Business Analyst supporting IT and Information Security at Krone Group, focusing on security standards, risk assessments, and project management. Collaborating with cross - functional teams in a dynamic environment.
About the role
- Lead the definition and evolution of corporate security architecture and AppSec strategy. Oversee threat modeling, architecture reviews and integrate AppSec into the SDLC (DevSecOps).
Responsibilities
- Coordinate the definition and evolution of corporate security architecture, including applications, APIs, cloud, on-premises and hybrid environments;
- Define principles, standards, controls and security architecture guidelines aligned with frameworks such as NIST, ISO 27001, Zero Trust and CSA;
- Perform and oversee solution architecture reviews, assessing risks, security controls and compliance with defined standards;
- Collaborate with enterprise architecture and infrastructure/cloud teams to define secure and resilient architectures;
- Support strategic decisions regarding technologies, platforms and new products from a security perspective;
- Define and coordinate the application security (AppSec) strategy, integrated into the development lifecycle (SDLC / DevSecOps);
- Oversee threat modeling, risk analysis and vulnerability assessment activities for applications and APIs;
- Ensure adoption of Secure Coding and DevSecOps practices and tools (SAST, DAST, IAST, SCA, ASPM);
- Provide technical support and guidance to development teams on vulnerability remediation and risk mitigation;
- Define policies, standards and minimum security requirements for internal and third-party applications;
Requirements
- Strong experience in Security Architecture and/or Application Security (AppSec);
- Hands-on experience in software development (Java, .NET, Node.js, Python or similar) with a solid understanding of the SDLC;
- Advanced knowledge of OWASP Top 10, CWE, NIST, ISO 27001, CIS and security best practices;
- Experience in threat modeling, risk analysis and architecture review;
- Practical knowledge of SAST, DAST, IAST, SCA and ASPM tools and processes;
- Experience with cloud environments and modern architectures (microservices, APIs, containers);
- Clear communication skills and the ability to act as a technical leader and strategic advisor.
- ** Differentials
- Technical certifications in cybersecurity and architecture;
- Previous experience coordinating or providing technical leadership for security teams;
- Experience in regulated or large-scale environments.
Benefits
- Medical and dental coverage (employee and dependents)
- Dr. C&A - Telemedicine and teletherapy services
- Annual bonus
- Parking or transportation voucher (Work location: Alphaville – Barueri/SP)
- Birthday off: one paid day off during your birthday month
- Flexible working hours
- On-site cafeteria
- Flexible meal benefit (meal allowance and/or food voucher)
- Gympass
- Semiannual vacation
- Employee discount at C&A stores and online
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
Cybersecurity Analyst overseeing daily service distribution and team coordination at Stefanini. Analyzing cybersecurity vulnerabilities and managing project phases across the team.
Junior Cybersecurity Analyst at Stefanini responsible for managing system access and permissions. Ensuring compliance and security best practices while providing technical support to users.
Cybersecurity Analyst managing access requests, monitoring compliance, and improving security controls at Stefanini. Collaborating with cybersecurity teams and optimizing IAM processes.
Security Guard responsible for monitoring access control and emergency response at Lincoln Electric's Mentor facility. Ensuring safety and security for employees, guests, and assets.
Maintenance Technician for fire and intrusion security systems. Ensuring optimal functioning and comfort for clients in a hybrid work environment.
Security Specialist at Alpargatas focusing on critical cybersecurity strategies and incident response management. Collaborating on global projects in a hybrid work environment from São Paulo.
Security Guard II responsible for maintaining safety and security at IGT Reno campus. Ensuring timely response to security incidents while enforcing security procedures and regulations.
Gerente de Governança de Segurança da Informação na C&A. Envolvendo políticas de segurança e gestão de riscos para fortalecer governança de informações.
Senior Security Consultant in Governance, Risk & Assurance advising clients on information security. Leading engagements and delivering complex security programs while mentoring teams.