Lead Security Analyst

ecurity roadmap that supports their business objectives.

• Contribute to the development of security practices and infrastructure in collaboration with internal teams and client development teams.

• Implement and manage security controls and processes throughout the software development lifecycle, promoting security automation from the outset.

• Actively participate in monitoring and ensuring that security expectations are consistently met in projects.

• Provide expertise and guidance in the areas of DevSecOps, cloud security, and infrastructure security engineering.

• Lead Threat Modeling sessions with both technical and non-technical teams, ensuring that security is integrated from the design phase.

• Ensure that security and compliance practices are in place, particularly in areas such as identity management, vulnerability management, and API protection.

• Develop security controls in compliance with industry standards and frameworks.

Job qualifications

Technical Skills

• Intermediate Spanish.

• Experience in designing and implementing security solutions in cloud computing environments (GCP required, Azure preferred) and managing perimeter protection tools (WAF, Firewalls, Load Balancers, etc.).

• Knowledge of security automation throughout the development lifecycle with tools such as SAST, DAST, IAST, and SCA.

• Experience in DevOps (Jenkins and GitLab), with the ability to apply DevSecOps practices in complex environments.

• Experience in vulnerability management (Qualys, Prisma, Checkmarx) and in application and API security.

• Comprehensive knowledge of security and compliance policies and standards (SOx, NIST, ISO 27001, PCI DSS, LGPD, GDPR).

• Ability to write scripts in at least one scripting language.

• Knowledge of security controls for application and API vulnerabilities, following OWASP Top 10 and OWASP Top 10 API guidelines.

Professional Skills

• Strong collaborative mindset and ability to adapt to uncertainty, embrace change, and make decisions with limited information to achieve positive results.

• Ability to interact with diverse teams, communicating technical concepts in an accessible manner to non-technical audiences.

• Genuine interest in developing robust, scalable, and secure solutions that help transform clients' business processes.

• Flexibility to work directly with infrastructure technicians, security analysts, developers, and IT leaders to develop security strategies and solutions.

Differentials:

• Certifications such as Google Cloud Security Engineer; Google Cloud Architect; CEH; or CompTIA Security+

Other things to know

Learning & Development

There is no one-size-fits-all career path at Thoughtworks: however you want to develop your career is entirely up to you. But we also balance autonomy with the strength of our cultivation culture. This means your career is supported by interactive tools, numerous development programs and teammates who want to help you grow. We see value in helping each other be our best and that extends to empowering our employees in their career journeys.

Job Details

Country: Brasil
City: Brasil
Date Posted: 11-18-2024
Industry: Information Technology
Employment Type: Regular

About Thoughtworks

Thoughtworks is a global technology consultancy that integrates strategy, design and engineering to drive digital innovation. For 30+ years, our clients have trusted our autonomous teams to build solutions that look past the obvious. Here, computer science grads come together with seasoned technologists, self-taught developers, midlife career changers and more to learn from and challenge each other. Career journeys flourish with the strength of our cultivation culture, which has won numerous awards around the world.

Join Thoughtworks and thrive. Together, our extra curiosity, innovation, passion and dedication overcomes ordinary.

#LI-Remote