Contact Us

Hybrid Information Security Coordinator – Security Engineering

at BMG

Visit BMG websiteVisit BMG LinkedIn

Posted last month

Apply now

About the role

  • Security Engineering Coordinator leading security teams at Banco Bmg. Focus on secure development practices and collaboration across technical and product squads.

Responsibilities

  • Lead the Security Engineering team - Security Architecture, Attack Surface Management and Application Security (DevSecOps)
  • Coordinate and guide teams responsible for the secure development lifecycle (SDLC), defining secure architectural standards and the continuous management of the organization’s attack surface.
  • Distribute tasks, monitor indicators, review priorities and promote a collaborative environment among technology, product and infrastructure squads.
  • Define and maintain the security strategy for applications, architecture and external risk management.
  • Ensure adherence to frameworks and best practices such as CIS Controls, NIST CSF, OWASP, ISO 27001, MITRE ATT&CK and internal policies.
  • Participate in the development and evolution of security policies, standards and technical requirements.
  • Lead Secure by Design and Shift Left initiatives, integrating security practices into the CI/CD pipeline.
  • Structure and supervise programs such as SAST, DAST, SCA, IaC scanning, Threat Modeling, security reviews and advanced testing (including pentests).
  • Support developers and agile teams with training, guidance and secure coding standards.
  • Define the corporate security architecture, ensuring that solutions and projects are designed with Zero Trust, Defense in Depth and data protection principles.
  • Evaluate new technologies, review architectural proposals and support cloud journeys, system modernization and platform integrations.
  • Identify logical and complex vulnerabilities not detectable by automated tools.
  • Perform advanced manual analyses of code, APIs, authentication, cryptography and authorization controls.
  • Serve as a technical reference in discussions with IT, business and compliance areas.
  • Coordinate identification and continuous monitoring of internet-exposed assets, external vulnerabilities, shadow IT and third-party risks.
  • Manage ASM tools, external scanners, threat intelligence and remediation processes in collaboration with infrastructure and development teams.
  • Produce executive reports and risk analyses to support decision-making.
  • Facilitate communication between technical teams, management, auditors, vendors and technology partners.
  • Translate technical risks into clear executive language to support prioritization and strategic alignment.

Requirements

  • Previous experience in leadership or coordination roles of security teams.
  • Strong experience in at least two of the following areas:
  • Application Security
  • Security Architecture
  • Vulnerability Management / ASM
  • Strong experience with cloud environments (AWS, Azure, GCP and OCI) and modern architectures (microservices, Kubernetes, APIs).
  • Deep fundamentals in application security, cryptography, OWASP Top 10, secure coding standards and CI/CD integrations.
  • Proficiency with frameworks and references such as:
  • NIST CSF / SP 800-53
  • CIS Controls v8
  • OWASP SAMM
  • MITRE ATT&CK / D3FEND
  • OWASP ASVS
  • NIST 800-115
  • Knowledge of common tools:
  • SAST/DAST
  • SCA
  • ASM
  • Experience with Threat Modeling and architectural review.
  • Experience with WAF, DLP, EDR, proxy, API management, NDR.
  • Ability to communicate clearly, adapting language for technical and executive audiences.
  • Problem-solving orientation, prioritization and risk-based decision making.
  • Ability to lead multidisciplinary teams, influence stakeholders and navigate complex environments.
  • Adversarial mindset ("offensive mindset") with ethics and responsibility.
  • Desired certifications:
  • CISSP, CCSP, CSSLP, CISM, CEH, Security+
  • Cloud certifications: AWS Security, Azure AZ-500, GCP Security and OCI
  • Advanced English

Benefits

  • Health plan with no monthly fee + Telemedicine;
  • Dental plan with no monthly fee;
  • Meal and food vouchers;
  • Life insurance;
  • Funeral assistance;
  • Private pension plan;
  • Competitive annual variable compensation (bonus);
  • PPR - Profit Sharing Program;
  • Único Skill (free education benefit);
  • Bike rack and changing rooms;
  • Childcare assistance;
  • Internet allowance;
  • Wellness programs;
  • On-site clinic;
  • Pregnancy program;
  • Extended maternity and paternity leave;
  • Copay waiver for pregnant women and babies up to 1 year;
  • Personalized baby kit;
  • Dr. BMG – Telepsychology + Telemedicine + Nutritionist + Nurse and Physical Education professional, extended to dependents;
  • PAP - Financial, legal and psychological advisory program;
  • Gympass/Wellhub - Discounts at gyms;
  • Pharmacy discount program;
  • Fresh fruit every day;
  • Birthday day off;
  • Flexible dress code;
  • Hybrid work model.

Job title

Information Security Coordinator – Security Engineering

Job type

Full Time

Experience level

Mid levelSenior

Salary

Not specified

Degree requirement

No Education Requirement

Tech skills

AssemblyAWSAzureCloudGoogle Cloud PlatformKubernetesSDLC

Location requirements

HybridSao PauloBrazil

Report this job

See something inaccurate? Let us know and we'll update the listing.

Report job

Similar roles

Browse all Security Engineer jobs