Senior Security Analyst – DevSecOps

This is a fully remote position, open to applicants in Brazil.

📋 Description

• Drive the implementation of DevSecOps methodologies in solutions provided by vendors, guaranteeing the integration of security requirements, the establishment of controls (security gates), and the creation of audit evidence.

• Collaborate with Cybersecurity experts to perform security evaluations of systems and services, which includes Threat Modeling and support for Penetration Testing, from coordination through to follow-up on remediation efforts.

• Carry out and assist in Secure SDLC initiatives, encompassing requirements definition, architecture assessments, and release validation.

• Aid in identity and access management (IDAM) controls, which includes managing Movers, Leavers processes, and access recertification.

• Establish and uphold service account controls, which involves dynamic password management (rotation, least privilege, and traceability).

• Facilitate integrations and cryptographic processes involving HSMs, ensuring compliance with controls and operational key management protocols.

• Implement and support production changes in accordance with established standards (e.g., change governance, testing, and documentation).

• Identify and escalate technical risks that could affect operations or clients, addressing incidents, problems, and changes proactively.

• Keep technical documentation and operational runbooks up to date, ensuring resilience, governance, and compliance.

⛳️ Requirements

• At least 5 years of experience in financial institutions, with an understanding of the Brazilian financial market and Core Banking operations.

• Practical experience with DevSecOps and collaboration with software produced by third-party vendors.

• Demonstrated experience working with security teams in:

• Threat Modeling

• Coordination of Penetration Testing and management of remediation efforts

• Identity and access management controls (IDAM)

• Management of service accounts and password rotation

• Concepts and operations involving HSM

• Secure SDLC methodologies

• Strong knowledge of Windows and Unix/Linux environments.

• Familiarity with tools such as ServiceNow, Splunk, Jira, and identity management services (LDAP/Active Directory).

• Excellent stakeholder management abilities (with internal teams and global vendors) and effective communication skills.

• Proficient in English at an advanced level.

🏝️ Benefits

• Meal allowance or meal voucher.

• Discounts on courses, universities, and language schools.

• Access to Stefanini Academy — a platform offering free, current online courses with certificates.

• Mentoring opportunities.

• Benefits club for consultations and medical examinations.

• Health insurance coverage.

• Dental insurance coverage.

• Benefits and discounts club at leading establishments.

• Travel club membership.

• Pet care benefits.