Analista de Application Security Pleno ensuring code integrity and security at Evertec, a tech company for the financial sector in Brazil. Responsible for security scanning, remediation support, and CI/CD integration.
About the role
- Senior Application Security Analyst ensuring code integrity and security at Evertec, leading security strategies and initiatives in software development.
Responsibilities
- Secure SDLC Evolution: Develop and maintain the secure software development lifecycle strategy, integrating security from design through deployment.
- Pipeline Tool Management: Configure and optimize SAST, DAST, and SCA (dependency analysis) tools within CI/CD pipelines, ensuring a low rate of false positives.
- Threat Modeling: Conduct threat modeling with architecture squads to identify structural risks before development begins.
- Triage and Remediation: Analyze vulnerabilities found by automated tools and bug bounty programs, guiding developers on best remediation practices.
- Security Champions Program: Lead and engage the network of security champions within engineering teams.
- AppSec Metrics: Define and track security KPIs (e.g., mean time to remediation, vulnerability density) for executive reporting.
Requirements
- AppSec Tool Proficiency: Strong experience with commercial AppSec tools (e.g., Checkmarx, Fortify, SonarQube, Snyk, or similar).
- Development Knowledge: Previous software development or code review experience; able to read and recommend improvements in languages such as Java, .NET, or Node.js.
- Security Frameworks: Deep knowledge of OWASP Top 10 (Web and Mobile) and ASVS (Application Security Verification Standard).
- CI/CD Experience: Experience integrating security gates into tools like GitHub Actions, GitLab CI, or Jenkins.
- Degree in Technology or Information Security.
- Financial Sector: Experience with regulatory compliance (PCI-DSS and Brazilian Central Bank (Bacen) security standards) is a plus.
- Cloud Architecture: Knowledge of security for microservices and container-based architectures (Kubernetes/Docker) is a plus.
- Security Policies: Experience writing secure coding standards/guidelines is a plus.
- Certifications: AppSec-focused certifications such as CASE (Certified Application Security Engineer), CSSLP, or GWEB are desirable.
Benefits
- Meal voucher or food allowance;
- Flexible benefits (Flash);
- Health insurance;
- Partners for psychological, legal, financial, and nutritional support (CLUDE, C4LIFE and ASQ);
- Psicologia Viva;
- Dental care;
- Childcare assistance;
- Support for children with special needs;
- Fertility treatment assistance;
- Extended maternity and paternity leave;
- Transportation voucher or home office allowance (for remote contracts);
- Gympass (Wellhub) and TotalPass;
- Flexible working hours;
- Life insurance;
- Partnerships club;
- Partnership with Sesc;
- "Just dress" — no dress code;
- Birthday day off;
- Beca (education incentive program);
- PPR or Bonus — based on achievement of targets and results.
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
Senior Principal Security Engineer at Workday acting as technical contact for Enterprise Security. Bridging cybersecurity strategy with hands - on execution to tackle complex security challenges.
Leitung des Sachgebiets Infrastruktur und Sicherheit mit Verantwortung für den Betrieb der technischen Basisdienste. Enger Austausch mit Amtsleitung und Fachbereichen zur IT - Strategie der Stadt Elmshorn.
As a Producer, support the Senior Producer in delivering AAA projects for Behaviour Interactive, a gaming industry leader. Collaborate with the leadership team to ensure high - quality product alignment.
Business Information Security Officer responsible for ensuring cybersecurity compliance in Europe for Boeing. Leading regional security initiatives and managing relationships with stakeholders across the continent.
IT Cybersecurity Specialist handling technical support in information security for MODEC's operations. Ensuring strategic and compliance alignment with global cybersecurity standards.
Product Security Engineer ensuring security in cloud - native product development at Trainline. Collaborating with cross - functional teams to improve security practices and safeguard digital channels.
Information Security Engineer supporting day - to - day information security operations. Working with cross - functional partners to ensure security compliance and risk management.
Lead security operations at Beyond Finance to ensure high security standards and manage vulnerability assessments. Oversee incident response and develop a disciplined security team.
Cloud & AI Security Engineer designing secure cloud infrastructures and AI/LLM services at Assurity Trusted Solutions. Engineers with solid cloud fundamentals are encouraged to apply.