Kenvue is recruiting an Application Security Engineer in São Paulo, Brazil, with a hybrid work arrangement. The role focuses on safeguarding digital assets, conducting security reviews, securing cloud‑native services, performing penetration testing, collaborating with development teams, and developing security standards. It involves staying current on security trends, participating in incident response, automating vulnerability scanning, and ensuring secure coding practices across the organization.
Application Security Engineer at Kenvue
Hybrid - Latin America, Brazil, Sao Paulo, Sao Paulo
More jobs at KenvueRequirements
Education
- Bachelor’s degree in computer science, Information Security, or related field
Experience
- 5+ years of cyber security experience
- 5+ years’ experience in software development/engineering
Skills
- Secure coding practices
- Application security assessments
- Vulnerability testing
- Secure code reviews
- OWASP Top 10 knowledge
- Penetration testing
- Cloud-native security
- Container orchestration
- Kubernetes
- Docker
- SAST
- DAST
- CWPP
- CSPM
- SSPM
- CASB
- Automation
- Scripting
- Python
- Java
- Ruby
- Source code management
- Bitbucket
- GitHub
- Jira
- Confluence
- Atlassian tools
Languages
- English
Certifications
- CISSP
- CEH
- CompTIA Security+
- Azure Security Engineer
- AWS Certified – Security Specialty
Responsibilities
- Conduct comprehensive architecture security reviews of applications to identify vulnerabilities and weaknesses
- Secure cloud-native services, including container orchestration platforms like Kubernetes
- Maintain and operate various security tools SAST, DAST, CWPP, CSPM, SSPM, CASB
- Perform penetration testing, code reviews, and vulnerability scanning to ensure the security of web and mobile applications
- Collaborate with development teams to provide guidance on secure coding practices and assist in the remediation of identified security issues, or misconfigurations
- Develop and maintain security standards, policies, procedures, work instructions and requirements related to application security
- Stay current with the latest security trends, threats, and vulnerabilities affecting application security
- Participate in incident response and security incident investigations related to application security
- Work closely with cross-functional teams to integrate security into the technology development lifecycle
- Automate vulnerability scanning, and compliance checks into development workflows
- Proficiency in cloud ecosystems such as AWS, GCP or Azure
- Knowledge of DNS and IP management
- Develop, maintain and run security automation scripts using languages such as python or other software and scripting languages
- Knowledge of source code systems such as Bitbucket or GitHub
Technologies
SASTDASTCWPPCSPMSSPMCASBKubernetesAWSGCPAzureDNSIP managementPythonJavaRubyBitbucketGitHubBurp SuiteNessusOWASP ZAPSnykDockerJiraConfluenceAtlassian
See if your resume is ready for this job
See how our AI can optimize your resume and improve your chances for this role.