Description: Are you looking for an opportunity to boost your career in a dynamic and innovative environment? We have an exceptional proposal that could be the next step in your professional development. Here, you will have the chance to work in a collaborative team where your ideas are valued and your knowledge expression is constantly stimulated. Our mission is to strengthen cybersecurity, and we believe that every professional plays a crucial role in this challenge. If you are passionate about technology, possess analytical skills, and want to contribute to a safer digital world, we want to meet you! Join a team that believes in mutual growth and building a more secure and connected future. Join us and turn your talents into innovative solutions. We look forward to receiving your application! Responsibilities and duties * TECHNICAL-CONSULTATIVE CLIENT SUPPORT, CONDUCTING MEETINGS, PRESENTATIONS, AND TECHNICAL SESSIONS TO GUIDE SECURE DEVELOPMENT AND PROMOTE APPSEC MATURITY (OWASP SAMM BASED). * ASSESSMENT OF APPLICATION SECURITY MATURITY, CREATING DIAGNOSES, RECOMMENDATIONS, AND EVOLUTION PLANS ALIGNED WITH EACH CLIENT'S CONTEXT AND NEEDS. * HANDS-ON TECHNICAL SUPPORT, CONFIGURING AND OPERATING SAST, SCA, DAST, AND THREAT MODELING TOOLS, FOCUSED ON INTEGRATION INTO CI/CD PIPELINES. * ANALYSIS AND MITIGATION OF VULNERABILITIES, INCLUDING CODE REVIEWS, SUPPORT TO DEVELOPMENT TEAMS, AND MONITORING OF PRODUCTION ENVIRONMENT FIXES. * THREAT MODELING AND SECURE ARCHITECTURE, PARTICIPATING IN THE EARLY DESIGN PHASES OF SYSTEMS AND APIS TO IDENTIFY AND MITIGATE SECURITY RISKS. * AUTOMATION OF SECURITY CONTROLS, PROMOTING CONTINUOUS INTEGRATIONS BETWEEN TOOLS, PROCESSES, AND TEAMS, ENSURING OPERATIONAL EFFICIENCY. * PREPARATION OF REPORTS AND EXECUTIVE PRESENTATIONS, TRANSLATING TECHNICAL RISKS INTO BUSINESS IMPACT AND DEMONSTRATING THE VALUE OF SECURITY ACTIONS TO CLIENTS' TECHNICAL AND EXECUTIVE TEAMS. Requirements and qualifications * DEGREE IN TECHNOLOGY-FIELD AREAS * PROVEN EXPERIENCE WITH OWASP SAMM AND ABILITY TO SUPPORT IMPLEMENTATION OF PRACTICES ACROSS MULTIPLE DOMAINS (GOVERNANCE, DESIGN, IMPLEMENTATION, VERIFICATION, OPERATIONS). * IN-DEPTH KNOWLEDGE OF OWASP TOP 10 AND ABILITY TO IDENTIFY, EXPLAIN, AND GUIDE MITIGATION OF THESE VULNERABILITIES FOR DEVELOPMENT TEAMS. * PRACTICAL EXPERIENCE IN THREAT MODELING * HANDS-ON EXPERIENCE WITH SAST TOOLS (E.G.: SONARQUBE, SEMGREP, SPOTBUGS, VERACODE, CHECKMARX, FORTIFY). * PROFICIENCY WITH SCA TOOLS (E.G.: DEPENDENCY-CHECK, SNYK, WHITESOURCE). * EXPERIENCE WITH DAST (E.G.: OWASP ZAP, BURP SUITE, ACUNETIX, VERACODE DYNAMIC ANALYSIS). * ABILITY TO READ AND DISCUSS CODE IN AT LEAST TWO OF THE FOLLOWING LANGUAGES: PYTHON, JAVA, JAVASCRIPT/TYPESCRIPT, GO, ETC. * EXPERIENCE WITH CONTAINERIZATION AND CONTAINER SECURITY (DOCKER, KUBERNETES), INCLUDING HARDENING PRINCIPLES AND RUNTIME CONTROLS. * EXPERIENCE WITH CI/CD PIPELINES (JENKINS, GITLAB CI, GITHUB ACTIONS, AZURE DEVOPS) AND AUTOMATION OF SECURITY GATES. * KNOWLEDGE OF INFRASTRUCTURE AS CODE (TERRAFORM, CLOUDFORMATION, ANSIBLE) AND ITS PROTECTION (SECRETS, PERMISSIONS, CLOUD POSTURE). * KNOWLEDGE OF SECURITY PRACTICES AND SERVICES IN CLOUD PROVIDERS (AWS, AZURE, GCP). * ADHERENCE TO SECURITY BY DESIGN AND DEVSECOPS PRINCIPLES. 2511140202461867560