Implement, test, and operate advanced software security techniques in accordance with the organization's secure development policy.
Perform continuous security testing on code, websites, and portals, tracking and coordinating fixes with the responsible teams.
Maintain security governance by reviewing and improving policies, procedures, standards, and technical guidance.
Monitor and maintain security indicators (KRIs and KPIs), producing reports and recommendations for improvement.
Actively participate in software requirements analysis, defining security actions from the early stages of projects.
Anticipate vulnerabilities and propose preventive measures during the application design phase.
Address and mitigate security issues in code, promoting fixes and secure coding best practices.
Ensure closure of the security cycle during the maintenance phase by continuously assessing and monitoring systems.
Design secure architectures for systems and applications.
Review, propose, and maintain information security policies, standards, and procedures.
Ensure compliance with frameworks (ISO 27001, PCI, NIST, SABSA) and with the LGPD (Brazilian Data Protection Law).

Bachelor's degree in Information Systems, Computer Science, Computer Engineering, or a related field.
Previous experience in application security, vulnerability analysis, penetration testing (pentest), and enforcing security policies.
Ability to work collaboratively with development, infrastructure, and compliance teams.
Experience with DevSecOps, CI/CD, and automation of security testing.
Knowledge of secure development methodologies (SSDLC).
Familiarity with security frameworks (ISO 27001, NIST, OWASP SAMM, etc.).
Certifications such as CEH, CompTIA Security+, ISO 27001 Foundation, OWASP, or similar.
Knowledge of cloud security (AWS, Azure, GCP) and containers (Docker, Kubernetes).

Information Security Analyst – Senior

Key skills