AB InBev logo
AB InBev

To a Future With More Cheers

Cybersecurity Engineer (Penetration Tester/Offensive Security/Red Team)

Security EngineerSecurity EngineerFull TimeRemoteMid LevelTeam 10,001+H1B No SponsorCompany SiteLinkedIn

Location

Brazil

Posted

49 days ago

Salary

0

Seniority

Mid Level

Job Description

Cybersecurity Engineer (Penetration Tester/Offensive Security/Red Team)

AB InBev

Role Description A maior cervejaria do mundo está com vaga aberta para Engenheiro de Cibersegurança Pleno (Red Team). Estamos em busca de um(a) profissional de Segurança Ofensiva com foco em testes de penetração, capaz de identificar vulnerabilidades reais e traduzi-las em riscos claros para o negócio. Esse profissional será responsável por executar testes em aplicações, APIs, infraestrutura e ambientes em nuvem, utilizando frameworks como MITRE ATT&CK e boas práticas de mercado, contribuindo diretamente para a evolução da maturidade de segurança da organização. Essa oportunidade está disponível para trabalho remoto. Principais responsabilidades - Executar testes de penetração em: - Aplicações web e APIs (OWASP Top 10) - Infraestrutura (rede interna e externa) - Ambientes em nuvem (Azure, GCP, AWS) - Containers - Autenticação e autorização - Utilizar MITRE ATT&CK para: - Mapear técnicas exploradas - Estruturar ataques - Apoiar evolução de detecções - Identificar, explorar e documentar vulnerabilidades com evidências técnicas - Elaborar relatórios técnicos com: - Descrição da falha - Evidência de exploração - Impacto para o negócio - Recomendações práticas de mitigação - Apoiar times técnicos na validação e correção das vulnerabilidades - Participar de testes recorrentes e retestes - Apresentar relatórios técnicos dos pentests realizados: - Para Stakeholders - Para Desenvolvedores - Em alguns casos saber apresentar tecnicamente um relatório em inglês para times internos de outros países (unidades de negócio fora do Brasil) - Apoiar iniciativas pontuais de: - Purple Team - Simulação de ataques com ATTACK IQ - Melhoria contínua de segurança Qualifications - Perfil analítico e investigativo - Capacidade de detectar vulnerabilidades técnicas com impacto para o negócio - Boa comunicação com times de desenvolvimento e infraestrutura e demais gestores e pares - Organização para documentar evidências - Postura ética e respeito às regras de engajamento - Colaborativo: facilidade em trabalhar com outros times - 3+ anos em segurança ofensiva, sendo pelo menos 1+ ano em Red Team/adversary emulation e testes de penetração formais - Forte experiência em pentest de aplicações web/APIs (OWASP Top 10), falhas de autenticação/autorização, testes de mobile, redes e infraestrutura - Capaz de se comunicar em inglês (escrita e verbal), com capacidade de interagir com stakeholders globais e produzir/validar relatórios em inglês Requirements - Experiência em ambientes modernos: Active Directory, Linux, nuvem (AWS/Azure/GCP), containers - Excelentes habilidades de comunicação escrita e verbal; capacidade de criar relatórios técnicos e apresentações executivas - Capacidade de liderar projetos de forma autônoma, orientar outros membros da equipe e gerir entregas múltiplas - Certificações na área - Experiência com automação de scripts (Python, Bash, etc) Benefits - 25 dias de home office - Vale refeição ou alimentação ifood - Vale transporte - Bônus - Plano de saúde e Telemedicina - Convênio odontológico - Convênio Farmácia - Seguro de vida - Instituto Ambev de Previdência Privada - Auxílio Material Escolar - Cesta de Natal e Kit Congelado - Brinquedos de Natal - Empresa cidadã (licença maternidade e paternidade) e presente do bebê - Desconto mensal em produtos AMBEV - Wellhub (Gympass) - Fretado - Abono anual referente a um salário

Related Categories

Related Job Pages

More Security Engineer Jobs

Essnova Solutions, Inc. logo

Security, RMF Lead

Essnova Solutions, Inc.

Federal contracting company specializing in technical, geospatial, healthcare, and administrative solutions.

