SecOps Engineer, AppSec

This is a fully remote position, open to applicants in Brazil.

📋 Description

• Safeguard the confidentiality, integrity, and availability of applications, services, data, and cloud infrastructure.

• Detect, assess, and address vulnerabilities.

• Offer support, guidance, and training to the DevOps team, application owners, and other stakeholders.

• Organize, coordinate, and implement remediation efforts.

• Aid in the creation of application security test plans.

• Investigate, evaluate, and suggest new and existing tools and techniques.

• Collaborate with threat detection and incident response teams during security incidents.

• Create documentation on vulnerability and risk analysis for security audits.

• Establish and execute application security processes, which include identifying weaknesses, defining security strategies, and performing penetration tests.

• Develop and enforce security-related standards, policies, and procedures.

• Analyze security data to spot and mitigate potential threats.

• Conduct internal security audits.

• Perform internal penetration tests and vulnerability assessments, creating remediation plans for identified issues.

• Generate and manage risk analysis documentation.

• Oversee the development of security metrics and reports.

• Spearhead the design and implementation of information security best practices.

• Maintain a comprehensive security engineering knowledge base.

⛳️ Requirements

• Bachelor's degree in IT or a related field, either completed or in progress.

• Prior experience as an AppSec Engineer or Penetration Tester with responsibilities in cloud security.

• Strong knowledge of GitHub (experience with GitHub Advanced Security is advantageous).

• Proficient in scripting languages such as Python and shell scripting.

• Experience in reviewing and implementing internal processes and controls, as well as managing security projects.

• Understanding of cybersecurity with an emphasis on cloud security, infrastructure, and monitoring.

• Previous experience with Amazon AWS.

• Familiarity with PTES, OSSTM, OWASP, and NIST CSF.

• Knowledge of Java and/or Node.js is a plus.

• Offensive security certifications such as OSCP, eCPPT, or similar qualifications are beneficial.

• Advanced proficiency in English.

🏝️ Benefits

• Bradesco health and dental plans for you and your dependents, with no co-payment costs.

• Life insurance with enhanced coverage.

• Meal voucher and supermarket voucher.

• Home office allowance.

• Wellhub — a platform providing access to fitness spaces and online classes.

• Trustly Club — discounts at educational institutions and partner stores.

• English program — online group classes with a private teacher.

• Extended maternity and paternity leave.

• Birthday day off.

• Flexible hours / remote-first culture — you can work from any city in Brazil.

• Welcome kit — we provide Apple equipment (MacBook Pro, iPhone) and additional perks; equipment may be purchased by employees according to internal criteria.

• Annual premium — eligibility for a discretionary annual bonus based on company KPIs and individual performance.

• Referral program — receive a reward if a candidate you refer is hired.