You will contribute to advancing the security of TOTVS products by performing technical validation of vulnerabilities, conducting security research, and analyzing exposures.
Triage, track, and technically validate vulnerability reports from Bug Bounty programs, Vulnerability Disclosure Programs (VDP), and other sources.
Assist in reproducing, analyzing, prioritizing, and preliminarily assessing the impact of vulnerabilities in web applications, APIs, and product components.
Conduct security research to identify public exposures, known vulnerabilities, CVEs, and risks related to the product ecosystem.
Support monitoring and the development of applied threat intelligence capabilities for product security, identifying trends and emerging risks.
Engage in technical collaboration with internal teams and security forums, supporting documentation and tracking of remediation plans.

Bachelor's degree completed or in progress in Information Technology, Information Security, Software Engineering, Computer Science, or related fields.
Knowledge of technical validation and analysis of vulnerabilities in web applications, APIs, and product-related components.
Hands-on experience in offensive security testing, reproducing vulnerabilities, and performing security assessments of applications.
Familiarity with the OWASP Top 10 for Web Applications and APIs.
Familiarity with security testing and validation tools such as Burp Suite, DAST, SAST, SCA, and other vulnerability analysis tools.

Holistic Well-being: We take care of those who drive our progress. We promote the holistic well-being of each employee through programs and benefits that enable self-care across five pillars: Emotional, Financial, Physical, Occupational, and Social.
Diversity and Belonging: Diversity is our strength. We actively promote inclusion and a sense of belonging, ensuring TOTVS is a place where you can be yourself.

Mid-level Cybersecurity Engineer

Key skills