FREE ACCESS
5,000–10,000 jobs/day
See all jobs on JobTailor
Search thousands of fresh jobs every day.
Discover
- Fresh listings
- Fast filters
- No subscription required
Create a free account and start exploring right away.
Security Analyst – MCP & Application
OneSeven Tech (OST)Security Analyst securing agentic AI infrastructure for OneSeven Tech. Focus on MCP security while developing security posture and managing application security backlog.
Tech Stack
Tools & technologiesAWSCloudVault
About the role
Key responsibilities & impact- Own the security posture of the MCP infrastructure: define and implement JWT-based authentication, manage secrets, and establish controls for tool-use and agent interactions
- Identify and remediate prompt injection risks, unauthorized tool invocations, and privilege escalation vectors in the agentic layer
- Review and harden AWS infrastructure configurations: IAM policies, VPC rules, secrets exposure, logging and alerting
- Work through the client's existing application security backlog — issues currently handled ad hoc by IT and senior devs that need a permanent, focused owner
- Partner with the engineering team to review new integrations and MCP components before they ship, and establish a repeatable pre-ship security review process
- Document security controls, threat models, and remediation history so the client team can operate independently over time
Requirements
What you’ll need- Hands-on application security engineering experience — not consulting or auditing only.
- JWT token validation and API key management in production — scoped access patterns, token lifecycle, revocation logic
- Authentication and authorization design: OAuth 2.0, API key management, scoped access patterns in production systems
- Secrets management in cloud environments: AWS Secrets Manager, Vault, or equivalent — not just knowing they exist, but owning the implementation
- Experience identifying and mitigating prompt injection, tool misuse, and trust boundary issues in AI/LLM systems — or a strong OWASP Top 10 foundation with demonstrated ability to apply it to new attack surfaces
- Comfortable working as the sole security voice on a team — able to raise concerns diplomatically, hold the line technically, and prioritize a backlog without a security manager above you
- Near-native English — daily async communication with a US-based client team and technical lead
Benefits
Comp & perks- $4000 - $5500/month — paid in USD, bi-weekly via Deel
- US Eastern Time hours (EST) — Monday to Friday, 9:00 AM–6:00 PM EST
- Fully Remote — work from anywhere in Latin America
- Long-term contract — starting with a 6-month contract, with potential to extend
- Paid PTO — accrual begins after 3-month trial period
- Referral Program — earn a bonus for referring talent that gets hired
ATS Keywords
✓ Tailor your resumeApplicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard Skills & Tools
application security engineeringJWT token validationAPI key managementauthentication designauthorization designsecrets managementprompt injection mitigationOWASP Top 10cloud securityVPC rules
Soft Skills
diplomatic communicationindependent operationbacklog prioritizationteam collaborationconcern raising