Key skills
AzureCloudLinuxSDLCAzure ADSingle Sign-OnAgileCI/CDCommunicationPenetration Testing
About this role
Role Overview
- Assist in configuring and implementing security best practices in SAST/DAST tools and Microsoft Azure Cloud (domain, MS365 and infrastructure);
- Participate in the implementation of Event Monitoring (SOC and MSS);
- Actively participate in incident handling with CSIRT teams by investigating and reproducing threats;
- Work closely with IT teams and other departments to ensure cybersecurity across the organization;
- Assist teams in remediating/mitigating vulnerabilities and establishing security controls;
- Propose new security solutions based on emerging trends and market technologies;
- Conduct PoCs (proofs of concept) for new technologies and tools to improve department processes;
- Prepare KPIs and technical and management reports;
- Lead initiatives for code reviews, architecture reviews and application design (Mobile, Web, APIs and microservices);
- Drive and maintain the Secure by Design program, secure SDLC and DevSecOps practices;
- Gather requirements for deploying DAST, SAST, IAST, SCA solutions and security tools within CI/CD pipelines;
- Perform Threat Modeling, Code Reviews and internal penetration tests focused on critical applications;
- Conduct workshops and technical training for developers and architects, focusing on vulnerability remediation and secure coding best practices;
- Support the definition of security requirements for new projects and integrations with third-party applications;
- Monitor vulnerabilities in third-party libraries and support secure dependency management;
- Participate in architecture committees and technical reviews to ensure security from the start of the software development lifecycle.
Requirements
- Knowledge of Windows Server and Linux server infrastructure;
- Experience with application security and penetration testing for on-premises and Azure cloud environments;
- Knowledge of Single Sign-On authentication solutions and federation standards such as ADFS and Azure AD;
- Familiarity with security methodologies and frameworks such as ISO 27001/27002, NIST CSF, CIS Top 20, ISF Healthcheck, SUSEP 638, among others;
- Experience with agile methodologies;
- Strong ability to read, interpret and translate texts in English;
- Excellent written and verbal communication skills;
- Skills in automating CI/CD pipelines;
- Proficiency with SAST and DAST tools;
- Knowledge of secure development practices to analyze and remediate vulnerabilities;
- Knowledge of containers and virtualization;
- Experience in threat modeling;
- Understanding of Infrastructure as Code (IaC) concepts;
- Knowledge of agile methodologies, DevSecOps, and certifications such as CSSLP (Certified Secure Software Lifecycle Professional) and CDSP (Certified DevOps Security Professional);
- Degree in information technology or related fields (e.g., Computer Engineering, Computer Science, Information Systems, Data Processing, Information Security, Networking, etc.);
- Postgraduate degree in technology or information security is desirable;
- Desirable information security certifications such as OSCP, OSCE, OSWE, SANS GIAC, CEH, DCPT, CompTIA, CSSLP, CDSP, among others.
Tech Stack
- Azure
- Cloud
- Linux
- SDLC
Benefits
- Profit sharing
- Flexible working hours
- Meal and food vouchers
- Wellhub
- Transportation voucher
- Health insurance
- Dental insurance
- Pharmacy assistance
- Childcare and nanny assistance
- Life insurance
- Travel insurance
- Pension plan
- Maternity kit
- Maternity leave
- Paternity leave