Application Security Analyst
At IRIUM we want you to always chase your dreams. Here, prepare yourself to conquer your goals, while enjoying the journey.
We are currently looking for: Application Security Analyst
Requirements:
We are looking for an Application Security Engineer with a strong technical focus, responsible for executing and supporting Application Security and Secure SDLC activities in close collaboration with Development, DevOps, and Security teams.
This is primarily a hands-on operational role, focused on vulnerability analysis, secure code reviews, threat modeling, and security control validation, as well as supporting the implementation of secure development practices within cloud-native and highly regulated financial services environments.
The role does not involve delivery coordination or people management responsibilities. Instead, it is centered on technical execution, analysis, validation, and the management of vulnerabilities throughout their lifecycle, including the integration of security controls into CI/CD pipelines and support for audits and regulatory requirements.
Required Experience & Skills
- Professional experience in Application Security, DevSecOps, or Cybersecurity.
- Strong knowledge of application security vulnerabilities, including:
- OWASP Top 10
- OWASP API Security Top 10
- Secure SDLC principles and practices
- Experience in the identification, analysis, tracking, and remediation of vulnerabilities and security findings.
- Hands-on experience with security testing tools and methodologies, including:
- SAST (Static Application Security Testing)
- DAST (Dynamic Application Security Testing)
- SCA (Software Composition Analysis)
- Pentest result analysis and remediation follow-up
- Knowledge of cloud security concepts and controls in AWS and/or Azure environments.
- Understanding of modern application architectures, including APIs and microservices.
- Experience using issue and vulnerability tracking tools such as JIRA.
- Strong communication skills and the ability to work effectively with technical teams.
- High attention to detail, autonomy, and the ability to operate in dynamic and regulated environments.
Nice to Have
- Experience with Threat Modeling methodologies.
- Advanced Secure Code Review expertise.
- Knowledge of OWASP ASVS (Application Security Verification Standard).
- Experience with Security Testing Automation.
- Previous experience within the financial sector or other highly regulated industries.
Soft Skills
- Strong analytical and critical-thinking mindset.
- Proactive and solution-oriented attitude.
- Collaborative team player.
- Strong organizational skills and ability to manage priorities effectively.
- Ability to work independently while maintaining a high level of quality and accountability.
Location: Porto - Hybrid 2x
Range Salarial
Note: Includes all components: Fixed, Variable, Meal Allowance, Remote Work, and Benefits.
What do we offer?
➡ An innovative and growing company, with a lot of opportunities for professional development.
➡ Retribution according to your experience and performance. Access to flexible pay and medical insurance as a social benefit.
➡ Unlimited access to technological training in free mode.
IRIUM is a company with dynamic and proactive professionals. Our values are responsibility and commitment to work quality. This is the spirit we are looking for at IRIUM, whatever your age is. If you recognize yourself in this, this is your company!
We can build the future together. Let’s talk!
Send your CV to: [email protected]
At IRIUM we defend a world without stereotypes or limitations and we believe in equality for all, principles that we subscribe to in our Equality Plan and Code of Ethics, guaranteeing equal treatment and opportunities regardless of any personal, physical or social condition.