Senior AppSec Analyst

🕒 May 26

Apply Now

Find Similar Remote Jobs

Receive Emails For Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Upload Resume

Certisign

WebsiteLinkedInAll Job Openings

501 - 1000 employees

Founded 1996

🔒 Cybersecurity

☁️ SaaS

Cybersecurity • SaaS

Certisign is a Brazilian technology company that provides digital identity and trust solutions, including digital certificates (e-CPF, e-CNPJ), SSL/TLS certificates, digital signatures, and biometric identification services. The company offers platforms and services for secure document signing, certificate issuance and renewal, and enterprise solutions to protect online transactions and prevent fraud across sectors such as finance, healthcare and education.

📋 Description

• Define and implement application security policies and practices; • Perform vulnerability assessments and application security testing (SAST, DAST, application pentests); • Support development teams in remediation and prevention of vulnerabilities; • Integrate security tools into DevOps pipelines (DevSecOps); • Monitor and analyze security alerts, vulnerability reports, and application logs; • Ensure compliance with security standards and regulations (ISO, LGPD, PCI, OWASP); • Develop secure coding guidelines and deliver internal training on software security; • Collaborate with product and engineering teams to build secure architectures; • Conduct risk analyses and code reviews to identify critical issues; • Implement monitoring tools and application-related incident response; • Prepare technical and executive reports on system security posture; • Support internal and external audits by providing evidence and recommendations; • Participate in defining security strategies for new platforms and integrations; • Promote continuous improvement of application security processes.

🎯 Requirements

• Bachelor's degree in Information Technology, Systems Analysis, Engineering, or related fields; • Deep knowledge of OWASP Top 10, SAST, DAST, RASP and AppSec concepts; • Experience in analyzing and mitigating code vulnerabilities (DevSecOps); • Familiarity with secure architectures, authentication, authorization, and cryptography; • Proficiency with application security tools (Burp Suite, Fortify, SonarQube, Checkmarx, etc.); • Experience with secure CI/CD, integrating security into pipelines, and test automation; • Understanding of standards and frameworks: ISO 27001, NIST, PCI DSS, LGPD; • Knowledge of secure APIs, tokens, OAuth2, OpenID Connect, and JWT; • Ability to identify, report, and mitigate security risks in cloud environments (AWS, Azure, GCP); • Familiarity with infrastructure as code (Terraform, Ansible) and security practices for containers (Docker, Kubernetes); • Knowledge of microservices security and distributed applications.

🏖️ Benefits

• Meal allowance on Flash card 🍽️ • Grocery allowance on Flash card 🛒 • SulAmérica medical insurance 🏥 • MetLife dental insurance 😁 • TotalPass and Wellhub benefits 💪 • Birthday day off 🎉 • Childcare assistance 👶 • Corporate university - UniSign 📚 • Life insurance 🔒 • Educational partnerships 🎓 • SESC membership benefits 🏖️ • Better Maternity program 🤱 • Extended maternity and paternity leave 👪 • Pharmacy card 💊 • Profit-sharing (PLR) 💼