Senior Application Security Analyst

Description

Job Summary: The Senior Application Security Analyst strategically and technically ensures the security of systems and applications, collaborating with teams to identify vulnerabilities and foster a security culture throughout the SDLC. Key Highlights: 1. Strategic and technical application security expertise 2. Collaboration with teams to identify vulnerabilities and propose solutions 3. Promotion of security culture across the entire software lifecycle The Senior Application Security Analyst is responsible for ensuring that the company's systems and applications are developed and maintained to the highest security standards. Acting both strategically and technically, this professional collaborates with development, architecture, and infrastructure teams to identify vulnerabilities, propose secure solutions, and promote a security culture across the entire software development lifecycle (SDLC). **Responsibilities and Duties** * Conduct security assessments of web, mobile, and API applications using automated tools and manual testing; * Participate in system architecture and design reviews, proposing security-focused improvements; * Perform threat modeling and risk analysis for new projects and features; * Maintain vulnerability management processes and tools for source code, focusing on risk mitigation and compliance with standards and frameworks; * Support development teams in remediating vulnerabilities and adopting secure practices from architecture to implementation; * Integrate security tools into CI/CD pipelines (DevSecOps); * Monitor and respond to application security incidents; * Investigate, contain, and eradicate security incidents, authoring technical reports and facilitating sessions to identify improvement opportunities and lessons learned; * Track emerging trends, vulnerabilities, and new threats, proposing proactive mitigation actions; * Act as an advocate for digital security culture, disseminating knowledge about secure behavior across the Company. **Requirements and Qualifications** * Bachelor’s degree in Computer Science, Engineering, Information Systems, or related fields; * Proven experience in AppSec, security testing, code analysis, and architecture review; * Knowledge of software architecture and development patterns; * Familiarity with DevSecOps practices and integrating security into CI/CD pipelines; * Familiarity with security standards and frameworks such as NIST, ISO/IEC 27001, OWASP Top 10, SAST, and DAST; * Ability to communicate clearly and effectively with both technical and non-technical teams; * Certifications such as OSWE, GWAPT, CSSLP, or similar are desirable. **Additional Information** **And more — check out our benefits package:** * Health and Dental Plan — Bradesco — extendable to dependents * PAE \- Financial assistance provided for dependent children and/or stepchildren with intellectual disabilities * Pharmacy Program . Discounts of up to 70% * Supplementary Pension — FlexPrev Plan \- ranging from 1% to 11%, depending on salary * Life Insurance — coverage for all employees starting on their admission date, at no cost to the employee * Extended Leave — Maternity (total of 180 days) and Paternity (total of 20 days) * Meal and/or Food Allowance — Caju Benefits * Educational Assistance \- For dependents up to high school level * TotalPass * Service Length Bonus — A salary bonus (based on tenure) paid during vacation time **And for our team’s development...** * Learning Platform: Values-based learning path and renowned curation with over 200 courses available anytime * Internal Recruitment: Open positions published nationwide, encouraging internal mobility **Who We Are?** We are Vibra — a young company that launched big, **one of the five largest companies in Brazil**, with a diversified and global investor base. **With over 50 years of experience** and a skilled, committed team, we serve over **30 million people** who visit our more than **8,000 service stations**, via our distributors across the country from north to south; and **26,000 corporate clients.** Here, we value **pace** in delivering **results**, and **respect** in relationships. We **listen** empathetically and **deliver** with agility. We act with **ownership**, and **collaborate** to make things happen. We speak with **transparency**, act with **integrity**, and **honor our commitments.**