ORAEX CLOUD CONSULTING

Senior Platform Security Engineer – Ruby, API Security, Authentication

ORAEX CLOUD CONSULTING

full-time

Posted on:

Location Type: Hybrid

Location: São PauloBrazil

Visit company website

Explore more

AI Apply
Apply

Job Level

Senior

Tech Stack

AWSAzureDockerGoogle Cloud PlatformKubernetesRuby

About the role

  • Serve as a technical security lead for platform security, focusing on internal APIs and authentication solutions.
  • Develop, maintain, and evolve tools, libraries, and APIs in Ruby to integrate security controls directly into platform services.
  • Design and implement robust API security mechanisms, ensuring proper application of OAuth 2.0, OpenID Connect (OIDC), JWT, and least-privilege practices.
  • Define and implement API security controls, including authentication, authorization, rate limiting, input validation, and protection of data in transit and at rest.
  • Integrate SAST, DAST, and SCA practices and tools into the CI/CD pipeline, ensuring code and artifacts meet security standards.
  • Conduct security code reviews, especially for Ruby services, and actively participate in defining secure architectures.
  • Support the incident response team in investigating and remediating application and platform vulnerabilities.
  • Act as a technical partner to Platform and Product teams, providing security best-practice guidance and enabling developers.
  • Create and maintain technical documentation, playbooks, and security engineering standards for internal and external consumption.

Requirements

  • Strong hands-on experience as a software engineer, preferably focused on APIs or platform services.
  • Proficiency in Ruby and its ecosystem, with experience building scalable applications.
  • Deep knowledge of API security, including authentication, authorization, rate limiting, input validation, and data protection.
  • Practical experience with OAuth 2.0, OpenID Connect (OIDC), and JWT.
  • Experience with Infrastructure as Code (IaC), microservices architectures, and container security (Docker/Kubernetes).
  • Familiarity with security and services from at least one major cloud provider (AWS, GCP, or Azure).
  • Experience with SAST, DAST, and SCA tools and integrating them into the development lifecycle.
  • Ability to work hands-on while also providing technical guidance to less experienced colleagues.
  • Experience with security-by-design practices and secure architecture and code review.
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
RubyAPI securityOAuth 2.0OpenID ConnectJWTInfrastructure as Codemicroservicescontainer securitySASTDAST
Soft Skills
technical guidancecollaborationproblem-solvingcommunicationleadership