ARCHIVED
This job listing has been archived and is no longer accepting applications.
MisuJob - AI Job Search Platform MisuJob
Login Sign Up

AppSec Engineer

Addi

Bogotá, Colombia Remote permanent

Posted: January 8, 2026

Interested in this position?

Create a free account to apply with AI-powered matching

Register to Apply

Quick Summary

We are looking for an AppSec Engineer to join our team in Bogotá, Colombia, to design and implement secure software solutions for our financial platform.

Required Skills

Secure Software Development Lifecycle Threat Modeling Vulnerability Management CI/CD Security Risk Reduction Compliance Regulatory Approval Financial Services Technology

Job Description

About Addi

We are a leading financial platform, building the future of payments, shopping, and banking—a world where consumers and merchants can transact effortlessly, grow together and where we create abundance and generate pride in them. Today, we serve over 2 million customers and partner with more than 20,000 merchants, making Addi Colombia’s fastest-growing marketplace.

We provide banking solutions (deposits, payments, unsecured credit) and commerce services (e-commerce, marketing) using state-of-the-art technology, bridging the financial gap for millions and redefining how people experience financial freedom. As the country’s leading Buy Now, Pay Later provider, we have secured regulatory approval to operate as a bank, unlocking even greater opportunities for our customers. In the past year, we have also achieved profitability, reinforcing the strength of our business model and our ability to scale sustainably.

Our mission has earned the trust of world-class investors, including Andreessen Horowitz, Architect Capital, GIC, Goldman Sachs, Greycroft, Monashees, Notable Capital, Quona Capital, Union Square Ventures, Victory Park Capital, and more, who back our vision for the future. With their support, we are not just growing—we are transforming Latin America’s financial ecosystem and shaping the next generation to shop, pay, and bank in Colombia.

But what truly sets us apart is how we build. We are a conscious company, driven by deep experience in scaling technology, services and products, and we live by our values every day.

About the Role

This is where you come in. Below, you’ll find what this role is all about—the impact you’ll drive, the challenges you’ll tackle, and what it takes to thrive at Addi. If you’re ready to be part of something big, keep reading.

What’s the mission you’ll drive

Design, implement, and operate the Secure Software Development Lifecycle (SSDLC) end to end, embedding security requirements, threat modeling, testing, and vulnerability management into the development process to reduce application risk at scale.

What you will do

• Design and implement a standardized Secure Software Development Lifecycle (SSDLC) across web, mobile, API, and AI-enabled services, embedding security into SDLC and CI/CD workflows to achieve ≥90% coverage of critical business flows and ≥50% team adoption by the end of 2026, with measurable reduction in post-release high-severity vulnerabilities.

• Establish and operate a consistent threat modeling practice for new and high-risk applications using recognized frameworks, ensuring ≥60% of critical services have documented threat models and approved security requirements before production by the end of Q3 2026, while preventing ≥70% of high-risk design issues prior to implementation.

• Own the end-to-end application vulnerability management lifecycle across code, dependencies, APIs, and mobile applications, ensuring ≥70% of critical vulnerabilities are remediated within SLAs by the end of Q2 2026, with continuous quarter-over-quarter reduction in open critical findings.

• Implement and operate automated application security testing within CI/CD pipelines, including secret detection, SAST, dependency, DAST, and mobile testing, achieving ≥80% production application coverage by the end of 2026, reducing false positives by ≥30%, and enabling developers to remediate ≥75% of high-severity findings within the same sprint.

• Plan and manage application security assessments, penetration tests, and adversarial exercises for critical applications, ensuring 100% of high-risk findings are tracked and remediated within SLAs, and demonstrating year-over-year reduction in recurring high-risk issues.

What we’re looking for

• Hands-on Expertise in Application Security Testing & Tooling

• Experienced in using and maintaining application security tools such as Burp Suite, MobSF, trufflehog, Nuclei, and manual code review, including SAST, DAST, and mobile testing solutions.

• Tunes tools to reduce false positives and ensures findings are actionable and developer-friendly.

• Integrates automated security testing seamlessly into CI/CD pipelines and developer workflows.

• Demonstrated Ability to Lead Threat Modeling & Secure Design

• Conducts structured threat modeling sessions using frameworks such as DREAD, PASTA, and STRIDE to identify and assess design-level risks.

• Translates threat model outputs into clear, prioritized security requirements and architectural controls.

• Applies deep understanding of common threat patterns, including OWASP Top 10, API security, mobile, web, and AI-related risks.

• Strong Capability in Vulnerability Management & Remediation Support

• Manages application vulnerabilities end to end, from identification through remediation verification and closure.

• Prioritizes vulnerabilities based on technical severity, exploitability, and business impact.