Full TimeRemoteTeam 11-50Since 2005H1B No Sponsor

• Maintain System Security Plans (SSPs) as living documents for all NCHS systems, ensuring timely updates after security-impacting changes. • Manage Plan of Action & Milestones (POA&Ms) with quarterly progress reviews, closure evidence, and remediation tracking. • Remediate vulnerabilities within mandated timelines, track findings through closure, and provide retesting evidence. • Prepare Authorization to Operate (ATO) packages—including SSPs, POA&M status, assessment results, and risk analysis—for Authorizing Official review. • Conduct annual security assessments of one-third-plus-key-controls using CSAM or equivalent tools. • Submit monthly authenticated vulnerability and application scan results by the fifth business day. • Coordinate among developers, system owners, and security staff, and liaise with CDC CSPO, NCHS SSPO, and CDC Enterprise Architects. • Follow CDC CSPO Change Management SOP, including security impact analysis for post-ATO changes. • Support implementation of the Risk Management Framework (RMF), FISMA compliance, and OMB directives. • Produce security-related EPLC artifacts for governance and stage-gate reviews. • Lead SSP development during the 30-day transition-in activation sequence and support SSP submission within 30 days of contract award. • Support PTA/PIA activities with CDC privacy officials.

United States

Head of IT Security

NOVENTI Health SE / Berg-am-Laim

NOVENTI ist der führende Anbieter von Abrechnung, Software, Finanzdienstleistungen und digitalen Plattformen im europäischen Gesundheitsmarkt. Gegründet vor 125 Jahren umfasst das Unternehmen mit Hauptsitz in München heute über 1.600 Mitarbeitende.

Role Description Sie möchten IT-Security nicht nur verwalten, sondern aktiv weiterentwickeln und strategisch mitgestalten? In dieser Rolle übernehmen Sie Verantwortung für den Ausbau der IT-Sicherheit, führen ein spezialisiertes Team und arbeiten eng mit internen Stakeholdern sowie externen Partnern zusammen. - Die fachliche und disziplinarische Führung eines IT-Security-Teams mit aktuell fünf Mitarbeitenden liegt in Ihrem Verantwortungsbereich. - Gemeinsam mit dem Head of IT-Services und in Abstimmung mit dem CISO entwickeln Sie die unternehmensweite IT-Security-Strategie weiter und sorgen für deren nachhaltige Umsetzung. - Definition, Pflege und kontinuierliche Optimierung von Sicherheitsrichtlinien, Standards und Prozessen. - Verantwortung für das IT-Security-Budget inklusive Investitionsplanung für Tools, Lizenzen und externe Dienstleister. - Interne Fachbereiche beraten in allen Fragestellungen rund um Informations- und Cybersicherheit und fördern eine unternehmensweite Sicherheitskultur. - Identifikation und Bewertung neuer Bedrohungslagen sowie Ableitung geeigneter Gegenmaßnahmen. - Verantwortung für die Sicherheitsarchitektur in den Bereichen Netzwerk, Endpoint, Cloud sowie Identity & Access Management. - Steuerung des externen Security Operations Centers (SOC) sowie externer Dienstleister, Vendoren und Beratungspartner im Security-Umfeld. - Unterstützung des Incident-Response-Prozesses inklusive Krisenkommunikation bei sicherheitsrelevanten Vorfällen. - Verantwortung für Vulnerability Management, Penetrationstests sowie Red- und Blue-Team-Aktivitäten. - Begleitung interner und externer Audits sowie Zertifizierungen und strukturierte Vor- und Nachbereitung. - Enge Zusammenarbeit mit IT-Infrastruktur, IT-Governance, IT-Entwicklung sowie weiteren Fachbereichen. Qualifications - Mehrjährige Berufserfahrung im IT-Security-Umfeld – idealerweise mindestens drei bis fünf Jahre. - Abgeschlossenes Studium im Bereich Informatik, IT-Security oder einer vergleichbaren Fachrichtung oder entsprechende praktische Erfahrung. - Erste Führungserfahrung, beispielsweise in der Leitung eines kleineren Teams. - Weiterbildungen oder Zertifizierungen im Security-Umfeld sind wünschenswert. - Erfahrung in regulierten Branchen wie Factoring oder Financial Services. - Vertrautheit mit regulatorischen Anforderungen und Standards wie DORA, NIS2 oder CRA. - Erfahrung in der Zusammenarbeit mit externen Partnern, Dienstleistern und Vendoren. - Strategisches Denken und Motivation, IT-Security-Strukturen aktiv weiterzuentwickeln. - Kommunikationsstärke, Durchsetzungsvermögen sowie souveränes Auftreten auf unterschiedlichen Ebenen. - Strukturierte Arbeitsweise, Verantwortungsbewusstsein und ausgeprägte Teamfähigkeit. - Reisebereitschaft innerhalb Deutschlands. Benefits - Altersversorgung. - Speziell auf unsere Branche zugeschnittene Konzepte und attraktive Zuschüsse. - Belonio Gutscheine. - Monatliches Guthaben von bis zu 50€ für namhafte Gutscheinpartner. - Individuell planbarer Brauchtumstag als zusätzlichen freien Tag. - NOVENTI bezuschusst das Deutschlandticket mit 25€. - Vergünstigte Mitgliedschaft für Bewegung, Ausgleich und Gesundheit (EGYM WELLPASS). - Fahrradleasing eines hochwertigen (E-)Bikes mit Steuervorteil. - Profitiere von attraktiven Mitarbeiter-Rabattprogrammen. - Frei an Heiligabend und Silvester (HASI-Tag). - 15 Tage pro Jahr mobiles Arbeiten im europäischen Ausland (Workcation). Company Description NOVENTI ist der führende Anbieter von Abrechnung, Software, Finanzdienstleistungen und digitalen Plattformen im europäischen Gesundheitsmarkt. Gegründet vor 125 Jahren umfasst das Unternehmen mit Hauptsitz in München heute über 1.600 Mitarbeitende.

