GRC Analyst enhancing governance, risk, and compliance practices within Sword, focusing on cybersecurity standards and configuration management.
About the role
- Cybersecurity Specialist at Caixa Vida e Previdência ensuring safety in various technology solutions. Collaborating with teams to implement security measures and respond to incidents.
Responsibilities
- Assist in configuring and implementing security best practices in SAST/DAST tools and Microsoft Azure Cloud (domain, MS365 and infrastructure);
- Participate in the implementation of Event Monitoring (SOC and MSS);
- Actively participate in incident handling with CSIRT teams by investigating and reproducing threats;
- Work closely with IT teams and other departments to ensure cybersecurity across the organization;
- Assist teams in remediating/mitigating vulnerabilities and establishing security controls;
- Propose new security solutions based on emerging trends and market technologies;
- Conduct PoCs (proofs of concept) for new technologies and tools to improve department processes;
- Prepare KPIs and technical and management reports;
- Lead initiatives for code reviews, architecture reviews and application design (Mobile, Web, APIs and microservices);
- Drive and maintain the Secure by Design program, secure SDLC and DevSecOps practices;
- Gather requirements for deploying DAST, SAST, IAST, SCA solutions and security tools within CI/CD pipelines;
- Perform Threat Modeling, Code Reviews and internal penetration tests focused on critical applications;
- Conduct workshops and technical training for developers and architects, focusing on vulnerability remediation and secure coding best practices;
- Support the definition of security requirements for new projects and integrations with third-party applications;
- Monitor vulnerabilities in third-party libraries and support secure dependency management;
- Participate in architecture committees and technical reviews to ensure security from the start of the software development lifecycle.
Requirements
- Knowledge of Windows Server and Linux server infrastructure;
- Experience with application security and penetration testing for on-premises and Azure cloud environments;
- Knowledge of Single Sign-On authentication solutions and federation standards such as ADFS and Azure AD;
- Familiarity with security methodologies and frameworks such as ISO 27001/27002, NIST CSF, CIS Top 20, ISF Healthcheck, SUSEP 638, among others;
- Experience with agile methodologies;
- Strong ability to read, interpret and translate texts in English;
- Excellent written and verbal communication skills;
- Skills in automating CI/CD pipelines;
- Proficiency with SAST and DAST tools;
- Knowledge of secure development practices to analyze and remediate vulnerabilities;
- Knowledge of containers and virtualization;
- Experience in threat modeling;
- Understanding of Infrastructure as Code (IaC) concepts;
- Knowledge of agile methodologies, DevSecOps, and certifications such as CSSLP (Certified Secure Software Lifecycle Professional) and CDSP (Certified DevOps Security Professional);
- Degree in information technology or related fields (e.g., Computer Engineering, Computer Science, Information Systems, Data Processing, Information Security, Networking, etc.);
- Postgraduate degree in technology or information security is desirable;
- Desirable information security certifications such as OSCP, OSCE, OSWE, SANS GIAC, CEH, DCPT, CompTIA, CSSLP, CDSP, among others.
Benefits
- Profit sharing
- Flexible working hours
- Meal and food vouchers
- Wellhub
- Transportation voucher
- Health insurance
- Dental insurance
- Pharmacy assistance
- Childcare and nanny assistance
- Life insurance
- Travel insurance
- Pension plan
- Maternity kit
- Maternity leave
- Paternity leave
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
Técnico de Segurança do Trabalho at Cia do Treinamento responsible for training clients on safety regulations and conducting safety assessments. Seeking professionals passionate about safety and compliance across Brazil.
Ingénieur en sécurité physique participant à des projets d’envergure au sein de Stantec. Analysant besoins, concevant systèmes de sécurité et préparant documentation technique.
System Security Engineer strengthening cybersecurity posture across on - premise and hybrid environments. Focused on Windows infrastructure security, identity management, and compliance.
Security Testing Lead overseeing application security testing activities at Computer World Services. Ensuring continuous identification and remediation of application security risks through dynamic testing methods.
IS Security Administrator managing all aspects of cyber security and data protection at Avita Health System. Responsible for risk assessments and IT security strategies across various platforms.
Senior Security Engineer strengthening security at fintech startup Flanks, focusing on security initiatives and practices across applications and infrastructure.
Director of Control Assurance leading IT risk management and controls testing at RBC. Propelling technology, risk, and security advancements across the organization.
Physical Security Technology Manager overseeing design and implementation of security technologies across global offices. Collaborates with teams to ensure compliance and optimize security solutions.
OT Security Architect at Orange Cyberdefense providing security solutions for operational technology environments. Leading efforts in OT/ICS security and ensuring stable production for clients.