Design, implement, and maintain security controls across application, infrastructure, and cloud platforms using security engineering principles, automation, and enterprise standards.
Integrate security into development and DevOps workflows by implementing DevSecOps tooling, promoting secure coding practices, and ensuring security is embedded throughout the delivery lifecycle.
Identify, assess, and prioritize security vulnerabilities, coordinating scanning, analysis, and remediation efforts with engineering and operations teams.
Monitor security events, investigate threats, and participate in incident response, applying detection, analysis, and containment procedures to minimize impact.
Act as a trusted security advisor by guiding architectural decisions, conducting threat modeling, and influencing secure design across teams.
Continuously enhance security maturity by developing automation, refining security standards, and contributing to documentation and security frameworks.

Bachelor’s degree in Computer Science, Engineering, Cybersecurity, or a related technical field (or equivalent experience).
Experience with security engineering across applications, infrastructure, cloud, and data environments.
Knowledge of SSDLC and DevSecOps practices.
Experience with cloud security architecture and controls (AWS, Azure, GCP).
Strong understanding of IAM, secrets management, and key management.
Experience with infrastructure and container security.
Background in vulnerability management and remediation workflows.
Experience with threat modeling and security risk assessments.
Knowledge of security monitoring, logging, and incident response processes.
Scripting and automation skills (Python, Bash, Terraform, or similar).
Familiarity with security frameworks and standards such as ISO 27001, NIST, OWASP.
Strong communication skills and the ability to influence stakeholders.
Advanced English and availability to travel to São Carlos/SP when needed.

Engenheiro de Segurança Sênior

Key skills