Information Security Consultant managing security standards implementation at LUZA Group in Lisbon, Portugal. Handling analysis of risk and supporting audits while working in a hybrid model.
About the role
- Security Engineering Coordinator leading security teams at Banco Bmg. Focus on secure development practices and collaboration across technical and product squads.
Responsibilities
- Lead the Security Engineering team - Security Architecture, Attack Surface Management and Application Security (DevSecOps)
- Coordinate and guide teams responsible for the secure development lifecycle (SDLC), defining secure architectural standards and the continuous management of the organization’s attack surface.
- Distribute tasks, monitor indicators, review priorities and promote a collaborative environment among technology, product and infrastructure squads.
- Define and maintain the security strategy for applications, architecture and external risk management.
- Ensure adherence to frameworks and best practices such as CIS Controls, NIST CSF, OWASP, ISO 27001, MITRE ATT&CK and internal policies.
- Participate in the development and evolution of security policies, standards and technical requirements.
- Lead Secure by Design and Shift Left initiatives, integrating security practices into the CI/CD pipeline.
- Structure and supervise programs such as SAST, DAST, SCA, IaC scanning, Threat Modeling, security reviews and advanced testing (including pentests).
- Support developers and agile teams with training, guidance and secure coding standards.
- Define the corporate security architecture, ensuring that solutions and projects are designed with Zero Trust, Defense in Depth and data protection principles.
- Evaluate new technologies, review architectural proposals and support cloud journeys, system modernization and platform integrations.
- Identify logical and complex vulnerabilities not detectable by automated tools.
- Perform advanced manual analyses of code, APIs, authentication, cryptography and authorization controls.
- Serve as a technical reference in discussions with IT, business and compliance areas.
- Coordinate identification and continuous monitoring of internet-exposed assets, external vulnerabilities, shadow IT and third-party risks.
- Manage ASM tools, external scanners, threat intelligence and remediation processes in collaboration with infrastructure and development teams.
- Produce executive reports and risk analyses to support decision-making.
- Facilitate communication between technical teams, management, auditors, vendors and technology partners.
- Translate technical risks into clear executive language to support prioritization and strategic alignment.
Requirements
- Previous experience in leadership or coordination roles of security teams.
- Strong experience in at least two of the following areas:
- Application Security
- Security Architecture
- Vulnerability Management / ASM
- Strong experience with cloud environments (AWS, Azure, GCP and OCI) and modern architectures (microservices, Kubernetes, APIs).
- Deep fundamentals in application security, cryptography, OWASP Top 10, secure coding standards and CI/CD integrations.
- Proficiency with frameworks and references such as:
- NIST CSF / SP 800-53
- CIS Controls v8
- OWASP SAMM
- MITRE ATT&CK / D3FEND
- OWASP ASVS
- NIST 800-115
- Knowledge of common tools:
- SAST/DAST
- SCA
- ASM
- Experience with Threat Modeling and architectural review.
- Experience with WAF, DLP, EDR, proxy, API management, NDR.
- Ability to communicate clearly, adapting language for technical and executive audiences.
- Problem-solving orientation, prioritization and risk-based decision making.
- Ability to lead multidisciplinary teams, influence stakeholders and navigate complex environments.
- Adversarial mindset ("offensive mindset") with ethics and responsibility.
- Desired certifications:
- CISSP, CCSP, CSSLP, CISM, CEH, Security+
- Cloud certifications: AWS Security, Azure AZ-500, GCP Security and OCI
- Advanced English
Benefits
- Health plan with no monthly fee + Telemedicine;
- Dental plan with no monthly fee;
- Meal and food vouchers;
- Life insurance;
- Funeral assistance;
- Private pension plan;
- Competitive annual variable compensation (bonus);
- PPR - Profit Sharing Program;
- Único Skill (free education benefit);
- Bike rack and changing rooms;
- Childcare assistance;
- Internet allowance;
- Wellness programs;
- On-site clinic;
- Pregnancy program;
- Extended maternity and paternity leave;
- Copay waiver for pregnant women and babies up to 1 year;
- Personalized baby kit;
- Dr. BMG – Telepsychology + Telemedicine + Nutritionist + Nurse and Physical Education professional, extended to dependents;
- PAP - Financial, legal and psychological advisory program;
- Gympass/Wellhub - Discounts at gyms;
- Pharmacy discount program;
- Fresh fruit every day;
- Birthday day off;
- Flexible dress code;
- Hybrid work model.
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
No Education Requirement
Tech skills
Location requirements
Senior Cybersecurity Analyst at Boeing performing advanced cybersecurity assessments and risk evaluations for third - party vendors. Focusing on automation, lean processes, and collaborating with key stakeholders across departments.
Cybersecurity Manager ensuring regulatory compliance in information security within the Mexican framework. Collaborating with technology teams to strengthen governance, risk, and control model.
CISA Auditor focusing on cloud security audits for a Zurich - based international bank. Ensuring cybersecurity and identifying vulnerabilities in IT systems with risk - oriented audits.
Cybersecurity Specialist managing compliance for DoD security transition to Zero Trust Architecture. Involves overseeing RMF activities and ensuring ATO deadlines are met in cloud environments.
Engineer II responsible for managing enterprise customer support in Security Engineering. Focused on troubleshooting and diagnosing security incidents in a hybrid work environment.
Guest Safety Agent at HRI Hospitality ensuring safety and hospitality for guests and managing outlet spaces. Maintaining a secure environment while engaging with guests and visitors in New Orleans.
Cybersecurity Architect for Saint Louis University developing and assessing security strategies and architecture. Ensuring secure IT services through effective security technologies and practices.
Senior Commercial Manager developing and executing Cyber Security strategies, managing client portfolios and leading complex negotiations in São Paulo.
Security Officer responsible for maintaining safety at WarHorse Casino. Enforcing policies, responding to incidents, and providing customer service to guests.