Назад
Company hidden
1 день назад

Security Analyst

Формат работы
remote (только Brazil)
Тип работы
fulltime
Грейд
senior
Английский
b2
Страна
Brazil
Вакансия из списка Hirify.GlobalВакансия из Hirify Global, списка международных tech-компаний
Для мэтча и отклика нужен Plus

Мэтч & Сопровод

Для мэтча с этой вакансией нужен Plus

Описание вакансии

Текст:
/

TL;DR

Security Analyst (AppSec/TVM): Building and maintaining security solutions for application, API, cloud-native, and AI/LLM-powered capabilities with an accent on vulnerability management, DAST/SAST/SCA triage, and secure SDLC practices. Focus on analyzing scan results, prioritizing risk, driving precise remediation with development teams, and operationalizing AI security testing strategies.

Location: Remote (Brazil)

Company

hirify.global develops supply chain software solutions and security capabilities for modern applications.

What you will do

  • Scan and manage vulnerabilities across applications and infrastructure, including DAST, SAST, and software composition analysis (SCA).
  • Analyze scan findings, validate results, reduce false positives, and prioritize remediation by risk.
  • Collaborate with development teams to deliver actionable remediation recommendations and verify fixes.
  • Apply OWASP Top 10 and common web application/API attack methods to support threat modeling and design reviews.
  • Use AI-augmented tooling to accelerate vulnerability analysis, triage, and reporting, and improve TVM/AppSec workflows.
  • Lead and support security testing for AI and LLM-powered features, including OWASP Top 10 for LLM Applications and SDLC integration.

Requirements

  • 5+ years of experience in Application Security, Product Security, or Vulnerability Management.
  • Hands-on experience with DAST and SAST tools for web application and API security testing.
  • Deep understanding of OWASP Top 10 and secure SDLC principles.
  • Experience with cloud platforms (AWS, Azure, OCI) and CSPM tools (e.g., WIZ).
  • Experience working directly with software development teams on remediation.
  • Location: must be based in Brazil (remote)

Nice to have

  • Experience testing or securing LLM-powered applications in production.
  • Familiarity with security testing tools such as Burp Suite, ZAP, Snyk, Semgrep, Checkmarx, or Veracode.
  • Strong scripting/automation skills (Python, Bash, etc.).
  • Exposure to SOC 2 / ISO 27001 controls related to AppSec.

Culture & Benefits

  • Hands-on role within a Threat and Vulnerability Management (TVM) team.
  • AI-augmented security tooling to improve testing efficiency and triage.
  • Collaboration with development and product teams to mature AppSec and AI security practices.
  • Equal-opportunity employer with a focus on inclusion.

Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →