Job Summary: Opportunity for an Information Security Developer at Deloitte, focused on implementing Secure Coding practices, security automation, and compliance with frameworks. Key Highlights: 1. Advance your career at the world’s largest professional services organization 2. Implement Secure Coding practices and security automation 3. Promote a Security by Design and Shift Left culture ### **You at Deloitte:** You will have the opportunity to advance your career at the world’s largest professional services organization as an **Information Security Developer** within the **Cyber** team. In your day-to-day work, you will: * Implement **Secure Coding** practices in web, mobile, and API applications; * Conduct **code reviews** focused on security and compliance with OWASP standards; * Execute and interpret results from **SAST (Static Application Security Testing)**, **DAST (Dynamic Application Security Testing)**, **IAST (Interactive Application Security Testing)**, and **RASP (Runtime Application Self\-Protection);** * Integrate vulnerability analysis tools into the development pipeline; * Design and maintain **CI/CD pipelines** with automated security controls; * Implement **security gates** to prevent deployments containing vulnerabilities; * Ensure adherence to frameworks and standards (OWASP, NIST, ISO 27001, LGPD); * Document processes and evidence for audits; * Promote a **Security by Design** and **Shift Left** culture. At Deloitte, we seek individuals who want to generate positive impact every day. We empower talent to grow within a collaborative environment featuring diverse teams that bring energy, empowerment, interaction, and connection. Our growth is exponential because the talents we recruit embody our values at their core. Leading the way, fostering inclusion, collaborating to measure impact, serving with integrity, and caring for one another are essential and non-negotiable elements to further strengthen our purpose. *We believe in the power of the talents we develop. They truly transform, impact organizations, drive more talent, and create opportunities. Ready to join the world’s largest professional services organization?* ***Choose Your Impact.*** ### **What Do You Need to Apply?** * Advanced experience in **secure development** and integrating security into CI/CD pipelines; * Proficiency with **SAST, DAST, IAST, RASP** tools (e.g., SonarQube, Checkmarx, Veracode, Burp Suite, AppScan); * Knowledge of **DevSecOps**, and automation using **Jenkins, GitLab CI, Azure DevOps, GitHub Actions;** * Familiarity with **containers and Kubernetes/Docker security;** * Strong understanding of **OWASP Top 10**, **CWE**, and **Secure SDLC;** * Ability to write scripts and automations (Python, Bash, PowerShell); * Experience with ServiceNow implementation and workflow configuration. **Preferred Qualifications:** * Certifications: **CSSLP**, **OSWE**, **GIAC GWAPT**, **DevSecOps Professional;** * Experience with **cloud security** (AWS, Azure, GCP) and security integration in multi\-cloud environments; * Knowledge of **Infrastructure as Code Security** (Terraform, Ansible); * ServiceNow implementation and integration, including workflow creation, will be a strong differentiator for this role. **We look forward to welcoming you to this team!**