Implement and evolve Cybersecurity practices with a focus on DevSecOps, Application Security (AppSec) and security process automation;
Support the integration of security controls into CI/CD pipelines (Jenkins, Azure DevOps and GitLab), contributing to SSDLC adherence and continuous improvement of secure development processes;
Perform security analyses, tests and validations on applications, identifying vulnerabilities and supporting their remediation with development teams;
Develop and maintain automations in Python and/or Shell Script to optimize Cybersecurity activities, including metric collection, report generation and tool integrations;
Support initiatives applying Artificial Intelligence and LLMs in security processes, contributing to analysis, information correlation and automation of operational activities;
Work together with AppSec, CTU, Risk Remediation, Development and Infrastructure teams to implement security improvements and follow up on technical requests;
Analyze vulnerabilities identified by SAST, SCA, DAST and infrastructure scanners, supporting risk prioritization and remediation;
Produce metrics, dashboards and operational and management reports related to Cybersecurity initiatives and processes;
Contribute to area projects and initiatives, participating in the definition and implementation of technical solutions aligned with security best practices.
Requirements
Experience in DevOps and/or DevSecOps environments;
Knowledge of CI/CD pipelines (Jenkins, Azure DevOps, GitLab);
Familiarity with version control (Git);
Experience with containerization and orchestration using Docker and Kubernetes;
Knowledge of security tools integrated into the development lifecycle (SAST, SCA, DAST);
Experience with automation using Python and/or Shell Script;
Understanding of Application Security (AppSec) concepts and SSDLC;
Familiarity with Artificial Intelligence concepts, LLMs, AI APIs and process automation;
Knowledge of agile methodologies (Scrum and Kanban);
Strong analytical skills, problem-solving ability and effective communication with multidisciplinary teams.