Specialist I – SbD, Security by Design

Grupo Boticário

full-time

Posted on: 2/5/2026

Location Type: Remote

Location: Brasil

✨ AI Apply

About the role

We are looking for an Information Security specialist to proactively identify risks in fast-paced innovation scenarios for Grupo Boticário companies, with a focus on the Security by Design process. You will act as a trusted consultant to software/product engineering areas and maintain close collaboration with technical teams — such as development squads and infrastructure/DevOps teams — as well as non-technical teams, for example business areas, ensuring information security from the conception of new applications and digital products, and also across Grupo Boticário’s supply chain through TPRM/TPCRM and M&A processes.
In this role, you will be the technical reference for the secure adoption of AI, LLMs and emerging technologies.
You will work on operational efficiency (RiskOps), using development and automation to modernize processes and align governance with Grupo Boticário’s strategy, enabling and ensuring business continuity for Grupo Boticário companies with appropriate protection, applying security with the right balance.

Knowledge of API security, AppSec concepts (OWASP Top 10, SAST/DAST) and Cloud Security (AWS/GCP/Azure)
Strong understanding of LLM architectures
Proficiency with OWASP Top 10 — LLM Applications
Proficiency with OWASP Top 10 — Web Applications
Proficiency with OWASP Top 10 — API Security
Knowledge of interoperability and context protocols, specifically MCP (Model Context Protocol)
Security frameworks (NIST AI RMF 1.0, NIST CSF 2.0, CIS Controls, and other information security frameworks)
Cloud Security concepts (AWS/GCP/Azure)
Knowledge of LGPD (Brazilian General Data Protection Law)
Intermediate English
Hands-on experience with prompt engineering or development of AI agents
Experience implementing NIST AI RMF
Prior experience with GRC tools (e.g., OneTrust, Archer, ServiceNow)
Prior experience with third-party monitoring tools (e.g., SecurityScorecard, Bitsight, Zanshin)
Behavioral competencies: executive communication skills (ability to translate technical risks into business language); consultative and negotiating profile to manage conflicting stakeholders (e.g., non-technical teams vs. Security); autonomy to make decisions in complex scenarios.

Benefits

Here, your health is a priority
. Medical and dental plan
. Medication assistance
. Health allowance for family members
. Free psychotherapy sessions
. Telemedicine and second medical opinion
. Free flu vaccine
. Health care programs
For your nutrition
. Meal voucher or local restaurant (depending on work model)
. Food allowance
. Christmas food allowance
Ensuring well-being and quality of life in all aspects of life
. Gym and fitness studio membership plan
. Home office allowance (hybrid and remote work models)
. Pet health plan
. Birthday day off
. Up to 40% discount on our products
. Employee membership program (partnerships and discounts: multi-brand store, TotalPass gyms, courses and more!)
. Travel and accommodation program
For the family, our most precious asset
. Childcare assistance
. Child nutrition credit
. Babysitter allowance
. School supplies allowance
. Legal, psychological and social counseling
. Support for non-traditional parents
. Extended parental leave (180 days for mothers and 120 days for fathers)
Mobility for your on-site commute
. Transportation voucher and parking (hybrid and on-site models)
Financial security for protection and peace of mind
. Life insurance
. Support in the event of a parent’s death
. Private pension plan
. Payroll-deductible loans

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

API securityAppSec conceptsOWASP Top 10SASTDASTCloud SecurityLLM architecturesinteroperability protocolssecurity frameworksprompt engineering

Soft Skills

executive communication skillsconsultative profilenegotiating skillsautonomy in decision making