Senior Application Security Analyst

Description

Job Summary: As a Senior Application Security Analyst, you will act both strategically and technically to ensure the security of systems and applications, collaborating with teams to identify vulnerabilities and foster a security culture throughout the Software Development Lifecycle (SDLC). Key Highlights: 1. Strategic and technical involvement in application security. 2. Collaboration with development, architecture, and infrastructure teams. 3. Promotion of a security culture across the entire software development lifecycle. The Senior Application Security Analyst is responsible for ensuring that the company's systems and applications are developed and maintained to the highest security standards. Acting both strategically and technically, this professional collaborates with development, architecture, and infrastructure teams to identify vulnerabilities, propose secure solutions, and promote a security culture across the entire Software Development Lifecycle (SDLC). **Responsibilities and Duties** * Conduct security assessments on web, mobile applications, and APIs using automated tools and manual testing; * Participate in system architecture and design reviews, proposing security-focused improvements; * Perform threat modeling and risk analysis for new projects and features; * Maintain vulnerability management processes and tools for source code, focusing on risk mitigation and compliance with standards and frameworks; * Support development teams in remediating vulnerabilities and adopting secure practices—from architecture to implementation; * Integrate security tools into CI/CD pipelines (DevSecOps); * Monitor and respond to application security incidents; * Investigate, contain, and eradicate security incidents, authoring technical reports and facilitating sessions to identify improvement opportunities and lessons learned; * Track emerging trends, vulnerabilities, and new threats, proposing proactive mitigation actions; * Act as an advocate for digital security culture, disseminating knowledge about secure behavior across the Company. **Requirements and Qualifications** * Bachelor’s degree in Computer Science, Engineering, Information Systems, or related fields; * Proven experience in AppSec, security testing, code analysis, and architecture review; * Knowledge of software architecture and development standards; * Familiarity with DevSecOps practices and integration of security into CI/CD pipelines; * Familiarity with security standards and frameworks such as NIST, ISO/IEC 27001, OWASP Top 10, SAST, and DAST; * Strong communication skills, both with technical and non-technical teams; * Certifications such as OSWE, GWAPT, CSSLP, or similar are desirable. **Additional Information** **And more — check out our benefits package:** * Health and Dental Insurance – Bradesco – extendable to dependents * PAE – Financial assistance for dependent children and/or stepchildren with intellectual disabilities * Pharmacy Benefit – Discounts of up to 70% * Supplementary Pension Plan – FlexPrev Plan – ranging from 1% to 11%, based on salary * Life Insurance – provided to all employees starting on their hire date, at no cost * Extended Leave – Maternity leave (total of 180 days) and Paternity leave (total of 20 days) * Meal and/or Food Allowance – Caju Benefits * Educational Assistance – For dependents up to high school level * TotalPass * Service Recognition Bonus – A salary bonus (based on tenure) paid during vacation time **And for team development...** * Learning Platform: Values-based learning paths and a renowned curriculum with over 200 courses available anytime. * Internal Recruitment: Job openings published nationwide, encouraging internal mobility. **Who We Are?** We are Vibra — a young company born at scale, **one of the five largest companies in Brazil**, with a diversified and global investor base. **With over 50 years of experience**, and a skilled, committed team, we serve over **30 million people** visiting our network of more than **8,000 fuel stations**, operated by our distributors across Brazil from north to south; and **26,000 corporate clients.** Here, we deliver **results** with **pace**, and build relationships with **respect**. We **listen** empathetically and **deliver** with agility. We act with **ownership**, and **collaborate** to make things happen. We speak with **transparency**, act with **integrity**, and **honor our commitments.**