Job Closed

This listing is no longer active.

Senior Cybersecurity Engineer (AppSec)

Location

Brazil

Posted

80 days ago

Salary

0

Seniority

Senior

Job Description

Senior Cybersecurity Engineer (AppSec)

Olist

Role Description Seu papel como Engenheiro(a) de Cibersegurança na Olist será essencial para atuar na vanguarda da proteção de nossas aplicações. Você será a referência técnica para garantir o Security-by-Design, trabalhando lado a lado com nossos desenvolvedores para construir produtos resilientes e seguros desde a primeira linha de código. Se você possui a expertise técnica para revisar código, simular ataques e modelar ameaças, essa posição foi feita para você. Esta vaga é remota, em regime CLT, com uma logística de trabalho perfeita para quem mora em qualquer lugar do Brasil. - Ciclo de Vida Seguro (SDLC): Trabalhar próximo aos times de desenvolvimento para garantir que as melhores práticas de segurança estejam integradas em todo o SDLC, incluindo o desenvolvimento de diretrizes de codificação segura e revisões de design e arquitetura. Desenvolver regras personalizadas no Semgrep para identificar padrões de vulnerabilidades específicos do nosso contexto de negócio, garantindo escala na revisão de código. - Simulações Ofensivas Avançadas: Realizar testes de intrusão (Pentest) e avaliações de vulnerabilidade, simulando TTPs (Táticas, Técnicas e Procedimentos) de adversários reais e APTs. O foco será identificar falhas em APIs e vetores de movimentação lateral dentro do ambiente de containers e nuvem. - Gestão de Vulnerabilidades: Rastrear, analisar e gerir vulnerabilidades em aplicações, fornecendo suporte prático e orientação para os times de tecnologia na remediação. - Análise de Fraude e Abuso: Analisar o comportamento das aplicações e padrões de transação para detectar cenários de fraude ou abuso, identificando falhas que permitam Account Takeover (ATO), fraudes de pagamento ou manipulação de dados. - Educação em Segurança: Ministrar treinamentos de Secure Coding para o time de engenharia. Qualifications - Experiência prática com revisão de código (Code Review) em linguagens como PHP, Python ou Go (ou similares). - Conhecimento sólido em segurança de containers e orquestradores (Docker, Kubernetes). - Familiaridade com ferramentas de CI/CD, conceitos de GitOps e Platform Engineering. - Experiência com scripting e automação de processos de segurança. - Experiência com ferramentas de AppSec (SAST, DAST, SCA), ferramentas ofensivas (Burp Suite, etc.), domínio do OWASP Top 10 (Web e LLM), MITRE, e outros frameworks. - Capacidade de criar prompts complexos para análise de vulnerabilidades, revisão de código e geração de payloads de teste. - Familiaridade com Antigravity, Kiro, Claude ou extensões de segurança baseadas em IA que aceleram a escrita de scripts de automação e testes. - Conhecimento em ataques como Prompt Injection, Insecure Output Handling, Training Data Poisoning e proteção de workloads e automações desenvolvidas por IA, através de Skills/SSDs, agentes mediadores, LLM Guardrails, AI Firewall, etc. Requirements - Conhecimento em segurança de infraestrutura na nuvem. - Certificações voltadas para AppSec ou Pentest (ex: OSWE, CASE, GWAPT, AWS Security). Benefits - Cartão Caju: liberdade para usar seu saldo em categorias como alimentação, mobilidade, home office, cultura, saúde e educação. - Plano de Saúde e Plano Odontológico: diferentes opções para que você escolha o cuidado que melhor combina com sua realidade. - Wellhub e TotalPass: acesso a academias, estúdios e plataformas de bem-estar para cuidar do corpo e da mente do seu jeito. - Auxílio-creche: apoio no cuidado com a família desde os primeiros passos. - Plano de Saúde Pet: aqui o cuidado se estende até aos nossos pets. - Parceria com o SESC: benefícios exclusivos em lazer, cultura e qualidade de vida. - Terapia online: apoio emocional com acesso facilitado, no seu tempo e espaço. - E muito mais!

