Portuguese company hires for hybrid position
Location: Porto, Portugal
- ️ Only candidates already based in Portugal will be considered
Work Model: Hybrid
️ Language Requirements: English – B2 (Mandatory), French – Basic knowledge
Seniority: Júnior (2+ years)
Sector: Banking
Rate Between €2600 - 2900 RV / €1700 - 2000 CTI
- ️ Instructions: Please send your CV in English and make sure to include all skills and experience that match the requirements of the opportunity. This will significantly increase your chances of success
We are looking for a Cyber Engineer with a passion for Application Security and Vulnerability Management to join an international cybersecurity competency center responsible for protecting large-scale enterprise applications.
This role offers the opportunity to work with modern Application Security (AppSec) practices, helping development teams build secure software while implementing vulnerability management processes across the entire Software Development Lifecycle (SDLC).
If you enjoy combining cybersecurity, automation, secure development, and collaboration with engineering teams, this is an excellent opportunity to grow your career in an international environment.
-
Support the deployment and maintenance of application security solutions.
-
Participate in the implementation and continuous improvement of Secure Software Development Lifecycle (SSDLC/SDLC) processes.
-
Execute and manage application security scans using:
-
SAST (Static Application Security Testing)
-
SCA (Software Composition Analysis)
-
DAST (Dynamic Application Security Testing)
-
Analyze, qualify, and prioritize vulnerabilities identified by multiple security tools.
-
Work closely with software development teams to reduce application security risks.
-
Assist developers in implementing secure coding practices and application security controls.
-
Track remediation activities and ensure vulnerabilities are resolved within compliance deadlines.
-
Produce security metrics, reports, and vulnerability dashboards.
-
Promote Application Security awareness throughout engineering teams.
-
Share security best practices and support secure coding initiatives.
-
Contribute to the continuous improvement of vulnerability management processes through automation.
Mandatory
-
Minimum 2 years of experience in Cybersecurity, Information Security, or IT Risk.
-
Hands-on experience with:
-
SAST
-
SCA
-
DAST
-
Vulnerability Management
-
Knowledge of Secure Software Development Lifecycle (SDLC/SSDLC).
-
Strong understanding of OWASP Top 10 and modern Application Security principles.
-
Experience working with vulnerability remediation processes.
-
Knowledge of software development concepts and application architectures.
-
Understanding of:
-
Java
-
REST APIs
-
Frontend and Backend technologies
-
Python scripting for automation.
-
Experience with security scanning and vulnerability assessment.
-
Excellent analytical and problem-solving skills.
-
Strong communication and teamwork abilities.
Experience with:
-
Fortify
-
Qualys
-
Nexus IQ
-
Kubernetes
-
Bitsight
-
Dependency Scanning
-
Code Analysis platforms
-
Application Security governance
Professional certifications such as:
-
CISSP
-
CISM
-
CISA
-
CRISC
-
CRISK
-
CEH
-
CCSP
-
CCSK
-
ISO 27001
-
ISO 31000
-
EBIOS
The ideal candidate enjoys working at the intersection of cybersecurity and software development. They understand secure coding principles, are comfortable analyzing vulnerabilities, and enjoy partnering with development teams to improve application security throughout the software lifecycle.
They are proactive, analytical, collaborative, and motivated by continuously improving security posture through automation, best practices, and modern AppSec methodologies.
-
Do I have at least 2 years of experience in Cybersecurity or Information Security?
-
Have I worked with SAST, SCA, DAST, or similar vulnerability assessment tools?
-
Do I understand OWASP Top 10 and secure coding principles?
-
Have I collaborated with software development teams on security initiatives?
-
Am I comfortable analyzing and prioritizing application vulnerabilities?
-
Do I have Python scripting experience for automation?
-
Have I worked with tools such as Fortify, Qualys, Nexus IQ, Kubernetes, or similar platforms?
-
Can I communicate effectively in English in an international environment?
-
Do I have basic knowledge of French or am I willing to work in a multilingual team?
-
Am I looking for a long-term opportunity to grow within an international cybersecurity organization?
Application Security, AppSec, Cybersecurity, Vulnerability Management, SAST, DAST, SCA, Secure SDLC, SSDLC, OWASP Top 10, Secure Coding, Python, Fortify, Qualys, Nexus IQ, Kubernetes, Bitsight, Dependency Scanning, Code Analysis, Java, REST API, Information Security, Risk Management, Vulnerability Assessment, Security Controls, Secure Development, DevSecOps, Automation, CISSP, CISM, CISA, CEH, CRISC, CCSP, CCSK, ISO 27001, ISO 31000, Application Security Testing
#CI - PROC26328_1_2
