SecOps Engineer (AppSec)

WHO WE ARE At Trustly, we're building a smarter, faster, and more secure financial future by revolutionizing the world of payments. As a global leader in Open Banking Payments, we are establishing Pay by Bank as the new standard at checkout, providing unparalleled freedom, speed, and ease to millions of consumers and merchants worldwide. Our Ambition: To build the world’s most disruptive payment network and redefine what the payment experience should feel like. Trustly is a global team of innovators, collaborators, and doers.  If you are driven by a strong sense of purpose and thrive in a dynamic, entrepreneurial, and high-growth environment, join us and be part of a team that’s transforming the way the world pays. About the team The SecOps team is responsible for design and implementation of security tools and processes targeting the tools and the platform, such as incident management, root cause analysis, application security, endpoint security, Cloud Security Governance,Kubernetes Security and Deployments.    What you will do:

Protect the confidentiality, integrity, and availability of applications, services, data, and cloud infrastructure.

Identify, analyze, and mitigate vulnerabilities.

Provide support, guidance, and education to the DevOps Team, application owners, and other areas.

Plan, manage, and execute remediation efforts.

Assist with the development of application security test plans.

Research, evaluate, and recommend new and existing tools and techniques.

Collaborate with threat detection and incident response when responding to security threats.

Provide documentation on vulnerability and risk analysis for security audits.

Develop and implement application security processes, including identifying application security weaknesses, developing security strategies, and performing penetration tests

Develop and implement security-related standards, policies, and procedures

Analyze security data to identify and mitigate potential threats

Perform internal security audits

Conduct internal penetration tests and vulnerability assessments, as well as develop remediation plans for findings

Create and manage risk analysis documentation

Manage the development of security metrics and reports

Manage the architecture and implementation of information security best practices

Maintain a security engineering knowledge base

Who you are:

Graduation complete or in progress in IT courses or related areas.

Previous experience as an AppSec Engineer or Penetration Tester with Cloud Security capabilities.

Strong GitHub knowledge (desirable GitHub Advanced Security previously experience)

Strong script languages knowledge (aka Python and Shell Scrip)

Experience in reviewing and implementing internal processes and controls, and managing security projects. 

Knowledge in cybersecurity, with focus on cloud security, infrastructure, and monitoring;

Previous experience with Amazon AWS; 

Knowledge of the PTES, OSSTM, OWASP, and NIST CSF.

Desirable Java and/or Node.js knowledge

Offensive security certifications like OSCP, eCPPT or, others will be a plus.

Advanced English.

Our perks and benefits:

Bradesco health and dental plan, for you and your dependents, with no co-payment cost;

Life insurance with differentiated coverage;

Meal voucher and supermarket voucher;

Home Office Allowance;

Wellhub - Platform that gives access to spaces for physical activities and online classes;

Trustly Club - Discount at educational institutions and partner stores;

English Program - Online group classes with a private teacher;

Extended maternity and paternity leave;

Birthday Off;

Flexible hours/Home Office - our culture is remote-first! You can work in every city in Brazil;

Welcome Kit - We work with Apple equipment (Macbook Pro, iPhone) and we send many more treats! Spoiler alert: Equipment can be purchased by you according to internal criteria!;

Annual premium - As a member of our team, you are eligible to receive an annual bonus, at the company's discretion, based on the achievement of our KPIs and individual performance;

Referral Program - If you refer a candidate and we hire the person, you will receive a reward for that!