Product Security Engineer (Remote - Brazil)

KnowBe4 is the global leader in Human Risk Management, trusted by over 70,000 organizations worldwide to secure employees and AI agents for over 15 years. We are pioneering a new era of security, AI-powered since 2016, and market-leading since day one.

Our HRM+ combines continuous risk intelligence, advanced technical defenses, and personalized training to help organizations build strong security cultures. We help organizations understand, measure, and reduce human risk across their entire workforce, defending against deepfakes and emerging AI-powered threats.

We believe that protecting organizations from cyberthreats and creating a positive environmental impact go hand in hand. True resilience is collective, requiring us to protect our people, our data, and our planet.

Please submit your resume in English.

To learn more about our team and office culture in São Paulo, Brazil, visit the following links:

• Careers Page: https://www.knowbe4.com/careers/locations/sao-paulo
• Glassdoor: https://www.glassdoor.com/Location/KnowBe4-S%C3%A3o-Paulo-Location-EI_IE969384.0,7_IL[...]M_-C1lsxoZq7Cx8IriVE8MkrzuTmnJzqego77RAWZz9sqGt_55BflwYKpQeg
• LinkedIn: https://www.linkedin.com/company/knowbe4/life/brazil/

The Product Security Engineer ensures the safety of KnowBe4 applications and cloud environments. This role's primary responsibility is to protect the privacy, confidentiality, integrity, and availability of company and customer data by conducting security assessments, triaging security findings, and proactively assisting IT and engineering teams to develop secure applications and secure our cloud environments.

Responsibilities:

• Conduct regular security assessments and code reviews to identify vulnerabilities and ensure compliance with security standards.
• Develop and maintain threat models for products, understanding potential threats and devising mitigation strategies.
• Integrate security practices into the software development lifecycle (SDLC), ensuring security is considered at each development stage.
• Identify, assess, and coordinate vulnerability remediation within products, staying current with the latest security threats and trends.
• Implement and maintain security tools and automation systems to streamline product security processes.
• Participate in incident response activities, managing and mitigating product-related security incidents.
• Provide training and guidance to development teams on secure coding and product design best practices.
• Ensure products comply with relevant industry security standards and regulations.
• Work closely with engineering, product management, and other teams to ensure security is a key consideration in all aspects of product development and deployment.
• Stay abreast of the latest security research, technologies, and methods to continuously improve product security.
• Conduct risk analysis to understand the impact of potential security threats and develop risk management strategies.
• Develop and enforce security policies and procedures related to product development and maintenance.

Requirements:

• Bachelor's degree in information security, information systems, or similar experience preferred.
• Relevant field or experience in IT and infosec.
• Experience working in AWS and with Terraform.
• Strong understanding of information security, including broad exposure to cloud infrastructure, systems analysis, application development, vulnerability scanning, policies and procedures, and audits.
• Experience with cloud computing environments, including infrastructure as code, containers, and functions.
• Strong knowledge of CWE Top 25 and OWASP Top 10 vulnerabilities.
• Understanding of MITRE ATT&CK matrix.
• Experience with code development and ability to read and understand source code in languages such as Ruby, PHP, Go, JS, and Python.
• Automated and Manual Web, Mobile, and Traditional application pentesting experience.
• Experience with scripting and building automations leveraging tools such as Python and Claude Code.
• Experience leveraging AI in security testing workflows and processes.
• Strong networking and security understanding.
• Understanding of modern web application development technologies such as MVC, JWT, and GraphQL.
• Experience with Burp Suite, SAST, DAST, Container Scanning, and Dependency Scanning tools.
• Security certifications such as OSWE, OSCP, CISSP, GPEN, CEH, CCSP, or AWS certification desired.
• Strong verbal and written communication skills.
• Excellent time management and organization skills.
• Excellent analytical skills.
• Strong problem-solving and root cause analysis abilities.

Our Fantastic Benefits

We offer company-wide bonuses based on monthly sales targets, employee referral bonuses, adoption assistance, tuition reimbursement, certification reimbursement, and certification completion bonuses – all within a modern, high-tech, and fun work environment. For more details about our benefits in each office location, please visit www.knowbe4.com/careers/benefits.

Note: An applicant assessment and background check may be part of your hiring procedure.

Individuals seeking employment at KnowBe4 are considered without prejudice to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, sexual orientation, or any other characteristic protected under applicable federal, state, or local law. If you require reasonable accommodation in completing this application, interviewing, completing any pre-employment testing, or otherwise participating in the employee selection process, please visit www.knowbe4.com/careers/request-accommodation.

No recruitment agencies, please.