Engenheiro de Software Full Stack, Segurança de Aplicação

Job Description

We are looking for a Full Stack Software Engineer focused on application security. The responsibilities include: - Conducting security tests on applications to identify vulnerabilities. - Implementing fixes for security breaches found during testing. - Performing code reviews with a focus on secure development practices to identify flaws and vulnerabilities. - Working with development teams to correct vulnerabilities. - Automating security in software development by integrating security tools into the development pipeline. - Collaborating with development teams to create and apply secure development practices and conduct internal training to disseminate these practices. - Staying updated on new threats and trends in information security. - Participating in security incident response, analyzing events, and suggesting corrective and preventive measures. - Reviewing architectural documents such as RFCs, Design Docs, and threat modeling to ensure Security By Design standards (Shift Left Security Culture). - Developing, maintaining, and evolving secure components for standard use.

Qualifications

1. Experience with web development. 2. Experience with object-oriented programming and integration between services via REST APIs. 3. Knowledge of HTML, CSS, and JavaScript. 4. Experience with a relational database. 5. Knowledge of the deployment pipeline and code versioning with Git. 6. Understanding of good practices, patterns, and principles of Software Engineering. 7. Technical English proficiency. 8. Familiarity with secure code review. 9. Knowledge of OWASP Top 10, CWE, and common web application vulnerabilities. 10. Familiarity with web application exploitation techniques. 11. Advanced knowledge in Grails and its different versions (differential). 12. Experience with DevSecOps and security automation in software development (differential). 13. Experience in security certification processes such as PCI and ISO 27001 (differentials). 14. Experience in AppSec maturity assessment (e.g., OWASP SAMM, BSIMM) (differentials).

Benefits

- Medical and dental assistance without co-participation. - Life insurance. - Assistance for purchasing medications. - Assistance for physical activities. - 4 monthly therapy or nutritionist sessions free of charge. - Flexible food benefit via a Visa credit card. - Free food. - Creche assistance. - Parental support program. - Extended maternity and paternity leave. - In-company training platform. - Education assistance subsidizing 70% of undergraduate and language tuition, as well as the purchase of courses and books. - Home Office assistance. - Work equipment. - Furniture assistance. - Partnership with WOBA for employees to use coworking spaces throughout Brazil.