Security Analyst
Мэтч & Сопровод
Для мэтча с этой вакансией нужен Plus
Описание вакансии
TL;DR
Security Analyst (AppSec/TVM): Building and maintaining security solutions for application, API, cloud-native, and AI/LLM-powered capabilities with an accent on vulnerability management, DAST/SAST/SCA triage, and secure SDLC practices. Focus on analyzing scan results, prioritizing risk, driving precise remediation with development teams, and operationalizing AI security testing strategies.
Location: Remote (Brazil)
Company
develops supply chain software solutions and security capabilities for modern applications.
What you will do
- Scan and manage vulnerabilities across applications and infrastructure, including DAST, SAST, and software composition analysis (SCA).
- Analyze scan findings, validate results, reduce false positives, and prioritize remediation by risk.
- Collaborate with development teams to deliver actionable remediation recommendations and verify fixes.
- Apply OWASP Top 10 and common web application/API attack methods to support threat modeling and design reviews.
- Use AI-augmented tooling to accelerate vulnerability analysis, triage, and reporting, and improve TVM/AppSec workflows.
- Lead and support security testing for AI and LLM-powered features, including OWASP Top 10 for LLM Applications and SDLC integration.
Requirements
- 5+ years of experience in Application Security, Product Security, or Vulnerability Management.
- Hands-on experience with DAST and SAST tools for web application and API security testing.
- Deep understanding of OWASP Top 10 and secure SDLC principles.
- Experience with cloud platforms (AWS, Azure, OCI) and CSPM tools (e.g., WIZ).
- Experience working directly with software development teams on remediation.
- Location: must be based in Brazil (remote)
Nice to have
- Experience testing or securing LLM-powered applications in production.
- Familiarity with security testing tools such as Burp Suite, ZAP, Snyk, Semgrep, Checkmarx, or Veracode.
- Strong scripting/automation skills (Python, Bash, etc.).
- Exposure to SOC 2 / ISO 27001 controls related to AppSec.
Culture & Benefits
- Hands-on role within a Threat and Vulnerability Management (TVM) team.
- AI-augmented security tooling to improve testing efficiency and triage.
- Collaboration with development and product teams to mature AppSec and AI security practices.
- Equal-opportunity employer with a focus on inclusion.
Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →