Implementation of the CTEM Program: Lead the continuous threat exposure cycle, focusing on full visibility of the attack surface and prioritization based on real risk. This includes managing Bug Bounty programs, Vulnerability Management, and AppSec findings.
Synergy with AppSec / Cyber Security / Business Units: Work in close collaboration with Application Security (AppSec) professionals to ensure that infrastructure, cloud, and code vulnerabilities are handled holistically within the Secure Development Lifecycle (SDLC).
Articulation and Teamwork: This is a shared responsibility, requiring high-level teamwork skills and fine-tuning with multiple stakeholders (Product Managers, Tech Leads, and DevOps) to balance security with agility.
Assessment and Planning: Critically evaluate findings, present risks clearly to non-technical areas, and plan remediation schedules with Engineering teams. Act as a technical reference for complex decisions, such as critical vulnerabilities and zero-days, risk exceptions, formal acceptance, and trade-offs between speed, cost, and security.
Remediation Orchestration: Define mitigation strategies that do not just fix the immediate problem, but instead elevate the systemic resilience of the platform.
Behavioral and Technical Profile:
Extreme Collaboration: Ability to share responsibilities and build joint solutions with AppSec, Engineering, and Business teams, avoiding silos and ensuring a 360o view of risk.
Strategic Communication: Ability to navigate between deep technical discussions with engineers and executive presentations for strategic, tactical, and operational stakeholders.
Important
Our hiring process starts with the application! If you truly want to be part of our team, please complete this step of the process. We analyze all candidates individually and provide feedback to all applicants.
All communication will be conducted via email, so please stay tuned for our messages and release the domain @quintoandar.com.br to ensure our emails are not sent to spam.