Pessoa Engenheira de Segurança Cibernética Pleno in Brazil, Indiana at Jobgether

This position is listed on behalf of a partner company, who manages all applications and next steps. Our partner is looking for a Pessoa Engenheira de Segurança Cibernética Pleno based in Brazil.

This role sits at the core of product security, ensuring that applications, APIs, and digital services are continuously assessed, protected, and improved against evolving cyber threats. You will be responsible for identifying, validating, and prioritizing vulnerabilities coming from multiple sources such as Bug Bounty programs, VDPs, and internal security analyses. The position combines hands-on technical work with security research, requiring a proactive mindset to detect exposures and assess real-world impact. You will collaborate closely with development and security teams to support remediation efforts and strengthen secure-by-design practices. The environment is dynamic, innovation-driven, and focused on continuous improvement of security capabilities across a large and complex product ecosystem. This is an opportunity to directly influence the resilience and trustworthiness of widely used digital solutions.

• Perform triage, technical validation, and tracking of vulnerability reports from Bug Bounty programs, Vulnerability Disclosure Programs (VDP), and other internal/external sources.
• Reproduce and analyze vulnerabilities in web applications, APIs, and product components, supporting impact assessment and prioritization.
• Conduct security research to identify public exposures, known CVEs, misconfigurations, and risks across the product ecosystem.
• Contribute to the development of security intelligence capabilities by identifying emerging threats, trends, and attack patterns.
• Collaborate with internal engineering and security teams, supporting documentation, communication, and tracking of remediation actions.

• Bachelor’s degree (completed or in progress) in Information Technology, Information Security, Software Engineering, Computer Science, or related fields.
• Hands-on experience in vulnerability validation, security testing, and offensive security techniques in web applications and APIs.
• Solid knowledge of OWASP Top 10 for Web Applications and APIs.
• Familiarity with security testing tools such as Burp Suite, DAST, SAST, SCA, and similar vulnerability assessment solutions.
• Experience reproducing and analyzing vulnerabilities in real-world environments.
• Strong analytical thinking, curiosity, and ability to translate technical findings into actionable insights.

Differentials:

• Experience with Bug Bounty programs and Vulnerability Disclosure Programs (VDP).
• Exposure to OSINT, CVE analysis, threat intelligence, and external security monitoring.
• Knowledge of Secure SDLC, Security by Design, and secure development practices.
• Understanding of application architecture, threat modeling, and risk assessment.
• Certifications such as CEH, CompTIA PenTest+, eWPT, or Burp Suite Certified Practitioner.

• Competitive compensation aligned with market standards.
• Health and dental care coverage.
• Flexible work arrangements (remote or hybrid, depending on policy).
• Wellness initiatives covering emotional, physical, financial, occupational, and social well-being.
• Learning and development opportunities to support continuous career growth.
• Inclusive and diverse environment that encourages belonging and professional autonomy.