Nearshore Sector |Application Security (AppSec) Analyst

Devoteam Portugal

1d•Remote

About The Position

At Devoteam, we believe that technology with strong human values can actively drive change for the better. Discover how Tech for People unlocks the future, creating a positive impact on the people and the world around us. We are a global leading player in Digital Transformation for leading organisations across EMEA, with a revenue of €1B. We believe in transforming technology to create value for our clients, partners and employees in a world where technology is developed for people. We are proud of the culture we have built together. We are proud of our people at the service of technology. We are proud of our diverse environment. Because we are #TechforPeople. Join our multidisciplinary team of Cloud experts, Designers, Business consultants, Security experts, Engineers, Developers and other extraordinary talents, spread across more than 20 EMEA countries. Become one of our +10.000 tech and business leaders on cloud, data and cyber security. Let’s fuse creativity with technology together and build innovative solutions that actively change things for the better. We are looking for an Application Security (AppSec) Analyst to join our team, focusing on identifying and managing application vulnerabilities throughout the Software Development Life Cycle (SDLC). This role is critical for ensuring the security of our software ecosystem, bridging the gap between security protocols and development agility. You will be responsible for operating security scanning tools and collaborating closely with development teams to implement robust remediation plans.

Requirements

Proven experience in Application Security, specifically in vulnerability detection and management within the SDLC.
Strong hands-on knowledge of programming languages including JavaScript, .NET (C#), Python, and Java.
Proficiency with SAST/SCA platforms (experience with Checkmarx or Veracode is highly valued).
In-depth understanding of the OWASP Top 10 and secure coding practices.
Familiarity with CI/CD pipelines, Git workflows, and cloud-native security concepts.
Fluency in English (B2 level minimum) to collaborate effectively in an international nearshore environment.

Responsibilities

Operate and manage security scanning tools, including SAST, SCA, IaC, and Container Scanning (specifically Veracode, GHAS, and Hackuity).
Qualify and prioritize vulnerabilities identified in code, providing actionable insights and accompanying remediation efforts with development squads.
Deeply integrate security measures into CI/CD pipelines using tools like Git, Azure DevOps, and GitHub.
Foster a culture of secure coding by leading developer communities, producing awareness content, and conducting onboarding for new projects within the AppSec program.
Maintain autonomy in coordinating the adoption of security measures across target projects, ensuring compliance with the OWASP Top 10.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume