Application Security Engineer at Kenvue

Hybrid - Latin America, Brazil, Sao Paulo, Sao Paulo

Apply
More jobs at Kenvue

Kenvue is recruiting an Application Security Engineer in São Paulo, Brazil, with a hybrid work arrangement. The role focuses on safeguarding digital assets, conducting security reviews, securing cloud‑native services, performing penetration testing, collaborating with development teams, and developing security standards. It involves staying current on security trends, participating in incident response, automating vulnerability scanning, and ensuring secure coding practices across the organization.

Requirements

Education

  • Bachelor’s degree in computer science, Information Security, or related field

Experience

  • 5+ years of cyber security experience
  • 5+ years’ experience in software development/engineering

Skills

  • Secure coding practices
  • Application security assessments
  • Vulnerability testing
  • Secure code reviews
  • OWASP Top 10 knowledge
  • Penetration testing
  • Cloud-native security
  • Container orchestration
  • Kubernetes
  • Docker
  • SAST
  • DAST
  • CWPP
  • CSPM
  • SSPM
  • CASB
  • Automation
  • Scripting
  • Python
  • Java
  • Ruby
  • Source code management
  • Bitbucket
  • GitHub
  • Jira
  • Confluence
  • Atlassian tools

Languages

  • English

Certifications

  • CISSP
  • CEH
  • CompTIA Security+
  • Azure Security Engineer
  • AWS Certified – Security Specialty

Responsibilities

  • Conduct comprehensive architecture security reviews of applications to identify vulnerabilities and weaknesses
  • Secure cloud-native services, including container orchestration platforms like Kubernetes
  • Maintain and operate various security tools SAST, DAST, CWPP, CSPM, SSPM, CASB
  • Perform penetration testing, code reviews, and vulnerability scanning to ensure the security of web and mobile applications
  • Collaborate with development teams to provide guidance on secure coding practices and assist in the remediation of identified security issues, or misconfigurations
  • Develop and maintain security standards, policies, procedures, work instructions and requirements related to application security
  • Stay current with the latest security trends, threats, and vulnerabilities affecting application security
  • Participate in incident response and security incident investigations related to application security
  • Work closely with cross-functional teams to integrate security into the technology development lifecycle
  • Automate vulnerability scanning, and compliance checks into development workflows
  • Proficiency in cloud ecosystems such as AWS, GCP or Azure
  • Knowledge of DNS and IP management
  • Develop, maintain and run security automation scripts using languages such as python or other software and scripting languages
  • Knowledge of source code systems such as Bitbucket or GitHub

Technologies

SASTDASTCWPPCSPMSSPMCASBKubernetesAWSGCPAzureDNSIP managementPythonJavaRubyBitbucketGitHubBurp SuiteNessusOWASP ZAPSnykDockerJiraConfluenceAtlassian

See if your resume is ready for this job

See how our AI can optimize your resume and improve your chances for this role.