Information Security Specialist – AppSec

This is a fully remote position, open to applicants in Brazil.

📋 Description

• Collaborate closely with development teams to foster secure coding practices.

• Assist in the implementation and advancement of Application Security (AppSec) and DevSecOps initiatives.

• Conduct security assessments for web applications, APIs, and integrations.

• Identify vulnerabilities and aid teams in remediation and risk management.

• Engage in security-centric code reviews.

• Utilize security tools such as SAST, DAST, SCA, and vulnerability scanners.

• Contribute to the development of secure pipelines within CI/CD environments.

• Help establish standards, policies, and best practices for application security.

• Take part in initiatives aimed at applying security to Artificial Intelligence (AI), which includes data protection, ensuring safe model usage, and performing risk analysis for AI-integrated applications.

• Support risk assessments regarding the utilization of generative AI and intelligent automation within the corporate context.

• Collaborate with Engineering, Architecture, Cloud, and Information Security teams to bolster solution security.

• Advocate for security and safe-AI awareness among technical and product teams.

• Monitor emerging trends, threats, and best practices in AppSec, DevSecOps, and AI security.

⛳️ Requirements

• Strong understanding of Information Security, particularly in Application Security (AppSec).

• Knowledge of secure development practices and best practices based on the OWASP Top 10.

• Experience or familiarity with application security testing tools:

• SAST: SonarQube, Checkmarx, Semgrep.

• DAST: OWASP ZAP, Burp Suite.

• SCA: Snyk, Dependency-Check.

• Understanding of REST APIs, modern web applications, and microservices.

• Familiarity with CI/CD pipelines using tools like GitHub Actions, GitLab CI/CD, or Jenkins.

• Basic understanding of cloud computing and security in Amazon Web Services (AWS) or Google Cloud environments.

• Experience with version control using Git.

• Knowledge of containers and container security with Docker and Kubernetes.

• Familiarity with cloud and container security tools such as Trivy, Wiz, or Prisma Cloud.

• Interest or experience in applying security to Artificial Intelligence (AI), including:

• Security considerations in the use of generative AI.

• Safeguarding data used by AI models.

• Risk assessment in AI-enabled applications.

• Familiarity with frameworks and best practices such as the OWASP LLM Top 10.

• Strong communication skills for effective collaboration with development, engineering, and product teams.

• An analytical and collaborative mindset with a keen interest in new technologies and offensive/defensive security.

🏝️ Benefits

• Flash Card (the beloved pink one!) offering flexible benefits: meal, grocery, mobility, health, education, culture, and wellness.

• Comprehensive health insurance.

• Life insurance coverage.

• Extended maternity and paternity leave along with childcare assistance.

• A day off to celebrate your birthday 🎂.

• Hybrid and flexible work model, including home office allowance and in-office experiences.

• Exclusive partner discounts available through the Flash app.

• TotalPass access.

• Pet care benefits provided through Guapeco.