Cybersecurity Consultant focused on defining and evolving security controls for diverse technology environments. Collaborating on secure architectures and assessing system configurations in cloud settings.
About the role
- Security Engineering Coordinator leading security teams at Banco Bmg. Focus on secure development practices and collaboration across technical and product squads.
Responsibilities
- Lead the Security Engineering team - Security Architecture, Attack Surface Management and Application Security (DevSecOps)
- Coordinate and guide teams responsible for the secure development lifecycle (SDLC), defining secure architectural standards and the continuous management of the organization’s attack surface.
- Distribute tasks, monitor indicators, review priorities and promote a collaborative environment among technology, product and infrastructure squads.
- Define and maintain the security strategy for applications, architecture and external risk management.
- Ensure adherence to frameworks and best practices such as CIS Controls, NIST CSF, OWASP, ISO 27001, MITRE ATT&CK and internal policies.
- Participate in the development and evolution of security policies, standards and technical requirements.
- Lead Secure by Design and Shift Left initiatives, integrating security practices into the CI/CD pipeline.
- Structure and supervise programs such as SAST, DAST, SCA, IaC scanning, Threat Modeling, security reviews and advanced testing (including pentests).
- Support developers and agile teams with training, guidance and secure coding standards.
- Define the corporate security architecture, ensuring that solutions and projects are designed with Zero Trust, Defense in Depth and data protection principles.
- Evaluate new technologies, review architectural proposals and support cloud journeys, system modernization and platform integrations.
- Identify logical and complex vulnerabilities not detectable by automated tools.
- Perform advanced manual analyses of code, APIs, authentication, cryptography and authorization controls.
- Serve as a technical reference in discussions with IT, business and compliance areas.
- Coordinate identification and continuous monitoring of internet-exposed assets, external vulnerabilities, shadow IT and third-party risks.
- Manage ASM tools, external scanners, threat intelligence and remediation processes in collaboration with infrastructure and development teams.
- Produce executive reports and risk analyses to support decision-making.
- Facilitate communication between technical teams, management, auditors, vendors and technology partners.
- Translate technical risks into clear executive language to support prioritization and strategic alignment.
Requirements
- Previous experience in leadership or coordination roles of security teams.
- Strong experience in at least two of the following areas:
- Application Security
- Security Architecture
- Vulnerability Management / ASM
- Strong experience with cloud environments (AWS, Azure, GCP and OCI) and modern architectures (microservices, Kubernetes, APIs).
- Deep fundamentals in application security, cryptography, OWASP Top 10, secure coding standards and CI/CD integrations.
- Proficiency with frameworks and references such as:
- NIST CSF / SP 800-53
- CIS Controls v8
- OWASP SAMM
- MITRE ATT&CK / D3FEND
- OWASP ASVS
- NIST 800-115
- Knowledge of common tools:
- SAST/DAST
- SCA
- ASM
- Experience with Threat Modeling and architectural review.
- Experience with WAF, DLP, EDR, proxy, API management, NDR.
- Ability to communicate clearly, adapting language for technical and executive audiences.
- Problem-solving orientation, prioritization and risk-based decision making.
- Ability to lead multidisciplinary teams, influence stakeholders and navigate complex environments.
- Adversarial mindset ("offensive mindset") with ethics and responsibility.
- Desired certifications:
- CISSP, CCSP, CSSLP, CISM, CEH, Security+
- Cloud certifications: AWS Security, Azure AZ-500, GCP Security and OCI
- Advanced English
Benefits
- Health plan with no monthly fee + Telemedicine;
- Dental plan with no monthly fee;
- Meal and food vouchers;
- Life insurance;
- Funeral assistance;
- Private pension plan;
- Competitive annual variable compensation (bonus);
- PPR - Profit Sharing Program;
- Único Skill (free education benefit);
- Bike rack and changing rooms;
- Childcare assistance;
- Internet allowance;
- Wellness programs;
- On-site clinic;
- Pregnancy program;
- Extended maternity and paternity leave;
- Copay waiver for pregnant women and babies up to 1 year;
- Personalized baby kit;
- Dr. BMG – Telepsychology + Telemedicine + Nutritionist + Nurse and Physical Education professional, extended to dependents;
- PAP - Financial, legal and psychological advisory program;
- Gympass/Wellhub - Discounts at gyms;
- Pharmacy discount program;
- Fresh fruit every day;
- Birthday day off;
- Flexible dress code;
- Hybrid work model.
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
No Education Requirement
Tech skills
Location requirements
Automotive Cybersecurity Specialist responsible for analyzing cybersecurity requirements and ensuring secure systems. Collaborating across teams to develop cybersecurity strategies and technical implementations.
Information System Security Officer responsible for cybersecurity assessments and security policy implementation. Working with a diverse team on telecommunication systems to achieve Authority to Operate (ATO).
Target Security Specialist responsible for ensuring guest safety and preventing theft in retail. Engaging with customers to provide a friendly shopping experience while managing security measures.
Security Engineer implementing cloud - native security measures for fintech firm, collaborating closely with the CISO to enhance client trust through robust security infrastructure.
Cyber Security Compliance & Risk Analyst providing guidance and compliance support for security policies. Identifying risks, ensuring remediation, and collaborating across departments to enhance security effectiveness.
Senior Cybersecurity GRC Associate managing information security governance, risk assessments, and compliance at Corient. Join a team dedicated to supporting high - net - worth individuals in wealth preservation.
Cybersecurity Specialist at Telefónica Tech supporting user access within minimal privilege principles. Ensuring compliance and coordination with internal security processes.
CISO responsible for cybersecurity strategy, operations, and regulatory compliance in leading blockchain ecosystem. Managing risk and fostering security culture within the organization.
Security Engineering Lead at Outset overseeing security policies, compliance, and hands - on security engineering. Collaborating with teams to ensure secure product infrastructure and practices.