Lead Cybersecurity Analysts help organizations build and enhance security systems that protect infrastructure and software development.
They work in multidisciplinary teams, bridging technical and operational needs with strategic objectives to ensure system resilience and security.
These professionals promote technical quality and effective security practices as a means to generate better outcomes for the client.
They can balance the need for security with business processes, collaborating to foster a DevSecOps culture.
Job responsibilities
Work closely with teams to implement security projects, assess existing infrastructure, and drive continuous improvements, balancing security and usability.
Collaborate with client engineering leadership to establish trust-based partnerships and strategic alignment.
Work with clients to understand their needs and develop a security roadmap that supports their business objectives.
Contribute to the development of security practices and infrastructure in collaboration with internal teams and client development teams.
Implement and manage security controls and processes throughout the software development lifecycle, promoting security automation from the outset.
Actively participate in monitoring and ensuring that security expectations are consistently met in projects.
Provide expertise and guidance in the areas of DevSecOps, cloud security, and infrastructure security engineering.
Lead Threat Modeling sessions with both technical and non-technical teams, ensuring that security is integrated from the design phase.
Ensure that security and compliance practices are in place, particularly in areas such as identity management, vulnerability management, and API protection.
Develop security controls in compliance with industry standards and frameworks.
Job qualifications
Technical Skills
Intermediate Spanish.
Experience in designing and implementing security solutions in cloud computing environments (GCP required, Azure preferred) and managing perimeter protection tools (WAF, Firewalls, Load Balancers, etc.).
Knowledge of security automation throughout the development lifecycle with tools such as SAST, DAST, IAST, and SCA.
Experience in DevOps (Jenkins and GitLab), with the ability to apply DevSecOps practices in complex environments.
Experience in vulnerability management (Qualys, Prisma, Checkmarx) and in application and API security.
Comprehensive knowledge of security and compliance policies and standards (SOx, NIST, ISO 27001, PCI DSS, LGPD, GDPR).
Ability to write scripts in at least one scripting language.
Knowledge of security controls for application and API vulnerabilities, following OWASP Top 10 and OWASP Top 10 API guidelines.
Professional Skills
Strong collaborative mindset and ability to adapt to uncertainty, embrace change, and make decisions with limited information to achieve positive results.
Ability to interact with diverse teams, communicating technical concepts in an accessible manner to non-technical audiences.
Genuine interest in developing robust, scalable, and secure solutions that help transform clients' business processes.
Flexibility to work directly with infrastructure technicians, security analysts, developers, and IT leaders to develop security strategies and solutions.
Differentials:
Certifications such as Google Cloud Security Engineer; Google Cloud Architect; CEH; or CompTIA Security+
#J-18808-Ljbffr