Lead Security Analyst

Summary

Join Thoughtworks and thrive. Together, our extra curiosity, innovation, passion and dedication overcomes ordinary.

Requirements

• Intermediate Spanish
• Experience in designing and implementing security solutions in cloud computing environments (GCP required, Azure preferred) and managing perimeter protection tools (WAF, Firewalls, Load Balancers, etc.)
• Knowledge of security automation throughout the development lifecycle with tools such as SAST, DAST, IAST, and SCA
• Experience in DevOps (Jenkins and GitLab), with the ability to apply DevSecOps practices in complex environments
• Experience in vulnerability management (Qualys, Prisma, Checkmarx) and in application and API security
• Comprehensive knowledge of security and compliance policies and standards (SOx, NIST, ISO 27001, PCI DSS, LGPD, GDPR)
• Ability to write scripts in at least one scripting language
• Knowledge of security controls for application and API vulnerabilities, following OWASP Top 10 and OWASP Top 10 API guidelines

Responsibilities

• Work closely with teams to implement security projects, assess existing infrastructure, and drive continuous improvements, balancing security and usability
• Collaborate with client engineering leadership to establish trust-based partnerships and strategic alignment
• Work with clients to understand their needs and develop a security roadmap that supports their business objectives
• Contribute to the development of security practices and infrastructure in collaboration with internal teams and client development teams
• Implement and manage security controls and processes throughout the software development lifecycle, promoting security automation from the outset
• Actively participate in monitoring and ensuring that security expectations are consistently met in projects
• Provide expertise and guidance in the areas of DevSecOps, cloud security, and infrastructure security engineering
• Lead Threat Modeling sessions with both technical and non-technical teams, ensuring that security is integrated from the design phase
• Ensure that security and compliance practices are in place, particularly in areas such as identity management, vulnerability management, and API protection
• Develop security controls in compliance with industry standards and frameworks

Preferred Qualifications

Certifications such as Google Cloud Security Engineer; Google Cloud Architect; CEH; or CompTIA Security+