Lead Security Analyst

Lead Cybersecurity Analysts help organizations build and enhance security systems that protect infrastructure and software development. They work in multidisciplinary teams, bridging technical and operational needs with strategic objectives to ensure system resilience and security. These professionals promote technical quality and effective security practices as a means to generate better outcomes for the client. They can balance the need for security with business processes, collaborating to foster a DevSecOps culture.

Job responsibilities

• Work closely with teams to implement security projects, assess existing infrastructure, and drive continuous improvements, balancing security and usability.
• Collaborate with client engineering leadership to establish trust-based partnerships and strategic alignment.
• Work with clients to understand their needs and develop a security roadmap that supports their business objectives.
• Contribute to the development of security practices and infrastructure in collaboration with internal teams and client development teams.
• Implement and manage security controls and processes throughout the software development lifecycle, promoting security automation from the outset.
• Actively participate in monitoring and ensuring that security expectations are consistently met in projects.
• Provide expertise and guidance in the areas of DevSecOps, cloud security, and infrastructure security engineering.
• Lead Threat Modeling sessions with both technical and non-technical teams, ensuring that security is integrated from the design phase.
• Ensure that security and compliance practices are in place, particularly in areas such as identity management, vulnerability management, and API protection.
• Develop security controls in compliance with industry standards and frameworks.

Job qualifications

Technical Skills

• Intermediate Spanish.
• Experience in designing and implementing security solutions in cloud computing environments (GCP required, Azure preferred) and managing perimeter protection tools (WAF, Firewalls, Load Balancers, etc.).
• Knowledge of security automation throughout the development lifecycle with tools such as SAST, DAST, IAST, and SCA.
• Experience in DevOps (Jenkins and GitLab), with the ability to apply DevSecOps practices in complex environments.
• Experience in vulnerability management (Qualys, Prisma, Checkmarx) and in application and API security.
• Comprehensive knowledge of security and compliance policies and standards (SOx, NIST, ISO 27001, PCI DSS, LGPD, GDPR).
• Ability to write scripts in at least one scripting language.
• Knowledge of security controls for application and API vulnerabilities, following OWASP Top 10 and OWASP Top 10 API guidelines.

Professional Skills

• Strong collaborative mindset and ability to adapt to uncertainty, embrace change, and make decisions with limited information to achieve positive results.
• Ability to interact with diverse teams, communicating technical concepts in an accessible manner to non-technical audiences.
• Genuine interest in developing robust, scalable, and secure solutions that help transform clients' business processes.
• Flexibility to work directly with infrastructure technicians, security analysts, developers, and IT leaders to develop security strategies and solutions.

Differentials:

• Certifications such as Google Cloud Security Engineer; Google Cloud Architect; CEH; or CompTIA Security+

Other things to know

Learning & Development

There is no one-size-fits-all career path at Thoughtworks: however you want to develop your career is entirely up to you. But we also balance autonomy with the strength of our cultivation culture. This means your career is supported by interactive tools, numerous development programs and teammates who want to help you grow. We see value in helping each other be our best and that extends to empowering our employees in their career journeys.

About Thoughtworks

Thoughtworks is a global technology consultancy that integrates strategy, design and engineering to drive digital innovation. For 30+ years, our clients have trusted our autonomous teams to build solutions that look past the obvious. Here, computer science grads come together with seasoned technologists, self-taught developers, midlife career changers and more to learn from and challenge each other. Career journeys flourish with the strength of our cultivation culture, which has won numerous awards around the world.

Join Thoughtworks and thrive. Together, our extra curiosity, innovation, passion and dedication overcomes ordinary.

#LI-Remote