Application Security Analyst – AppSec, DevSecOps

Job Description

Seeking an Application Security Specialist to structure and implement Secure SDLC (S-SDLC) practices. The role involves monitoring the development of new and legacy applications, integrating security into CI/CD pipelines, and conducting security-focused code reviews and threat modeling. Responsibilities include managing application vulnerabilities, maintaining security technologies, and promoting a strong information security culture across technical teams. Collaborative work with developers, architects, and managers is essential.

Qualifications

1. Minimum of 3 years of experience in Application Security. 2. Experience with Secure SDLC (S-SDLC). 3. Practical knowledge of Threat Modeling. 4. Experience with SAST, DAST, SCA, and IAST tools. 5. Experience performing secure code reviews. 6. Knowledge of integrating security into CI/CD pipelines. 7. Experience with Git and automated pipelines. 8. Knowledge of cloud security (AWS, Azure, or GCP). 9. Experience with Docker and Kubernetes. 10. Familiarity with WAF, API Gateway, IDS/IPS, and NGFW. 11. Basic understanding of network architecture, microservices, segmentation, and hardening. 12. Knowledge of frameworks: ISO 27001 / 27002, NIST Cybersecurity Framework, OWASP (Top 10, ASVS, SAMM).

Benefits

- Medical and dental plans. - Life insurance. - Meal and food vouchers (Meal Allowance / Food Allowance). - Transportation voucher. - Discount club. - Access to Wellhub (gyms) and Mente Tranquila. - Discounts on Positivo products. - Partnership with a university. - And much more.