About the role

Senior Consultant in Security Architecture focusing on Identity Blockchain solutions for Vivo. Driving the design and implementation of secure identity journeys with decentralized technologies.

Responsibilities

Define and implement secure architectures for applications, APIs and platforms (end-to-end), working autonomously with a delivery focus.
Lead the adoption and evolution of security and identity standards and specifications: OWASP ASVS/API Security, OAuth 2.0, OpenID Connect, JWT, SAML, SCIM.
Conduct threat modeling, architecture reviews and code reviews, providing actionable recommendations and tracking remediation.
Design and evolve IAM controls applied to development: SSO, MFA, sessions, tokens, RBAC/ABAC, CIBA, least privilege and segregation of duties.
Apply Zero Trust techniques and patterns.
Implement and maintain secrets and key management: Vault/Secret Managers, rotation, policies, auditing and access controls.
Perform workload and infrastructure hardening: Kubernetes, base images, policies, network policies, TLS/mTLS and secure configurations.
Design and support integrations with HSM/KMS/PKI for key protection (signing, encryption, certificates), including lifecycle management and automations.
Evolve DevSecOps controls: quality gates, SAST/DAST/SCA, IaC scanning, secret scanning, templates and reusable patterns.
Support squads in remediating critical vulnerabilities and reducing recurring risk through structural actions (root cause analysis, patterns and automation).

Solid experience as a senior developer/architect with a focus on applied security (AppSec/IAM/Cloud/Platform).
ZTNA – Zero Trust Network Architecture.
Strong knowledge of authentication and authorization: OAuth 2.0/OpenID Connect, JWT, SSO, MFA; with practical knowledge of SAML and/or SCIM.
Experience in development and integration for identity federation.
Strong experience with object-oriented languages, preferably Java (and the JVM ecosystem); Kotlin and/or C# are desirable.
Hands-on experience with Spring frameworks (Spring Boot/Spring Security) and/or Quarkus, including secure coding patterns.
Practical experience with Vault/Secret Managers (policies, rotation, auditing) and common application usage patterns.
Experience with HSM/KMS/PKI (certificates, mTLS, signing, encryption) and integration with services and pipelines.
Experience with cloud and containers (Kubernetes/Docker) and hardening practices (CIS Benchmarks, policies, permissions, networking).
Experience with CI/CD and security automation (SAST/DAST/SCA/IaC/Secrets).

Choose the benefits that best suit you and your dependents on a digital platform across categories such as Gym, Meal Allowance (VR), Food Allowance (VA), Pharmacy Assistance, Medical, Dental and Life Insurance;
Corporate mobile phone — yes, a brand-new smartphone for you!
Unlimited voice and data plan — yes, unlimited! Vivo 5G is up to 10x faster!
An exclusive Vivo offer with special discounts on landline, broadband, TV and apps;
Eligible to receive an annual Bonus or PPR;
Plan your future through a Private Pension plan;
Have children? You will be entitled to a subsidy to help with school, daycare or nanny expenses;
Work in an environment that respects your personality, dress style and who you are, where you can be authentic. #ComeAsYouAre
Work remotely up to 3 times a week. #Mobility
Flexible working hours;
Enjoy a day off (Day off) to celebrate your birthday;
Participate in one of the largest corporate volunteer programs to help you make an impact;
Benefit from our Educational Development Program offering partnerships with educational institutions at a discount, plus certifications and online courses;