DevSecOps Engineer architecting CI/CD framework services for Truist, enhancing the flow of business value through DevSecOps practices. Building and maintaining automation for software delivery and operations.
About the role
- Application Security Manager at Evertec, handling security strategy and implementation in financial tech. Leading efforts in Application Security, DevSecOps, and compliance with financial regulations.
Responsibilities
- Develop, implement, and maintain the Corporate Secure Development Program (SDL/SSDLC), ensuring security from design through production.
- Define and evolve Application Security standards, including secure code review, guidelines, controls, libraries, and frameworks.
- Lead Threat Emulation initiatives, Threat Modeling (STRIDE, DREAD, MITRE ATT&CK) and risk-driven offensive simulations.
- Implement security pipelines in CI/CD using tools such as SAST, SCA, DAST and container scanning.
- Assess, advise on, and track remediation of vulnerabilities identified in applications, APIs, microservices and integrations.
- Conduct architectural reviews, supporting engineering teams in defining secure patterns.
- Work with the Zero Trust model, ensuring applications and APIs follow strong authentication and authorization principles.
- Create, maintain, and evolve security mechanisms for APIs, microservices and distributed applications.
- Build automation and governance workflows in ticketing systems for requests, audits and AppSec demands.
- Collaborate with engineering teams to identify, mitigate and prevent risks in code and architecture.
- Perform and oversee internal offensive tests (Threat Emulation), such as targeted pentests, API exploitation and attack simulations.
- Support development and SRE teams in applying patches, fixes and vulnerability mitigations.
- Ensure compliance with financial market regulatory standards, including Central Bank regulations, NIST, ISO 27001, OWASP and audit requirements.
- Manage continuous improvement initiatives, raise AppSec maturity levels and act as an internal technical reference.
Requirements
- Proven experience in Application Security (AppSec), leading strategic and technical initiatives.
- Hands-on experience with SDL/SSDLC and integrating security throughout the software development lifecycle.
- Solid knowledge of offensive security applied to applications, including vulnerability analysis, secure code review, APIs and Threat Modeling.
- Experience with DevSecOps practices and tools such as SAST, SCA, DAST and container scanning, with a focus on automation.
- Good understanding of security standards and frameworks (OWASP, NIST, ISO 27001, Zero Trust).
- Ability to perform architectural analysis and guide secure technical decisions for applications and APIs.
- Experience managing multidisciplinary teams.
- University degree.
- Advanced English.
Benefits
- Meal or food allowance;
- Flexible Benefit (Flash);
- Health insurance;
- Partners for psychological, legal, financial and nutritional support (CLUDE, C4LIFE and ASQ);
- Psicologia Viva;
- Dental insurance;
- Childcare assistance;
- Support for children with special needs;
- Fertility treatment assistance;
- Extended maternity and paternity leave;
- Transportation voucher or Home Office allowance (for telework contracts);
- Gympass (Wellhub) and TotalPass;
- Flexible working hours;
- Life insurance;
- Partnership club;
- Partnership with Sesc;
- Just dress — no dress code;
- Birthday day off;
- Beca (education incentive program);
- Profit-sharing (PPR) or Bonus — based on achievement of goals and results.
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Location requirements
Databricks Senior DevOps Engineer designing and operating platforms on AWS and Databricks for Financial Crime. Focused on platform infrastructure, governance, security, and operations.
Site Reliability Engineer at Assecor, focusing on SLIs, SLOs, and incident management. Enhancing performance and reliability through observability and automation in a hybrid work environment.
DevOps Architect at Ascensus, responsible for technical direction and oversight for application engineering practices across scrum teams. Promotes DevOps culture and innovative solutions.
Cloud Site Reliability Engineer ensuring scalability, performance, and reliability of cloud infrastructure deployed in Woven City. Working with product owners and teams for innovative solutions.
Senior DevOps Engineer supporting enterprise - grade Kubernetes infrastructure and CI/CD automation for U.S. Army projects. Engaging in critical system designs and automation processes with a focus on cloud - based platforms.
Reliability Engineer focusing on mechanical systems in a long - standing Australian FMCG company. Ensure ongoing reliability improvements and support plant operations for iconic cereal production.
Software Engineer 2 developing full - stack solutions for U.S. Bank. Collaborating with teams to design and maintain best in class software experiences.
Principal Software Engineer at FIS driving reliability and performance in fintech environments. Collaborating across teams for high - scale, high - reliability solutions in the finance sector.
Senior Software Development Engineer involved in automation testing at CVS Health. Designing, developing, and implementing automated testing solutions in a collaborative environment.