SecOps Engineer

Summary

Join Trustly's SecOps team and contribute to the security of our global payment platform. You will protect applications, services, data, and cloud infrastructure, identifying and mitigating vulnerabilities. Responsibilities include providing support and guidance to various teams, planning remediation efforts, and assisting with application security testing. You will also research and recommend new security tools and techniques, collaborate on threat detection and incident response, and develop and implement security processes and standards. The role involves performing security audits and penetration tests, managing risk analysis documentation, and developing security metrics and reports. Trustly offers a remote-first culture and a comprehensive benefits package.

Requirements

• Graduation complete or in progress in IT courses or related areas
• Previous experience as an AppSec Engineer or Penetration Tester with Cloud Security capabilities
• Experience in reviewing and implementing internal processes and controls, and managing security projects
• Knowledge in cybersecurity, with focus on cloud security, infrastructure, and monitoring
• Previous experience with Amazon AWS
• Knowledge of the PTES, OSSTM, OWASP, and NIST CSF
• Advanced English

Responsibilities

• Protect the confidentiality, integrity, and availability of applications, services, data, and cloud infrastructure
• Identify, analyze, and mitigate vulnerabilities
• Provide support, guidance, and education to the DevOps Team, application owners, and other areas
• Plan, manage, and execute remediation efforts
• Assist with the development of application security test plans
• Research, evaluate, and recommend new and existing tools and techniques
• Collaborate with threat detection and incident response when responding to security threats
• Provide documentation on vulnerability and risk analysis for security audits
• Develop and implement application security processes, including identifying application security weaknesses, developing security strategies, and performing penetration tests
• Develop and implement security-related standards, policies, and procedures
• Analyze security data to identify and mitigate potential threats
• Perform internal security audits
• Conduct internal penetration tests and vulnerability assessments, as well as develop remediation plans for findings
• Create and manage risk analysis documentation
• Manage the development of security metrics and reports
• Manage the architecture and implementation of information security best practices
• Maintain a security engineering knowledge base

Preferred Qualifications

Offensive security certifications like OSCP, eCPPT or, others will be a plus

Benefits

• Bradesco health and dental plan, for you and your dependents, with no co-payment cost
• Life insurance with differentiated coverage
• Meal voucher and supermarket voucher
• Home Office Allowance
• Wellhub - Platform that gives access to spaces for physical activities and online classes
• Trustly Club - Discount at educational institutions and partner stores
• English Program - Online group classes with a private teacher
• Extended maternity and paternity leave
• Birthday Off
• Flexible hours/Home Office - our culture is remote-first! You can work in every city in Brazil
• Welcome Kit - We work with Apple equipment (Macbook Pro, iPhone) and we send many more treats! Spoiler alert: Equipment can be purchased by you according to internal criteria!
• Annual premium - As a member of our team, you are eligible to receive an annual bonus, at the company's discretion, based on the achievement of our KPIs and individual performance
• Referral Program - If you refer a candidate and we hire the person, you will receive a reward for that!