Product Security Engineer (Remote) (Position located in Brazil) at Knowbe4

KnowBe4 is the global leader in Human Risk Management, trusted by over 70,000 organizations worldwide to secure their employees and AI agents for over 15 years. We're pioneering a new era of security. AI-powered since 2016. And market-leading since day one. Our HRM+ combines continuous risk intelligence, advanced technical defenses, and personalized training to help organizations build strong security cultures. We help organizations understand, measure, and reduce human risk across their entire workforce, defending against, deepfakes, and emerging AI-powered threats. We believe that protecting organizations from cyberthreats and creating a positive environmental impact go hand in hand. True resilience is collective, it requires us to protect our people, our data, and our planet. Please submit your resume in English. To learn more about our team and office culture in São Paulo, Brazil, visit the following links. Careers Page: [Upgrade to PRO to see link] Glassdoor: [Upgrade to PRO to see link][…]M_-C1lsxoZq7Cx8IriVE8MkrzuTmnJzqego77RAWZz9sqGt_55BflwYKpQeg LinkedIn: [Upgrade to PRO to see link] The Product Security Engineer performs all processes and procedures necessary to ensure the safety of KnowBe4 applications and cloud environments. In addition, the primary responsibility is to protect the privacy, confidentiality, integrity, and availability of company and customer data by conducting security assessments, triaging security findings and having a proactive approach in assisting the IT and engineering teams to develop secure applications and secure our cloud environments. Responsibilities: • Conduct regular security assessments and code reviews to identify vulnerabilities and ensure compliance with security standards. • Develop and maintain threat models for products, understanding potential threats and devising strategies to mitigate them. • Integrate security practices into the software development lifecycle, ensuring that security is considered at each stage of development. • Identify, assess, and coordinate the remediation of vulnerabilities within products. This includes staying up-to-date with the latest security threats and trends. • Implement and maintain security tools and automation systems to streamline security processes for product security • Participate in incident response activities, helping to manage and mitigate security incidents related to the product. • Provide training and guidance to development teams on best practices in secure coding and product design. • Ensure products comply with relevant industry security standards and regulations. • Work closely with engineering, product management, and other teams to ensure security is a key consideration in all aspects of product development and deployment. • Stay abreast of the latest security research, technologies, and methods to continuously improve product security. • Conduct risk analysis to understand the impact of potential security threats and develop risk management strategies. • Develop and enforce security policies and procedures related to product development and maintenance. Requirements: • Bachelor’s degree in information security, information systems, or similar experience preferred • Relevant field or experience in IT and infosec. • Experience working in AWS and with Terraform • Has strong understanding of information security, including a broad range of exposure to cloud infrastructure, systems analysis and application development, vulnerability scanning, policies and procedures, and audits. • Experience with cloud computing environments including infrastructure as code, containers and functions. • Strong knowledge of CWE top 25 and OWASP top 10 vulnerabilities • Understanding of MITRE ATT&CK matrix • Experience with code development and can read and understand source code in several programming languages such as Ruby, PHP, Go, JS, Python. • Automated and Manual Web, Mobile and Traditional application pentesting experience • Experience with scripting and building automations leveraging tools such as Python and tools such as Claude Code • Experience leveraging AI in your security testing workflows and processes • Have a strong networking and security understanding • Understanding of modern web application development technologies such as MVC, JWT, GraphQL • Experience with Burp Suite, SAST, DAST, Container and Dependency Scanning tools • Security certification such as OSWE, OSCP, CISSP, GPEN, CEH, CCSP, AWS desired. • Strong verbal and written communications • Excellent time management and organization skills • Excellent Analytical skills • Strong problem solving and root cause analysis abilities Our Fantastic Benefits We offer company-wide bonuses based on monthly sales targets, employee referral bonuses, adoption assistance, tuition reimbursement, certification reimbursement, and certification completion bonuses - all in a modern, high-tech, and fun work environment. For more details about our benefits in each office location, please visit www.knowbe4.com/careers/benefits. Note: An applicant assessment and background check may be part of your hiring procedure. Individuals seeking employment at KnowBe4 are considered without prejudice to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, sexual orientation or any other characteristic protected under applicable federal, state, or local law. If you require reasonable accommodation in completing this application, interviewing, completing any pre-employment testing, or otherwise participating in the employee selection process, please visit www.knowbe4.com/careers/request-accommodation. No recruitment agencies, please.