Cartão Elo

Senior Information Security Analyst – Red Team

Cartão Elo

full-time

Posted on:

Location Type: Hybrid

Location: Barueri • 🇧🇷 Brazil

Visit company website
AI Apply
Apply

Job Level

Senior

Tech Stack

SDLC

About the role

  • Plan and execute intrusion tests (Red Team) focused on the proactive and preventive identification of security risks, with an emphasis on ensuring environment compliance to maintain PCI DSS certification
  • Provide technical recommendations and remediation to development, infrastructure, and architecture teams
  • Plan and execute security testing within the secure development pipeline (DevSecOps)
  • Assist development teams in identifying potential security risks and guide them toward secure development best practices
  • Support code reviews and security testing
  • Promote a secure development mindset at Elo through cultural initiatives and training
  • Develop and deliver security training and secure coding best practices
  • Maintain and improve KPIs/dashboards for vulnerability management
  • Support adherence to appropriate control levels to protect sensitive data and validate implemented controls
  • Create, validate, and review intrusion test reports, documenting exploitation methodology, proof-of-concept, and mitigation and remediation plans for identified vulnerabilities
  • Evaluate, address, and centralize vulnerabilities identified in the secure development process, vulnerability scans, and intrusion tests
  • Support mitigation efforts and/or propose compensating controls to address security risks

Requirements

  • Strong offensive security experience focused on penetration testing of web applications, mobile, APIs, infrastructure, networks, and social engineering
  • Experience presenting security risks/vulnerabilities discovered by SAST/DAST/SCA and penetration tests to different business areas
  • Experience/knowledge with vulnerability scanning tools, SAST, DAST, SCA, and other related tools
  • Good knowledge of secure development methodologies and frameworks (OWASP, SAMM, Microsoft SDL) and threat modeling (STRIDE)
  • Experience with the S-SDLC (Secure Software Development Life Cycle) process
  • Experience implementing CI/CD pipelines
  • Experience executing processes to obtain and maintain PCI DSS certification
  • Relevant certifications such as OSCP, CPENT, DCPT, CompTIA Pentest+, CRTA, CRTO, or similar (preferred)
  • Interest in staying up to date with the latest cybersecurity trends and threats (preferred)
  • Intermediate English for reading and communication with vendors and support (preferred)
Benefits
  • Profit-sharing program (PPR)
  • Medical insurance (Bradesco - copayment)
  • Optional dental insurance (Bradesco)
  • Life insurance (Banco do Brasil)
  • Optional private pension plan (employee may contribute up to 7.8% of salary and Elo's contribution ranges from 100% to 200% according to rules)
  • Meal/food allowance of R$1,800.00
  • Flexible credit balance of R$150.00
  • Christmas benefit card: R$750.00
  • Home office allowance of R$200.00 for hybrid model and R$300.00 for remote model
  • Mobility allowance of R$400.00
  • Free parking
  • Childcare allowance for parents
  • Culture allowance (benefit to be used for theater, cinema, or bookstores)
  • Extended parental leave (for same-sex couples, fathers, adoptive parents, etc.)
  • Birthday day off
  • Zenklub (psychotherapy - up to 4 sessions per month fully covered by Elo)
  • WellHub and TotalPass (network of gyms and studios for sports activities)

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard skills
penetration testingvulnerability scanningsecure development methodologiesthreat modelingCI/CD pipelinesS-SDLCsecure coding best practicessecurity testingintrusion testingremediation planning
Soft skills
communicationpresentationcollaborationtrainingmentoringcultural initiativesguidanceproactive mindsetorganizational skillsproblem-solving
Certifications
OSCPCPENTDCPTCompTIA Pentest+CRTACRTO
Cartão Elo

Analista de Segurança da Informação Pleno – Gestão de Identidades e Acessos

Cartão Elo
Mid · Seniorfull-timeBrasil
Posted: 5 hours agoSource: vempraelo.gupy.io
AWSAzureCloudGoogle Cloud PlatformOraclePythonSOAP
Cartão Elo

Senior Information Security Analyst – Cyber Governance

Cartão Elo
Seniorfull-time🇧🇷 Brazil
Posted: 5 hours agoSource: vempraelo.gupy.io
Cartão Elo

Senior Information Security Analyst – Cybersecurity Architecture

Cartão Elo
Seniorfull-time🇧🇷 Brazil
Posted: 5 hours agoSource: vempraelo.gupy.io
AWSAzureCloudGoogle Cloud PlatformTerraform
Cartão Elo

Mid-Level Information Security Analyst – Identity and Access Management

Cartão Elo
Mid · Seniorfull-timeBrasil
Posted: 5 hours agoSource: vempraelo.gupy.io
AWSAzureCloudGoogle Cloud PlatformOraclePythonSOAP