19 days ago
Responsibilities
- Integrate security practices (Shift Left) in CI/CD pipelines.
- Automate security tests (SAST, DAST, SCA).
- Implement and manage security tools in cloud and on-premises environments.
- Collaborate with development, architecture, and infrastructure teams.
- Ensure compliance with security policies and standards (LGPD, ISO, etc.).
- Monitor vulnerabilities and conduct remediation plans.
- Support the definition of secure architecture for applications and microservices.
- Manage identity, access, and secrets (IAM, Vault, etc.).
- Create and maintain secure and efficient pipelines.
Requirements
- Solid experience in DevOps / DevSecOps / Application Security.
- Knowledge of CI/CD tools (GitHub Actions, GitLab CI, Jenkins or similar).
- Experience with security tools: SAST (e.g., SonarQube, Checkmarx), DAST (e.g., OWASP ZAP, Burp Suite), SCA (e.g., Snyk, Dependabot).
- Knowledge of cloud services (AWS, Azure, or GCP).
- Experience with containers and orchestration (Docker, Kubernetes).
- Familiarity with Infrastructure as Code (Terraform, CloudFormation).
- Knowledge of security practices (OWASP Top 10, Zero Trust).
- Experience with access and identity management (IAM).
- Good communication skills and ability to work in multidisciplinary teams.
- Intermediate to advanced English proficiency (reading, writing, and speaking).
Benefits
- Hybrid work approach with teams in the office an average of four days a week.
- Commitment to an inclusive work environment.
- Support for reasonable accommodations for candidates with disabilities.