Related Categories

Related Job Pages

More Security Engineer Jobs

Full TimeRemoteTeam 51-200H1B No Sponsor

Role Description The Physical Security Solutions Account Executive is responsible for driving new customer acquisition across the State of Indiana. This role will focus on expanding our footprint by building strong relationships, uncovering new opportunities, and delivering modern physical security solutions to organizations across the state. It’s an ideal fit for someone who thrives in territory development, enjoys opening new doors, and excels at consultative selling in markets where trust and execution are key. Responsibilities - Lead new customer acquisition efforts across Indiana, with a focus on the commercial real estate and multifamily verticals. - Build and execute a territory growth plan centered on proactive outreach, discovery, and long-term account development. - Own the prospect and customer-facing milestones of the sales lifecycle, from prospecting and discovery to solution positioning, proposal delivery, negotiation, and close. - Conduct persuasive product and solution demos, aligning customer needs with cloud, on-prem, or hybrid physical security offerings. - Partner closely with Sales Engineering and Technical Account Management to ensure accurate solution design and smooth project transitions. - Represent K Group Companies at industry events, networking functions, and regional engagements. - Maintain accurate CRM data, pipeline forecasts, and activity reporting. - Act as a trusted advisor to prospects, helping them modernize legacy systems and plan long-term technology refresh cycles. What Makes This Role Unique - Indiana is a strategic growth market, you’ll be building on an existing foundation while expanding into new customer relationships. - Significant modernization demand, organizations across the state are upgrading video and access infrastructure, creating consistent opportunity. - High-visibility, high-impact work, your performance directly influences how we scale and invest in the region. - Credible solutions, proven delivery, K Group Companies offers best-in-class cloud-managed, hybrid, and on-prem solutions without forcing a single approach. Qualifications - Experience in B2B sales, ideally in physical security, low voltage integration, IT services or related technical industries. - Strong consultative selling skills with the ability to run discovery, establish value, and tailor solutions to customer needs. - High comfort level with prospecting and developing new relationships; territory growth requires initiative and discipline. - Excellent presentation, communication, and relationship-building skills. - High integrity, strong follow-through, and a commitment to solving real problems for customers. - Willingness to travel regionally throughout Ohio for meetings, walkthroughs, and relationship development. Benefits - Competitive base salary based on experience. - Bonus and commission programs. - Paid Time Off (PTO). - Volunteer Paid Time Off (VTO). - 100% employer paid family health insurance premium. - 100% employer paid disability insurance. - 100% employer paid dental & vision insurance. - 401k with Safe Harbor contributions from company annually. - Profit sharing opportunities.

United States
Job Closed
Castillians logo

Cybersecurity Architect

Castillians

The world's trusted engineering network

ContractRemoteTeam 51-200Since 2006H1B No Sponsor

• Own the end-to-end security architecture for our AWS/Azure cloud environments, including networking, IAM, data encryption, and logging. • Embed security controls into CI/CD pipelines, including automated SAST/DAST scanning, software composition analysis (SCA), and container image scanning in Kubernetes. • Design and implement a Zero Trust architecture, including micro-segmentation, least-privilege access, and continuous device posture validation. • Conduct threat modeling for new product features and microservices using the STRIDE or OWASP threat modeling frameworks. • Build and maintain security-as-code using Terraform, CloudFormation, or Pulumi, ensuring all cloud resources are deployed with hardened baselines. • Select, deploy, and manage security tooling such as CSPM, CWPP, SIEM, and SOAR platforms, integrating them with existing DevOps workflows. • Lead the response to security incidents by performing forensic analysis on cloud workloads and recommending architectural fixes to prevent recurrence. • Partner with legal and compliance teams to map technical controls to requirements for SOC 2, HIPAA, PCI-DSS, and GDPR. • Design secrets management solutions using HashiCorp Vault or cloud-native key management services (KMS). • Create and maintain architecture diagrams, runbooks, and threat models for all critical systems. • Mentor software engineers on secure coding practices and conduct regular architecture review sessions. • Participate in an on-call rotation for security emergencies and critical patch deployments.

Ireland
Sunshine Enterprise USA logo

Network Security Engineer

Sunshine Enterprise USA

Our commitment to creating American jobs

ContractRemoteTeam 51-200Since 2001H1B No Sponsor

• Analyze and document current and future business processes and workflows • Facilitate meetings with business and technical teams to gather requirements • Prepare BRDs, functional documents, use cases, and user stories • Identify system integration points and document data flows between applications • Support PMO activities including task tracking, documentation, and coordination • Collaborate with stakeholders to ensure clear understanding of project goals • Assist in User Acceptance Testing (UAT), test plans, and test cases • Identify process improvements, automation opportunities, and efficiency gaps • Maintain project documentation and ensure alignment with business needs • Support implementation and ensure solutions meet requirements

South Carolina
Job Closed
Full TimeRemoteTeam 51-200Since 2013H1B No Sponsor

• Operate at the intersection of Foresite’s cybersecurity expertise and Google’s security technology. • Partner closely with Google Cloud field sellers, Google Security specialists, and Foresite’s solution architects and delivery teams to identify opportunities, shape solutions, and close business. • Measured on new logo acquisition, annual recurring revenue (ARR), and the expansion of existing customer relationships. • Execute a strategic territory plan to achieve and exceed quarterly and annual bookings quotas for Foresite’s Google Security-aligned services. • Build and maintain a qualified pipeline through direct prospecting, account-based outreach, and co-selling with Google Cloud field teams and channel partners. • Lead negotiations and drive deals to completion, ensuring accurate forecasting and disciplined use of CRM (HubSpot/Salesforce) and deal-desk processes. • Collaborate with Google Cloud account teams on joint account planning, opportunity registration, and leveraging partner funding programs (MDF, POC funding) to accelerate cycles. • Partner with Foresite solution architects and Google specialists to design compelling, outcome-focused proposals and Statements of Work (SOWs). • Represent Foresite at industry events, Google Cloud partner forums, and customer briefings as a credible voice for our Google Security practice. • Develop deep relationships with CISOs, CIOs, and security leaders to understand their business drivers, compliance requirements, and SOC maturity. • Provide structured insights into Foresite’s product and marketing leadership regarding customer needs and competitive dynamics to enhance our service portfolio.

United States
Job Closed