Senior AppSec / DevSecOps

Vivo (Telefônica Brasil)

Application Security Analyst for Vivo involved in threat modeling, secure design, and AI security integration. Collaborating with development teams to enhance application security practices.

Posted 6/26/2026full-timeSão Paulo • 🇧🇷 BrazilSeniorWebsite

Tech Stack

Tools & technologies

AWSAzureCloudGoogle Cloud PlatformJavaJavaScriptNode.js

About the role

Key responsibilities & impact

Act as the technical reference for Application Security, with a focus on threat modeling and security by design
Lead Threat Modeling sessions (e.g., STRIDE) for new initiatives, architectural changes and integrations, identifying risks early
Define and evolve Secure Design practices, ensuring adherence to frameworks such as OWASP ASVS, SAMM and Top 10
Work closely with development and software architecture teams to incorporate security from the outset (shift-left)
Lead security initiatives related to the use of Artificial Intelligence throughout the development lifecycle
Identify and mitigate risks in applications that use AI (e.g., prompt injection, data leakage, model abuse)
Support the safe use of AI-based tools (e.g., copilots, code generation tools)
Apply best practices based on emerging guidance such as OWASP Top 10 for LLM Applications
Explore the use of AI to scale AppSec activities (e.g., vulnerability triage, automated analysis)
Define security requirements and standards for applications, APIs and services
Ensure security requirements are clear, prioritized and measurable
Contribute to defining controls for API security (authentication, authorization, rate limiting, etc.)
Support contextualized vulnerability management
Prioritize risks considering technical and business impact
Work with teams to define remediation strategies
Contribute to the evolution of the Application Security maturity model
Structure and evolve practices aligned with OWASP SAMM
Create and maintain guidelines, standards and playbooks
Promote a security culture
Strengthen security awareness across the organization
Act as the technical Application Security reference for development teams
Lead enablement initiatives (workshops, trainings and dissemination of best practices)

Requirements

What you’ll need

Experience with application security tools:
SAST (e.g., Fortify, Checkmarx, Veracode, etc.)
SCA (e.g., Snyk, OWASP Dependency-Check)
DAST (e.g., WebInspect)
ASPM platforms
Experience integrating security into CI/CD pipelines (Azure DevOps, GitHub Actions or similar)
Knowledge of vulnerability management and tracking tools (e.g., SSC Fortify, Jira)
Experience with API protection:
API Gateway, WAF, Rate Limiting
Familiarity with AI tools and platforms applied to development (e.g., copilots, code assistants, AI agents)
Strong knowledge of Application Security (AppSec) and DevSecOps
Hands-on experience with:
Threat Modeling (e.g., STRIDE, abuse cases)
Secure Design / Secure Architecture
Deep knowledge of major OWASP frameworks:
OWASP Top 10
OWASP API Security Top 10
OWASP ASVS
OWASP SAMM
API security knowledge:
OAuth2, OpenID Connect, JWT
Authentication, authorization and access control
Development knowledge:
Languages such as JavaScript/Node.js, Java or similar
Secure coding best practices
Knowledge of cloud environments (Azure, AWS or GCP) and distributed architectures
AI security (relevant differential):
Interest in applying AI to scale AppSec (automation, analysis, etc.)
Knowledge or experience with risks in AI-enabled applications:
Prompt Injection
Data Leakage
Model Abuse / Misuse
Familiarity with OWASP Top 10 for LLM Applications
Ability to assess risks and propose controls for solutions that use AI
Bachelor’s degree in Information Technology or related fields
Desired certifications:
CSSLP (Certified Secure Software Lifecycle Professional)
GWAPT / OSCP / OSWE
AZ-500, AWS Security Specialty or similar (cloud security)
DevSecOps or AppSec-related certifications

Benefits

Comp & perks

Choose the benefits that best suit you and your dependents via a digital platform with multiple categories including gym memberships, meal and food allowances (e.g., VR, VA), pharmacy assistance, health insurance, dental care and life insurance
Corporate mobile phone — yes, a brand-new smartphone for you!
Unlimited voice and data plan — truly unlimited — on Vivo’s high-speed 5G network
An exclusive Vivo offer with special discounts on landline, broadband, TV and apps
Eligible to receive an annual bonus or PPR (profit-sharing)
Plan your future with our private pension plan
Have children? You’ll be eligible for a subsidy to help with school, daycare or nanny expenses
Work in an environment that respects your personality, style and individuality — be yourself. #VemdeVocê
Work remotely up to 2 days per week. #Mobility
Flexible working hours
Enjoy a day off to celebrate your birthday (day off)
Participate in one of the largest corporate volunteer programs to help make a difference
Benefit from our Educational Development Program offering partnerships with educational institutions at discounted rates; certifications and online courses
Accelerate your career through our Internal Recruitment Program, in Brazil or abroad — we operate in more than 17 countries! #VivoMinhaCarreira
Access a range of initiatives to improve your physical, emotional and social well-being

ATS Keywords

✓ Tailor your resume

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

Application SecurityThreat ModelingSecure DesignAPI SecurityVulnerability ManagementSecure CodingCloud SecurityAI SecurityDevSecOpsCI/CD Integration

Soft Skills

LeadershipCommunicationCollaborationRisk AssessmentProblem SolvingOrganizational SkillsTrainingAwareness PromotionGuideline CreationCultural Advocacy

Certifications

CSSLPGWAPTOSCPOSWEAZ-500AWS Security SpecialtyDevSecOps CertificationAppSec CertificationBachelor's Degree in Information TechnologyCloud Security Certification