Senior DevSecOps Analyst

Description

Job Summary: AppSec Analyst to enhance the security of NDD's applications, working cross-functionally and strategically to build a secure development culture. Key Highlights: 1. Cross-functional collaboration across squads and engineering teams. 2. Focus on Application Security (AppSec). 3. Promotion of a secure development culture. "Amplify the value of data to drive sustainability for our customers." As a technology platform for management and automation, we specialize in four business verticals. 1️⃣ Tax \- Intelligence and compliance for fiscal document governance. 2️⃣ Logistics \- Technology for transport automation and digital transformation. 3️⃣ Devices \- Monitoring and management of corporate smart devices. 4️⃣ Kubo \- Platform for corporate education and organizational knowledge management \- LMS/LXP Our vision is: "Lead the markets we operate in through essential solutions for our customers' success." All of this is connected to ESG, because we believe environmental, social, and governance responsibility are fundamental pillars for NDD's success. Our products are present in over 30 countries and serve approximately 20,000 customers; to make all this happen, we have 580 employees and specialists! Requirements: We are seeking an AppSec Analyst to work cross-functionally between product squads and engineering teams, helping elevate the security posture of NDD's applications. This person will join the Security squad, focusing on the Application Security (AppSec) pillar, acting both strategically and practically to build a secure development culture—supporting teams from design through production deployment. **Responsibilities** Support development teams in identifying, fixing, and preventing vulnerabilities in code and dependencies. Execute and automate SAST, DAST, and SCA analyses within CI/CD pipelines (Azure DevOps). Support the definition and evolution of secure coding standards, code reviews, and DevSecOps practices. Maintain and enhance tools such as SonarQube, Trivy, OWASP Dependency Check, Gitleaks, and SBOM. Support integration of security into the software development lifecycle (SDLC) and Shift Left Security initiatives. Analyze and prioritize results from automated scanners, correlating findings with business criticality and context. Collaborate with the security team and technical leaders to define AppSec policies, standards, and guidelines. Participate in training sessions, internal campaigns, and technical reviews to raise awareness and promote best practices across product teams. Support the incident response team in investigating vulnerabilities in applications and APIs. **Technical Requirements** Experience in software development (C\#, .NET, Node.js or similar). Knowledge of OWASP Top 10, CWE, and Secure Coding practices. Experience with application security tools (SAST, DAST, SCA, Secret Scanning). Practical experience with Azure DevOps and CI/CD pipelines. Hands-on experience with SonarQube, Trivy, OWASP DependencyCheck, Gitleaks, and SBOM generation. Familiarity with containers, Kubernetes, and image analysis. Knowledge of version control (Git). Ability to translate technical risks into business impact. Benefits **What We Offer** Annual Bonus: Up to 3.3 monthly salaries; for commercial roles, performance-based OTC commission model. Career Development: Feedback-driven culture with 360° performance evaluations; internal recognition program; close management engagement via 1:1 meetings. NDD with You: Financial education program; psychological counseling; legal advice; social support. Health: Unimed health plan and life insurance; flu vaccination support and wellness initiatives. Meals: Meal allowance; complimentary coffee and fruits in the office. Well-being: Relaxation space with leisure area, barbecue grill, and games. SESC Partnership: Access to culture, education, and tourism. Education: Study grants; language learning incentives; support for industry events; certification assistance. Transportation: Commuter allowance; dedicated parking and bicycle storage. Flash Card: Credits for various internal marketing activities, including birthday month. Work Schedule: 40-hour workweek / Flexible hours **Diversity and Inclusion \#ESG** NDD is a naturally diverse company, leveraging all differences to break barriers and foster greater innovation in how we think and act. We seek knowledge and are continually introduced to diverse talents possessing the capabilities our organization requires. Our culture helps create a safe environment offering development and growth opportunities to all individuals committed to evolving and improving alongside the company.