Embedded Security Software Architect developing secure cryptographic libraries for embedded applications at NXP Semiconductors. Collaborating with engineering teams to ensure high quality and integration.
About the role
- Cybersecurity Specialist at Caixa Vida e Previdência ensuring safety in various technology solutions. Collaborating with teams to implement security measures and respond to incidents.
Responsibilities
- Assist in configuring and implementing security best practices in SAST/DAST tools and Microsoft Azure Cloud (domain, MS365 and infrastructure);
- Participate in the implementation of Event Monitoring (SOC and MSS);
- Actively participate in incident handling with CSIRT teams by investigating and reproducing threats;
- Work closely with IT teams and other departments to ensure cybersecurity across the organization;
- Assist teams in remediating/mitigating vulnerabilities and establishing security controls;
- Propose new security solutions based on emerging trends and market technologies;
- Conduct PoCs (proofs of concept) for new technologies and tools to improve department processes;
- Prepare KPIs and technical and management reports;
- Lead initiatives for code reviews, architecture reviews and application design (Mobile, Web, APIs and microservices);
- Drive and maintain the Secure by Design program, secure SDLC and DevSecOps practices;
- Gather requirements for deploying DAST, SAST, IAST, SCA solutions and security tools within CI/CD pipelines;
- Perform Threat Modeling, Code Reviews and internal penetration tests focused on critical applications;
- Conduct workshops and technical training for developers and architects, focusing on vulnerability remediation and secure coding best practices;
- Support the definition of security requirements for new projects and integrations with third-party applications;
- Monitor vulnerabilities in third-party libraries and support secure dependency management;
- Participate in architecture committees and technical reviews to ensure security from the start of the software development lifecycle.
Requirements
- Knowledge of Windows Server and Linux server infrastructure;
- Experience with application security and penetration testing for on-premises and Azure cloud environments;
- Knowledge of Single Sign-On authentication solutions and federation standards such as ADFS and Azure AD;
- Familiarity with security methodologies and frameworks such as ISO 27001/27002, NIST CSF, CIS Top 20, ISF Healthcheck, SUSEP 638, among others;
- Experience with agile methodologies;
- Strong ability to read, interpret and translate texts in English;
- Excellent written and verbal communication skills;
- Skills in automating CI/CD pipelines;
- Proficiency with SAST and DAST tools;
- Knowledge of secure development practices to analyze and remediate vulnerabilities;
- Knowledge of containers and virtualization;
- Experience in threat modeling;
- Understanding of Infrastructure as Code (IaC) concepts;
- Knowledge of agile methodologies, DevSecOps, and certifications such as CSSLP (Certified Secure Software Lifecycle Professional) and CDSP (Certified DevOps Security Professional);
- Degree in information technology or related fields (e.g., Computer Engineering, Computer Science, Information Systems, Data Processing, Information Security, Networking, etc.);
- Postgraduate degree in technology or information security is desirable;
- Desirable information security certifications such as OSCP, OSCE, OSWE, SANS GIAC, CEH, DCPT, CompTIA, CSSLP, CDSP, among others.
Benefits
- Profit sharing
- Flexible working hours
- Meal and food vouchers
- Wellhub
- Transportation voucher
- Health insurance
- Dental insurance
- Pharmacy assistance
- Childcare and nanny assistance
- Life insurance
- Travel insurance
- Pension plan
- Maternity kit
- Maternity leave
- Paternity leave
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
Coordinate security governance tasks at Vivo to strengthen compliance and risk management. Focus on incident management and develop security maturity within the organization.
Safety Technician at TIM responsible for compliance with health and safety regulations and conducting inspections, training, and audits. Focused on workplace safety and managing emergency processes in Brazil.
Security Administrator providing personnel security and access control support for an Intelligence Community customer. Ensuring compliance with security regulations and managing security records in a fast - paced environment.
Industrial Security Senior Manager overseeing a team at Boeing to implement security policies and mitigate risks. Responsible for compliance, training, and liaising with security representatives.
Director of Engineering, Security in charge of Nexxen's security program and governance. Leading secure practices and collaborating with executives to ensure risk reduction and compliance.
Health and Safety Manager designing and implementing safety measures in occupational health. Collaborating with organizational areas to manage risk factors and ensure workplace safety.
Lead Security Engineer at US Mobile building systems for the 21st century with a focus on fraud prevention and security integration across SDLC.
Business Development Representative at xorlab driving proactive lead generation in cybersecurity market. Collaborating closely with sales and marketing team to optimize lead development processes.
Cyber Security Architect responsible for IT security compliance and cyber - risk management at a Swiss utility firm. Engaging with cross - functional teams to implement 'Secure - by - design' strategies.