Activate JobCopilot
This position is posted by Jobgether on behalf of a partner company. We are currently looking for a Vulnerability Management Engineer – Application Security (Mid-Level) in Brazil.
This role sits at the heart of application security, focusing on identifying, analyzing, and remediating vulnerabilities across modern software ecosystems, including web, mobile, and cloud environments. You will play a key part in strengthening the organization’s security posture by ensuring vulnerabilities are properly detected, prioritized, and resolved throughout the software development lifecycle. Working closely with development and security teams, you will validate security findings, reduce false positives, and drive remediation efforts with clear, actionable guidance. The environment is fast-paced and highly collaborative, requiring strong technical judgment and the ability to manage multiple security initiatives simultaneously. You will also contribute to improving secure development practices, integrating security tools into CI/CD pipelines, and enhancing overall risk visibility through reporting and metrics. This position is ideal for a detail-oriented security professional who thrives in dynamic, global environments and enjoys solving complex application security challenges.
Accountabilities:
- Execute and support application security assessments (SAST, DAST, SCA, and manual testing) to identify and validate vulnerabilities across applications.
- Analyze and triage security findings, including false-positive identification and risk-based prioritization using frameworks such as CVSS.
- Track vulnerabilities through remediation cycles, perform retesting, and ensure effective resolution of security issues.
- Collaborate with development and DevOps teams to integrate security scanning tools into CI/CD pipelines and improve automation.
- Develop dashboards and reports to monitor vulnerability metrics, SLAs, MTTR, and overall security posture.
- Support threat modeling, risk assessments, and secure design reviews to prevent insecure architecture patterns.
- Participate in incident response activities for critical vulnerabilities, including zero-day scenarios when required.
- Provide security recommendations, documentation, and guidance to improve application and cloud security controls.
Requirements:
- 5–7 years of experience in application security, vulnerability management, or related cybersecurity roles.
- Strong understanding of OWASP Top 10, secure coding practices, and application security principles.
- Hands-on experience with tools such as Burp Suite, Fortify, Checkmarx, SonarQube, Black Duck, Tenable, and similar security tools.
- Ability to perform manual security testing of web applications and APIs, including authentication and authorization analysis.
- Familiarity with security frameworks such as NIST, MITRE ATT&CK, and CIS benchmarks.
- Proficiency in scripting or programming (e.g., Python, Java, .NET, or similar).
- Experience working with CI/CD environments and DevSecOps practices.
- Strong communication, documentation, and stakeholder collaboration skills.
- Experience with ServiceNow, Azure/Azure DevOps, or vulnerability reporting tools is a plus.
- Security certifications (e.g., Security+, GWAPT, SSCP, OSCP, CISSP in progress) are considered an advantage.
Benefits:
- Competitive compensation aligned with experience and market standards.
- Remote work flexibility for candidates based in LATAM, or onsite opportunity in Valencia, Spain.
- Exposure to global enterprise-scale security environments and modern cloud technologies.
- Opportunity to work on high-impact application security initiatives across international teams.
- Career development support within a large, innovation-driven technology organization.
- Access to continuous learning opportunities and professional certification growth.
- Inclusive and diverse work culture with strong emphasis on equal opportunity.
Your email job alert is now active!
