About the role

Senior Security Analyst at Vivo overseeing identity solutions and blockchain implementation. Engaging with tech teams to enhance security standards and practices.

Responsibilities

Develop security controls in applications and APIs (authentication, authorization, validations, route protection, rate limiting, error handling and secure logging).
Design solutions and support the team following security and identity standards and specifications in development (e.g., OWASP ASVS, OWASP API Security, OAuth 2.0, OpenID Connect, JWT, ZKP, Zero Trust).
Contribute by performing basic hardening of applications and workloads (secure configurations, headers, TLS, permissions, secrets), following corporate guides and standards.
Build integrations with vaults/secret managers (e.g., HashiCorp Vault, AWS Secrets Manager, GCP Secret Manager, Azure Key Vault or equivalent), ensuring correct usage and secret rotation.
Handle tasks related to keys and certificates (issuance, rotation, secure storage) and integrations with KMS/HSM/PKI.
Work on remediation of vulnerabilities identified by SAST/DAST/SCA and secret scanning, focusing on practical mitigation and risk-based prioritization.
Contribute in refinement and discovery rituals, helping translate security/identity requirements into technical stories and acceptance criteria.
Collaborate with agile teams and stakeholders, documenting decisions and recommendations concisely.

Hands-on experience in software development (web/APIs/microservices) with attention to security practices.
Knowledge of AppSec (OWASP Top 10, OWASP API Security) and fundamentals of identity and access (OAuth 2.0, OpenID Connect, JWT).
Experience with object-oriented languages, preferably Java and the JVM ecosystem (Java/Kotlin/Node.js).
Experience or familiarity with frameworks such as Spring (Spring Boot/Spring Security) and/or Quarkus.
Familiarity with CI/CD and security tools (SAST/DAST/SCA), and risk-oriented remediation.
Basic knowledge of cloud and containers (Docker/Kubernetes) and hardening fundamentals.
Basic knowledge of SAML 2.0 and SCIM (provisioning), and integration with identity providers.
Experience with Vault/Secret Managers and automation of credential rotation.
Basic knowledge of PKI (certificates, mTLS) and integration with KMS/HSM.
Experience with regulatory requirements (LGPD/PCI) in a development context.

Choose the benefit plan that best fits you and your dependents via a digital platform with multiple categories: Gym, Meal Allowance (VR), Food Voucher (VA), Pharmacy Assistance, Health Insurance, Dental Insurance and Life Insurance;
Company mobile phone — a brand-new smartphone for you.
Unlimited voice and data plan — yes, unlimited. Vivo 5G can be up to 10x faster!
An exclusive Vivo offer with special discounts on landline, broadband, TV and apps.
Entitlement to an annual Bonus or PPR.
Plan your future through a Private Pension plan.
Have children? You will be entitled to a subsidy to help cover school, daycare or babysitter expenses.
Work in an environment that respects your personality, dress style and individuality, where you can be authentic. #BeYourself
Work remotely up to 3 days per week. #Mobility
Flexible working hours.
A day off to celebrate your birthday (Day off).
Participate in one of the largest corporate volunteer programs to help make a positive impact in the world.
Benefit from our Educational Development Program, which offers partnerships with educational institutions at discounted rates, as well as certifications and online courses.