Cyber Security Expert

Alter Solutions Portugal is an IT Consultancy Company, promoter of Digital Transformation, part of the Alter Solutions Group, created in 2006, in Paris.

In 2022, Alter Solutions joined the act digital group, constituting a global community of talent in Technology, with presence in thirteen countries: Germany, Belgium, Brazil, Canada, United States of America, Mexico, Morocco, Spain, France, Luxembourg, Poland, Portugal and Serbia. Also in 2023, we were certified as a Great Place to Work©.

In Portugal, we partner with over 120 clients and a team of over 500 people, working in projects for industries as diverse as banking, insurance, transportation, aviation, energy, and telecom.

Headquarters of the Nearshore IT center, Alter Solutions Portugal has a dedicated team of around 30 specialized professionals, integrated into projects with several internationally renowned clients.

We are seeking a highly skilled and motivated Application Security Specialist and Cyber Security Incident Management to join our team. The role focuses on ensuring robust application security, IT security compliance, cybersecurity measures, and production security. The ideal candidate will possess a strong understanding of security standards, regulatory requirements, and risk management processes to safeguard both project and production assets.

• Implement and ensure the effectiveness of Secure Software Development Life Cycle (Secure SDL) practices, including DevSecOps and Threat Modeling.
• Identify and apply the latest security standards for both internet-facing and internal assets.
• Enhance application-level Vulnerability Management processes, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA).
• Conduct Security Risk Assessments and reviews to be presented to relevant committees.
• Maintain an adequate security level for all WM GAIM applications, regardless of the project manager’s location or hosting provider.

• Align with Group and WM GAIM security policies for both project and production environments.
• Ensure adequate protection of WM business data by securing WM assets based on project assessments and production reviews.
• Ensure compliance with regulatory requirements from APAC (HKMA, MAS, FSC), EU (DORA), and Switzerland (FINMA).
• Leverage knowledge of security standards such as NIST, CIS, and ISO2700x to meet IT security requirements.
• Address compliance issues related to Third-party Technology risks and Cloud security.
• Identify process gaps and propose effective solutions.

• Coordinate with IT security teams regionally and globally for unified security efforts.
• Assist in Risk Treatment for WM issues, ensuring adherence to established processes.
• Identify, record, and track IT security risks proactively.
• Contribute to the definition and enhancement of cybersecurity processes.
• Periodically report security status to WM IT Domain Head and security champions.
• Handle cyber alerts and incidents by investigating and following up until resolution.
• Ensure assets and applications are onboarded to SIEM, managing BAU activities, and maintaining relevant documentation.

• Oversee and ensure the success of the Vulnerability Management process in production environments.
• Maintain and report the compliance level of the production environment.

• Strong expertise in Application Security, including Secure SDL and vulnerability management practices (SAST, DAST, and SCA).
• In-depth understanding of IT Security Compliance, aligning with standards such as NIST, CIS, ISO2700x, and regulatory requirements (HKMA, MAS, FSC, DORA, FINMA).
• Proven experience in Cybersecurity Incident Management, including handling alerts and coordinating resolutions.
• Advanced knowledge of Vulnerability Management processes and tools to ensure secure production environments.

• English: Expert level.
• French: Basic knowledge (notions).