Key skills
AWSCloudDynamoDBKubernetesSDLCTerraformAIGitHub ActionsEKSLambdaS3IAMAPI GatewayJWTCognitoGitHubIstioCI/CDCloud SecurityWAF
About this role
Role Overview
- Develop and implement AuthN/AuthZ mechanisms for APIs, microservices, and enterprise integrations using mTLS and OAuth2
- Design and implement security solutions integrated with the cloud and DevOps pipelines
- Automate deployment of security resources and solutions using Infrastructure as Code (IaC) — Terraform and GitHub Actions
- Integrate security analysis tools (SAST, DAST, SCA, IAST) into CI/CD pipelines
- Apply and automate hardening for EKS, Istio, Lambda, and infrastructure provisioned via Terraform
- Implement security policies and encryption controls for S3, DynamoDB, and other AWS services
- Manage digital certificates via ACM and secrets via Secrets Manager
- Support development teams in adopting secure patterns and remediating vulnerabilities
- Automate security validations and drive continuous improvement
- Document technical standards and security best practices
Requirements
- Strong experience in AWS Cloud Security, including IAM (RBAC/ABAC), KMS, Secrets Manager, Certificate Manager (ACM), CloudTrail, GuardDuty, WAF, Macie, and Security Hub
- Experience developing and implementing security solutions, including building reusable components, automating controls, and securing integrations between systems
- Hands-on experience with DevSecOps, integrating SAST, DAST, SCA, IAST, and IaC security into CI/CD pipelines (GitHub Actions)
- Knowledge of Authentication and Authorization (AuthN/AuthZ) for APIs and enterprise integrations, using OAuth2, OpenID Connect, JWT, JWE, and mTLS
- Experience securing APIs and microservices
- Experience with AWS services: API Gateway, Cognito, Lambda, DynamoDB, S3, and Load Balancers (ALB/NLB)
- Knowledge of Kubernetes (EKS) and Istio, including mTLS between services, network policies, access control, and workload hardening
- Experience with Infrastructure as Code (Terraform), applying policy-as-code, automated validation, and secure configurations
- Strong knowledge of cryptography, digital certificates (PKI), TLS/mTLS, and protection of data in transit and at rest
- Experience with SDLC/SSDLC and secure development practices
- Intermediate/advanced English and Spanish
- AWS or security certifications (AWS Security Specialty, Solutions Architect, DevOps Engineer, Security+, or similar) — desirable
- Experience with Threat Modeling and MITRE ATT&CK — desirable
- Development of internal security frameworks or libraries — desirable
- Use of AI applied to security automation and analysis — desirable
- Experience in regulated environments (financial sector) — desirable
Tech Stack
- AWS
- Cloud
- DynamoDB
- Kubernetes
- SDLC
- Terraform
Benefits
- Porto Seguro medical insurance
- Porto Seguro dental insurance
- Profit Sharing (PLR)
- Childcare assistance
- Alelo meal and food vouchers
- Home office allowance
- Partnerships with educational institutions
- Support for certifications, including cloud certifications
- Livelo points
- Total Pass membership
- Mindself