Senior DevSecOps Engineer

Syffer is an all-inclusive consulting company focused on talent, tech and innovation. We exist to elevate companies and humans all around the world, making change, from the inside to the outside.

We believe that technology + human kindness positively impacts every community around the world. Our approach is simple, we see a world without borders, and believe in equal opportunities. We are guided by our core principles of spreading positivity, good energy and promote equality and care for others.

Our hiring process is unique! People are selected by their value, education, talent and personality. We dont present ethnicity, religion, national origin, age, gender, sexual orientation or identity.

Its time to burst the bubble, and we will do it together!

What You'll do:

- Define and implement secure DevSecOps architectures and CI/CD security controls (SAST, SCA, secrets, containers, SBOM, quality gates);

- Integrate and manage security tools (GitHub Advanced Security, SonarQube, JFrog) within development workflows;

- Establish secure artifact management and controlled promotion across environments;

- Manage vulnerabilities end-to-end: analysis, prioritization, remediation support, and reporting;

- Configure GitHub security features and enforce repository and PR governance standards;

- Maintain code quality and security policies using SonarQube;

- Secure artifact repositories and dependencies using JFrog Artifactory and Xray;

- Define branching strategies and enforce secure release and deployment controls;

- Ensure traceability, auditability, and proper governance across the delivery lifecycle;

- Support and enable development teams through guidance, training, and practical secure implementations;

- Hybrid work model; 

Who You Are:

- Proven experience in DevSecOps, application security, or DevOps engineering;

- Strong hands-on experience with CI/CD pipelines and secure delivery practices;

- Experience with: GitHub Enterprise & GitHub Advanced Security, SonarQube configuration and governance, JFrog Artifactory and Xray;

- Strong understanding of vulnerability management and secure artifact lifecycle;

- Experience working directly with development teams in remediation efforts;

- Knowledge of Git workflows, release management, and deployment governance;

- Experience in regulated or large enterprise environments;

- Fluent in Portuguese and English; 

Technical Skills

- Security & DevSecOps Tools: GitHub Advanced Security, SonarQube, JFrog Artifactory & Xray;

- CI/CD & Engineering: GitHub Actions, Azure DevOps, Jenkins, GitLab CI, pipeline-as-code, automated security gates;

- Application Security: SAST, SCA, secrets management, OWASP Top 10, vulnerability triage and remediation;

- Cloud & Containers: Docker/OCI, Kubernetes/OpenShift, container registry and image governance;

- Engineering Practices: GitFlow, branching strategies, pull request governance, artifact immutability and traceability;



What you'll get:

- Wage according to candidate's professional experience;

- Remote Work whenever possible;

- Delivery of work equipment adjusted to the performance of functions;

- Benefits plan;

- And others.

Work together with expert teams on projects of large magnitude and intensity, long term together with our clients, all leaders in their industries.

Are you ready to step into a diverse and inclusive world with us?

Together we will promote uniquess!