openashbyhqa16z
AppSec Engineer
ADDI
LocationColombia, Argentina
WorkplaceRemote
EmploymentFullTime
Posted2026-01-08T21:30:32.476+00:00
Last observed2026-06-16 14:52:46.017614
Job ida16z-addi:ashbyhq:31f7cc88-99d0-47a7-8462-f092ce41b699
ABOUT ADDI We are a leading financial platform, building the future of payments, shopping, and banking—a world where consumers and merchants can transact effortlessly, grow together and where we create abundance and generate pride in them. Today, we serve over 2 million customers and partner with more than 20,000 merchants, making Addi Colombia’s fastest-growing marketplace. We provide banking solutions (deposits, payments, unsecured credit) and commerce services (e-commerce, marketing) using state-of-the-art technology, bridging the financial gap for millions and redefining how people experience financial freedom. As the country’s leading Buy Now, Pay Later provider, we have secured regulatory approval to operate as a bank, unlocking even greater opportunities for our customers. In the past year, we have also achieved profitability, reinforcing the strength of our business model and our ability to scale sustainably. Our mission has earned the trust of world-class investors, including Andreessen Horowitz, Architect Capital, GIC, Goldman Sachs, Greycroft, Monashees, Notable Capital, Quona Capital, Union Square Ventures, Victory Park Capital, and more, who back our vision for the future. With their support, we are not just growing—we are transforming Latin America’s financial ecosystem and shaping the next generation to shop, pay, and bank in Colombia. But what truly sets us apart is how we build. We are a conscious company, driven by deep experience in scaling technology, services and products, and we live by our values https://co.addi.com/trabaja-con-nosotros#:~:text=%E2%80%A2%20We%20are%20owners,dentro%20del%20equipo. every day. ABOUT THE ROLE This is where you come in. Below, you’ll find what this role is all about—the impact you’ll drive, the challenges you’ll tackle, and what it takes to thrive at Addi. If you’re ready to be part of something big, keep reading. WHAT’S THE MISSION YOU’LL DRIVE Design, implement, and operate the Secure Software Development Lifecycle (SSDLC) end to end, embedding security requirements, threat modeling, testing, and vulnerability management into the development process to reduce application risk at scale. WHAT YOU WILL DO - Design and implement a standardized Secure Software Development Lifecycle (SSDLC) across web, mobile, API, and AI-enabled services, embedding security into SDLC and CI/CD workflows to achieve ≥90% coverage of critical business flows and ≥50% team adoption by the end of 2026, with measurable reduction in post-release high-severity vulnerabilities. - Establish and operate a consistent threat modeling practice for new and high-risk applications using recognized frameworks, ensuring ≥60% of critical services have documented threat models and approved security requirements before production by the end of Q3 2026, while preventing ≥70% of high-risk design issues prior to implementation. - Own the end-to-end application vulnerability management lifecycle across code, dependencies, APIs, and mobile applications, ensuring ≥70% of critical vulnerabilities are remediated within SLAs by the end of Q2 2026, with continuous quarter-over-quarter reduction in open critical findings. - Implement and operate automated application security testing within CI/CD pipelines, including secret detection, SAST, dependency, DAST, and mobile testing, achieving ≥80% production application coverage by the end of 2026, reducing false positives by ≥30%, and enabling developers to remediate ≥75% of high-severity findings within the same sprint. - Plan and manage application security assessments, penetration tests, and adversarial exercises for critical applications, ensuring 100% of high-risk findings are tracked and remediated within SLAs, and demonstrating year-over-year reduction in recurring high-risk issues. WHAT WE’RE LOOKING FOR - Hands-on Expertise in Application Security Testing & Tooling - Experienced in using and maintaining application security tools such as Burp Suite, MobSF, trufflehog, Nucle
This page is generated from the committed OpenOpps static snapshot. Use the source posting or apply link for the employer's current canonical posting state.