Senior Information Security Analyst – DevSecOps, Cloud Security
Banco ABC Brasil
full-time
Posted on:
Location Type: Hybrid
Location: São Paulo • Brazil
Visit company websiteExplore more
Job Level
About the role
- Define and implement security strategies for applications and platforms, aligned with architectural standards in collaboration with IT Architecture.
- Integrate security into CI/CD pipelines (Azure DevOps and GitHub Actions): SAST, DAST, SCA, secret scanning, container analysis (OCR Scanning/IAST) and risk-based build-blocking policies.
- Manage the vulnerability lifecycle (SAST/DAST/SCA/Container): triage, prioritization (CVSS/CWE), guidance to squads and follow-up until remediation.
- Drive Secure SDLC: threat modeling (STRIDE/DREAD/MITRE ATT&CK), architecture security reviews, security-focused code reviews, guidelines (OWASP Top 10 / API Top 10 / ASVS) and hardening from design through production.
- Operate native controls in Azure and AWS/GCP, implement identity patterns, network segmentation and posture management (CSPM).
- Automation & IaC: embed security controls in Terraform (policy-as-code, IaC scanning), and build automations and integrations (PowerShell, Python, Go).
- Incident Response and Hunting: support analyses, provide feedback to processes and strengthen defensive controls.
- Enablement & Culture: train, raise awareness and influence engineering teams, positioning security as an enabling partner.
- Compliance & Audit (primarily financial): support evidence collection and adherence to NIST, ISO 27001, OWASP, LGPD and Central Bank (Bacen) regulations where applicable.
Requirements
- Proven experience in Application Security / DevSecOps, with technical initiatives and integration of security into the SSDLC.
- Multicloud experience focused on Azure and AWS (hands-on) and good knowledge of GCP (strong in AWS/Azure with willingness to expand GCP skills).
- Practical experience with CI/CD (Azure DevOps and/or GitHub), SAST, SCA, DAST, secret scanning, container analysis and automation of controls.
- IAM/RBAC/PIM, segmentation and networking (VNet/VPC, NSG/SG, Firewall/WAF), cloud policies and posture (Defender for Cloud/CSPM).
- Kubernetes (AKS/EKS/GKE) and containers: image security, supply chain, policies and hardening.
- Secrets/vault management (Azure Key Vault, AWS Secrets Manager, GCP Secret Manager, HashiCorp Vault).
- Solid knowledge of OWASP Top 10, API Security Top 10, ASVS, MITRE ATT&CK, Zero Trust and threat modeling.
- Scripting (PowerShell, Python or Go, AZ CLI and AWS CLI) and Terraform (IaC) with security practices (policy/scan).
- Clear communication, influence and autonomy to drive remediations and architectural decisions.
- Bachelor's degree in IT/Engineering or a related field.
- **Certifications (Preferred)**
- CompTIA Security+
- EC-Council Certified DevSecOps Engineer (ECDE)
- CompTIA DevSecOps Engineer
- AZ-500
- SC-100
- AWS Security Specialty
- GCP Professional Cloud Security Engineer
Benefits
- Medical insurance
- Dental insurance (Omint)
- Life insurance
- Profit sharing (PLR)
- Performance bonus (PPR)
- "ABC with You": a program supporting employees and their families with legal, social, psychological and financial assistance
- Meal voucher
- Food allowance
- Extended parental leave: 20 days paternity and 6 months maternity
- Childcare/nanny allowance
- Annual day off
- Home office allowance
- Home office infrastructure support
- TotalPass
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard Skills & Tools
Application SecurityDevSecOpsCI/CDSASTDASTSCATerraformKubernetesIAMnetwork segmentation
Soft Skills
clear communicationinfluenceautonomy
Certifications
CompTIA Security+EC-Council Certified DevSecOps EngineerCompTIA DevSecOps EngineerAZ-500SC-100AWS Security SpecialtyGCP Professional Cloud Security Engineer