Key skills
AWSCloudDockerJenkinsKubernetesAIArtificial IntelligenceGenerative AILLMAmazon Web ServicesGoogle CloudGitHub ActionsGitLab CIPrismaGitGitHubGitLabCI/CDCommunicationSnykTrivySonarQubeCheckmarxOWASP
About this role
Role Overview
- Work closely with development teams to promote secure development practices (Secure Coding).
- Support the implementation and evolution of Application Security (AppSec) and DevSecOps initiatives.
- Perform security assessments of web applications, APIs, and integrations.
- Identify vulnerabilities and assist teams in remediation and risk mitigation.
- Participate in security-focused code reviews.
- Work with security tools such as SAST, DAST, SCA and vulnerability scanners.
- Support the construction of secure pipelines in CI/CD environments.
- Help define standards, policies and security best practices for applications.
- Participate in initiatives related to security applied to Artificial Intelligence (AI), including data protection, ensuring safe model usage and risk analysis for AI-enabled applications.
- Support risk assessments related to the use of generative AI and intelligent automations within the corporate environment.
- Collaborate with Engineering, Architecture, Cloud and Information Security teams to strengthen solution security.
- Promote security and safe-AI awareness for technical and product teams.
- Monitor trends, threats and best practices related to AppSec, DevSecOps and AI security.
Requirements
- Knowledge of Information Security with a focus on Application Security (AppSec).
- Understanding of secure development and best practices based on the OWASP Top 10.
- Experience or familiarity with application security testing tools:
- SAST: SonarQube, Checkmarx, Semgrep.
- DAST: OWASP ZAP, Burp Suite.
- SCA: Snyk, Dependency-Check.
- Knowledge of REST APIs, modern web applications and microservices.
- Familiarity with CI/CD pipelines using tools such as GitHub Actions, GitLab CI/CD or Jenkins.
- Basic knowledge of cloud computing and security in Amazon Web Services (AWS) or Google Cloud environments.
- Experience with code versioning using Git.
- Knowledge of containers and container security using Docker and Kubernetes.
- Familiarity with cloud and container security tools such as Trivy, Wiz or Prisma Cloud.
- Interest or experience in security applied to Artificial Intelligence (AI), including:
- Security in the use of generative AI.
- Protection of data used by AI models.
- Risk assessment in AI-enabled applications.
- Familiarity with frameworks and best practices such as the OWASP LLM Top 10.
- Good communication skills to work closely with development, engineering and product teams.
- Analytical, collaborative profile with a continuous interest in new technologies and offensive/defensive security.
Tech Stack
- AWS
- Cloud
- Docker
- Jenkins
- Kubernetes
Benefits
- Flash Card (the beloved pink one!) with flexible benefits: meal, grocery, mobility, health, education, culture and wellness
- Health insurance
- Life insurance
- Extended maternity and paternity leave + childcare assistance
- Day off on your birthday 🎂
- Hybrid and flexible work model + home office allowance + in-office experiences
- Exclusive partner discounts via the Flash app
- TotalPass
- Pet care benefit with Guapeco