Germany
UiPath logo

Security Engineer I

UiPath

Committed to shaping a world where AI enhances human potential & #agentic automation transforms how businesses operate.

Full TimeRemoteTeam 1,001-5,000Since 2005H1B Sponsor

• Triage and investigate incidents across SIEM, EDR, network, identity, and cloud telemetry; support containment, eradication, and incident communications under senior guidance. • Contribute to root cause analysis and close the loop with Threat Intelligence and Detection Engineering to produce durable detections, controls, or playbook updates. • Participate in proactive threat hunting across enterprise and cloud telemetry under the direction of senior analysts. • Help maintain IR playbooks and runbooks and participate in drills and tabletop exercises. • Recommend and help tune the detection and response tooling stack (SIEM, EDR, SOAR, case management) in both environments • Actively seek mentorship from senior IR engineers and grow toward independent ownership of incidents over time. • Follow strict procedures and requirements for but not limited to the authorized IR Plan, NIST 800-53 IR controls, CISA notifications, chain of custody, data classification handling, and event classification and reporting requirements.

Washington
$115K - $150K / year
Job Closed
decircle logo

Head of Security & Risk

decircle

Talent Partner for decentralized organizations and projects that are building Web3.

Full TimeRemoteTeam 1-10Since 2019H1B No Sponsor

• Build M0’s enterprise risk program from scratch covering security, operational, regulatory, and counterparty risk, including the risk register, annual assessments, scenario analyses, and escalation framework across all entities. • Own M0's compliance posture across SOC 2, ISO 27001, and other applicable frameworks — driving all non-technical workstreams (policy writing, auditor coordination, vendor risk, access reviews, third-party SaaS vendor evaluations) and keeping the organization audit-ready at all times. • Design and maintain M0's incident response framework, ISMS documentation, and security policies — own external security vendor relationships, facilitate tabletop exercises covering IR, BCP, and DR scenarios, and drive the selection of a security advisory firm for on-call support. • Serve as M0's primary point of contact for institutional partner security due diligence and inbound security questionnaires, build and maintain the reusable documentation package for responding to partner requests, and coordinate with Senior Counsel on information security representations in commercial agreements. • Design and own M0's security awareness training program, ensure all employees understand their security obligations, and build a proactive security culture across engineering, operations, legal, and business teams.

New York