• Partners closely with engineering teams to guide remediation efforts and reduce recurring issues.

• Track Record of Delivering Security Assessments, Pentesting & Adversarial Testing

• Brings 3+ years of experience coordinating and supporting penetration tests, security assessments, and red team or adversarial exercises.

• Analyzes assessment outcomes to identify root causes and drive measurable security improvements.

• Ensures findings are systematically tracked, remediated, and incorporated into continuous improvement cycles.

• Experienced in Cross-Functional Collaboration & Developer Enablement

• Acts as a trusted security partner to engineering teams, balancing risk management with delivery velocity.

• Possesses hands-on development experience in at least one programming language (e.g., Java or Python) to enable practical, code-level guidance.

• Communicates security risks clearly and pragmatically, contributes to secure coding education, and leverages AI to automate controls or expand security coverage.

Why join us?

• Work on a problem that truly matters – We are redefining how people shop, pay, and bank in Colombia, breaking down financial barriers and empowering millions. Your work will directly impact customers' lives by creating more accessible, seamless, and fair financial services.

• Be part of something big from the ground up – This is your chance to help shape a company, influencing everything from our technology and strategy to our culture and values. You won’t just be an employee—you’ll be an owner

• Unparalleled growth opportunity – The market we’re tackling is massive, and we’re growing faster than almost any fintech lender at our stage. If you’re looking for a high-impact role in a company that’s scaling fast, this is it.

• Join a world-class team – Work alongside top-tier talent from around the world, in an environment where excellence, ownership, and collaboration are at the core of everything we do. We care deeply about what we build and how we build it—and we want you to be a part of it.

• Competitive compensation & meaningful ownership – We believe in rewarding our talent. You’ll receive a generous salary, equity in the company, and benefits that go beyond the basics to support your growth.

How the hiring process looks like

We believe in a fast, transparent, and engaging hiring experience that allows both you and us to determine if there's a great fit. Here’s what our process looks like:

• Step 1: People Interview (30 min)
A conversation with a recruiter or hiring manager to get to know you, your experience, and what you're looking for. We’ll also share more about Addi, our culture, and the role.

• Step 2: Initial Interview (60 min)
A more in-depth conversation with our Head of Cybersecurity, where we explore your skills, experience, and problem-solving approach. We want to understand how you think and work.

• Step 3: Deep Dive Interview (60 min)
You'll meet future colleagues and cross-functional team members to get a feel for how we work together. We’re looking for strong contributors and cultural fits, so bring your questions, too!

• Step 4: Case Study (3-5 Days)
You may receive a real-world challenge or case study to complete. This is a chance to showcase your expertise and how you approach key problems relevant to the role.

• Step 5: Co-Founder Interview
If there’s a strong match, you’ll have a final conversation with our Founder to align on expectations, cultural fit and ensure mutual excitement. From there, we’ll move quickly to an offer and discuss next steps.

We value efficiency and respect for your time, so we aim to complete the process as quickly as possible. Our goal is to make this experience insightful and exciting for you, just as much as it is for us. Regardless of the outcome, we are committed to always providing feedback, ensuring that you walk away with valuable insights from your experience with us.

Why Apply Through MisuJob?

AI-Powered Job Matching: MisuJob uses advanced artificial intelligence to analyze your skills, experience, and career goals. Our matching algorithm compares your profile against thousands of job requirements to find positions where you have the highest chance of success. This saves you hours of manual job searching and ensures you only see relevant opportunities.

One-Click Applications: Once you create your profile, applying to jobs is effortless. Your resume and cover letter are automatically tailored to highlight the most relevant experience for each position. You can apply to multiple jobs in minutes, not hours.

Career Intelligence: Beyond job matching, MisuJob provides valuable career insights. See how your skills compare to market demands, identify skill gaps to address, and understand salary benchmarks for your experience level. Make data-driven decisions about your career path.

Frequently Asked Questions

How do I apply for this position?

Click the "Register to Apply" button above to create a free MisuJob account. Once registered, you can apply with one click and track your application status in your dashboard.

Is MisuJob free for job seekers?

Yes, MisuJob is completely free for job seekers. Create your profile, get matched with jobs, and apply without any cost. We help you find your dream job without any hidden fees.

How does AI matching work?

Our AI analyzes your resume, skills, and experience to understand your professional profile. It then compares this against job requirements using natural language processing to calculate a match percentage. Higher matches mean better fit for the role.

Can I apply to jobs in other countries?

Absolutely. MisuJob features jobs from companies worldwide, including remote positions. Filter by location or look for remote opportunities to find jobs that match your preferences.

Ready to Apply?

Join thousands of job seekers using MisuJob's AI to find and apply to their dream jobs automatically.

Create Free Account Sign In
← Browse all jobs
Register to Apply