**Description** Are you looking for an opportunity to boost your career in a dynamic and innovative environment? We have an exceptional proposal that could be the next step in your professional development. Here, you will have the chance to work in a collaborative team where your ideas are valued and your pursuit of knowledge is constantly encouraged. Our mission is to strengthen cybersecurity, and we believe every professional plays a crucial role in this challenge. If you are passionate about technology, possess analytical skills, and want to contribute to a more secure digital world, we’d love to meet you! Join a team that believes in mutual growth and building a safer, more connected future. Come and turn your talents into innovative solutions. We look forward to receiving your application! **Responsibilities and Duties** TECHNICAL-CONSULTATIVE CLIENT SUPPORT, CONDUCTING MEETINGS, PRESENTATIONS, AND TECHNICAL SESSIONS TO GUIDE SECURE DEVELOPMENT AND PROMOTE APPSEC MATURITY (OWASP SAMM BASED). ASSESSMENT OF APPLICATION SECURITY MATURITY, CREATING DIAGNOSES, RECOMMENDATIONS, AND EVOLUTION PLANS ALIGNED WITH EACH CLIENT'S CONTEXT AND NEEDS. HANDS-ON TECHNICAL SUPPORT, CONFIGURING AND OPERATING SAST, SCA, DAST, AND THREAT MODELING TOOLS, FOCUSED ON INTEGRATION INTO CI/CD PIPELINES. ANALYSIS AND MITIGATION OF VULNERABILITIES, INCLUDING CODE REVIEWS, SUPPORT TO DEVELOPMENT TEAMS, AND MONITORING FIXES IN PRODUCTION ENVIRONMENTS. THREAT MODELING AND SECURE ARCHITECTURE, PARTICIPATING IN THE EARLY DESIGN PHASES OF SYSTEMS AND APIS TO IDENTIFY AND MITIGATE SECURITY RISKS. AUTOMATION OF SECURITY CONTROLS, PROMOTING CONTINUOUS INTEGRATIONS BETWEEN TOOLS, PROCESSES, AND TEAMS TO ENSURE OPERATIONAL EFFICIENCY. PREPARATION OF REPORTS AND EXECUTIVE PRESENTATIONS, TRANSLATING TECHNICAL RISKS INTO BUSINESS IMPACT AND DEMONSTRATING THE VALUE OF SECURITY ACTIONS TO CLIENTS’ TECHNICAL AND EXECUTIVE TEAMS. **Requirements and Qualifications** BACHELOR’S DEGREE IN TECHNOLOGY-RELATED FIELDS PROVEN EXPERIENCE WITH OWASP SAMM AND ABILITY TO SUPPORT IMPLEMENTATION OF PRACTICES ACROSS MULTIPLE DOMAINS (GOVERNANCE, DESIGN, IMPLEMENTATION, VERIFICATION, OPERATIONS). IN-DEPTH KNOWLEDGE OF OWASP TOP 10 AND ABILITY TO IDENTIFY, EXPLAIN, AND GUIDE MITIGATION OF THESE VULNERABILITIES FOR DEVELOPMENT TEAMS. PRACTICAL EXPERIENCE IN THREAT MODELING HANDS-ON EXPERIENCE WITH SAST TOOLS (E.G., SONARQUBE, SEMGREP, SPOTBUGS, VERACODE, CHECKMARX, FORTIFY). PROFICIENCY WITH SCA TOOLS (E.G., DEPENDENCY-CHECK, SNYK, WHITESOURCE). EXPERIENCE WITH DAST (E.G., OWASP ZAP, BURP SUITE, ACUNETIX, VERACODE DYNAMIC ANALYSIS). ABILITY TO READ AND REVIEW CODE IN AT LEAST TWO OF THE FOLLOWING LANGUAGES: PYTHON, JAVA, JAVASCRIPT/TYPESCRIPT, GO, ETC. EXPERIENCE WITH CONTAINERIZATION AND CONTAINER SECURITY (DOCKER, KUBERNETES), INCLUDING HARDENING PRINCIPLES AND RUNTIME CONTROLS. EXPERIENCE WITH CI/CD PIPELINES (JENKINS, GITLAB CI, GITHUB ACTIONS, AZURE DEVOPS) AND AUTOMATION OF SECURITY GATES. KNOWLEDGE OF INFRASTRUCTURE AS CODE (TERRAFORM, CLOUDFORMATION, ANSIBLE) AND ITS PROTECTION (SECRETS, PERMISSIONS, CLOUD POSTURE). KNOWLEDGE OF SECURITY PRACTICES AND SERVICES IN CLOUD PROVIDERS (AWS, AZURE, GCP). ADHERENCE TO SECURITY BY DESIGN AND DEVSECOPS PRINCIPLES.