Remote Product Security Engineer (Brazil)

KnowBe4 is the global leader in Human Risk Management (HRM), trusted by over 70,000 organizations worldwide for over 15 years to secure employees and AI agents. We are pioneering a new era of security, leveraging AI since 2016 to maintain our market-leading position. Our HRM+ platform integrates continuous risk intelligence, advanced technical defenses, and personalized training to cultivate strong security cultures. We empower organizations to understand, measure, and reduce human risk across their workforce, defending against deepfakes and emerging AI-powered threats. We believe in protecting organizations from cyberthreats while fostering a positive environmental impact, recognizing that true resilience safeguards our people, data, and planet.

Please submit your resume in English. To learn more about our team and office culture in São Paulo, Brazil, visit the following links:

• Careers Page: https://www.knowbe4.com/careers/locations/sao-paulo
• Glassdoor: https://www.glassdoor.com/Location/KnowBe4-S%C3%A3o-Paulo-Location-EI_IE969384.0,7_IL[...]M_-C1lsxoZq7Cx8IriVE8MkrzuTmnJzqego77RAWZz9sqGt_55BflwYKpQeg
• LinkedIn: https://www.linkedin.com/company/knowbe4/life/brazil/

The Product Security Engineer ensures the safety of KnowBe4 applications and cloud environments. This role's primary responsibility is to protect the privacy, confidentiality, integrity, and availability of company and customer data by conducting security assessments, triaging security findings, and proactively assisting IT and engineering teams in developing secure applications and cloud environments.

Responsibilities:

• Conduct regular security assessments and code reviews to identify vulnerabilities and ensure compliance with security standards.
• Develop and maintain threat models for products, understanding potential threats and devising mitigation strategies.
• Integrate security practices into the software development lifecycle (SDLC), ensuring security is considered at each development stage.
• Identify, assess, and coordinate the remediation of product vulnerabilities, staying current with the latest security threats and trends.
• Implement and maintain security tools and automation systems to streamline product security processes.
• Participate in incident response activities, helping to manage and mitigate product-related security incidents.
• Provide training and guidance to development teams on secure coding best practices and product design.
• Ensure products comply with relevant industry security standards and regulations.
• Collaborate closely with engineering, product management, and other teams to embed security into all aspects of product development and deployment.
• Stay abreast of the latest security research, technologies, and methods to continuously enhance product security.
• Conduct risk analysis to understand the impact of potential security threats and develop comprehensive risk management strategies.
• Develop and enforce security policies and procedures related to product development and maintenance.

Requirements:

• Bachelor's degree in information security, information systems, or equivalent experience preferred.
• Relevant experience in IT and information security (infosec).
• Experience working with AWS and Terraform.
• Strong understanding of information security, including broad exposure to cloud infrastructure, systems analysis, application development, vulnerability scanning, policies, procedures, and audits.
• Experience with cloud computing environments, including infrastructure as code, containers, and functions.
• Strong knowledge of CWE Top 25 and OWASP Top 10 vulnerabilities.
• Understanding of the MITRE ATT&CK matrix.
• Experience with code development and ability to read and understand source code in multiple programming languages such as Ruby, PHP, Go, JS, Python.
• Automated and manual web, mobile, and traditional application penetration testing experience.
• Experience with scripting and building automations leveraging tools such as Python and Claude Code.
• Experience leveraging AI in security testing workflows and processes.
• Strong networking and security understanding.
• Understanding of modern web application development technologies such as MVC, JWT, and GraphQL.
• Experience with Burp Suite, SAST, DAST, Container, and Dependency Scanning tools.
• Security certifications such as OSWE, OSCP, CISSP, GPEN, CEH, CCSP, or AWS desired.
• Strong verbal and written communication skills.
• Excellent time management and organizational skills.
• Excellent analytical skills.
• Strong problem-solving and root cause analysis abilities.

Our Fantastic Benefits:

We offer company-wide bonuses based on monthly sales targets, employee referral bonuses, adoption assistance, tuition reimbursement, certification reimbursement, and certification completion bonuses – all within a modern, high-tech, and fun work environment. For more details about our benefits in each office location, please visit www.knowbe4.com/careers/benefits.

Note: An applicant assessment and background check may be part of your hiring procedure.

Individuals seeking employment at KnowBe4 are considered without prejudice to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, sexual orientation, or any other characteristic protected under applicable federal, state, or local law. If you require reasonable accommodation in completing this application, interviewing, completing any pre-employment testing, or otherwise participating in the employee selection process, please visit www.knowbe4.com/careers/request-accommodation.

No recruitment agencies, please.