DEVSECOPS SPECIALIST II POSITION | Easy Group Location: Santo Amaro/SP - Hybrid Employment Type: PJ or Cooperated Project Duration: Indefinite JOB DESCRIPTION: We are seeking a Senior DevSecOps Analyst with solid experience in secure development practices, security automation in CI/CD pipelines, and integrating security controls into agile development environments. This professional will serve as a technical reference in implementing solutions that ensure security from the early stages of the software lifecycle. MAIN RESPONSIBILITIES: Automate security testing in CI/CD pipelines, including SAST, DAST, and SCA. Perform vulnerability analysis and prioritization in applications. Conduct assessments on development streams to evaluate security maturity throughout the development lifecycle. Collaborate with product teams to negotiate requirements and implement SSDLC processes. Develop and maintain integration scripts and security automations in CI/CD (GitHub Actions, GitLab CI, Jenkins, Azure DevOps). Validate and distinguish real vulnerabilities from false positives based on the application's technical context. MINIMUM REQUIREMENTS Experience: Practical experience with DevSecOps tools (e.g., OWASP ZAP, GitHub Advanced Security, Snyk, etc.). Experience with agile methodologies and DevOps culture. Experience in writing integration scripts for CI/CD (GitHub Actions, GitLab CI, Jenkins, Azure DevOps). Ability to differentiate real vulnerabilities from false positives based on application context. Preferred - Experience using APIs for integration, data ingestion, and results export. Preferred - Experience in penetration testing (planning and execution). EDUCATION: Bachelor’s degree in Information Technology or Information Security; Cyber Security specialization is desirable. Language: English B2-C1 (desirable) SPECIFIC KNOWLEDGE: Proficiency in application security concepts and OWASP Top 10, CWE. Strong knowledge of SDLC (Secure Development Lifecycle) / SSDLC. Knowledge of integrating security elements from the initial project design phase. Familiarity with market DevSecOps tools. Solid programming language skills (e.g., Python, Java, JavaScript). Knowledge in using APIs for result ingestion/export. Security concepts (Zero Trust, Defense in Depth, Least Privilege). DESIRABLE CERTIFICATIONS: eJPT (eLearnSecurity Junior Penetration Tester) eWPT (eLearnSecurity Web Application Penetration Tester) OSEP (Offensive Security Experienced Penetration Tester) GWAPT (GIAC Web App Penetration Tester). **Do you meet all the requirements and want to join our team? Send your resume to: dayane.crispim@grupoeasy.com.br** **Subject: [Job] – [Your Name]** **#DevSecOps #SecOps #SecurityEngineering #CI_CD #CloudSecurity #AppSec #InfrastructureAsCode #CyberSecurity** Minimum Education: Bachelor's Degree