functional teams to complete projects and major initiatives using judgment and growing experience. Collaborate with Cloud, IT, Product, and Project teams to understand the solution architecture and then fully articulate the security design of the platform.
  • Perform code reviews, audits, vulnerability analyzes, penetration tests, and architectural reviews on new features and on the platform as a whole and provide recommendation on best practices related to application security.
  • Drive threat modeling and security code walkthrough efforts.
  • Develop, implement, and communicate vulnerability mitigation strategies to Product teams.
  • Help define overall application security strategies and procedures.
  • Help define operational processes to ensure predictable software development outcomes; refine Information Security processes and procedures.
  • Research the latest security best practices, trends, threats and vulnerabilities, and technology frameworks.
  • Research new technologies and their security best practices to Product teams.
  • Develop, recommend, evaluate, integrate, deploy, and maintain security tools including static and dynamic analyzers, security frameworks.
  • Evaluate software security products and technologies, as required.
  • Participate in the implementation of the ISMS controls based on the ISO 27000 series standards.
  • Support suitable Information Security awareness, advice, training and educational activities.
  • Document and disseminate security guidelines for common security issues, remediation guidance, and security baselines.
  • Be a security Subject Matter Expert (SME) and respond to internal security engineering questions and requests.
  • Work solo and collaboratively to deliver projects on a deadline.
  • Give security presentations and represent VeriTran in private or public venues.

Who are you?

  • 3 or more years of provable experience as Application Security Engineer or similar positions.
  • A degree in Computer Sciences, Computer Engineering or related fields.
  • Background in software development industry.
  • Strong understanding of application security patterns including web application security (OWASP top 10, XSS, injection vulnerabilities, CSRF, platform security hardening), and mobile security (device fingerprinting, mobile authentication and key exchange) strategies. Strong knowledge of industry trends in security technology.
  • Strong understanding of applied cryptography and common attacks against modern cryptographic algorithms (encryption at rest, TLS, hashing, etc.)
  • Strong knowledge in mobile and web application code reviews (Android, Objective-C, Java, C, C++, C#, Python, etc.), audits, vulnerability analyzes, penetration tests, and architectural reviews.
  • Ability to deep dive into data and analyze for security and fraud anomalies.
  • Ability to determine risk based on context.
  • Expertise in mobile and web application development.
  • Expertise attacking network protocols and analyzing network traffic.
  • Expertise reverse engineering Android, iOS and Linux Binaries.
  • Expertise securing infrastructure in public cloud (e.g. AWS, Azure, Google Cloud).
  • Expertise in using SAST, DAST, SCA and fuzz testing tools.
  • Expertise automating vulnerability discovery and repetitive tasks.
  • Expertise building automation tools for security processes for both mobile and web applications.
  • Expertise in developing and implementing one or more of the following: Identity and Access Management, SSO, SAML, OpenID Connect, OAuth2 or MFA technologies.
  • Proficiency in both spoken and written English.
  • Self-management skills.
  • Excellent communication and interpersonal skills.
  • Be willing to go beyond the standard routine.
  • Ability to thrive in a high-pressured environment and crisis situations.
  • Ability to adjust quickly to the security needs of a highly agile organization.
  • Ability to multi-task multiple projects at once and drive for results independently.
  • Ability to correctly balance security risk and product advancement.
  • Methodical and diligent with outstanding planning abilities.
  • Excellent knowledge of reporting procedures and record keeping.

We consider it a plus if you have experience with the following:

  • Participate in bug bounty programs and security research.
  • Proficient with one or more of the following tools: Micro Focus Fortify and Qualys Vulnerability Scanner.
  • Related certifications, such as but not limited to: OSCP, OSCE, CEH, CISSP.
  • Knowledge in related standards, such as but not limited to: ISO 27002, ISO 27017 and ISO 27018, PCI DSS, EU GDPR, SOC 1, 2 & 3.
  • Knowledge of the financial industry’s standards and regulations.
  • Background in financial industry.

Te proponemos

  • Formar parte de una compañía que crece exponencialmente año tras año, generando muchísimas oportunidades en un contexto global y desafiante.
  • Un excelente clima de trabajo y un ambiente cuidado con todo lo necesario para que trabajes de la manera más confortable.
  • Una estructura organizacional plana, con comunicaciones abiertas y donde abogamos por la libertad, la responsabilidad, la solidaridad y la humildad como nuestros valores fundamentales.

Estamos creciendo y queremos sumar a los mejores.

Si te suena bien, ¡queremos conocerte!