At VFG Group, we bring together a diverse and specialized team to deliver tailor-made IT solutions for each of our clients.

By incorporating multiple business verticals within the group, we can adapt to any need—offering everything from comprehensive solutions to specific products. Our services include Software Development, Support, Infrastructure, Outsourcing, Consulting, DevOps, and Artificial Intelligence solutions.

Under our mission, "You think it, we make it," we partner with our clients and remain in constant learning, transformation, and growth with every new challenge we take on!

Who are we looking for?

We are searching for a flexible, adaptable, and passionate individual eager to learn and grow, to join us as an Application Security within our UrudevOps vertical, primarily focused on Cloud Services & DevOps.

As an Application Security, you will lead and manage a small, but driven, application security team, providing guidance, support, and technical expertise in areas such as Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), bug bounty program management, API security, bot management, customer identity security, and application security incident response.

Responsibilities

• Oversee and drive secure SDLC initiatives.
• Collaborate with cross-functional teams, including DevOps, development, and product, to ensure security measures are built into all architectures.
• Develop and implement API security strategies.
• Coordinate and participate in application security incident response.
• Evolve and manage the bug bounty and application vulnerability management program.
• Track and report on application security metrics.

Requirements

• +2 years of experience in application security management, with a track record of leading small teams and driving AppSec initiatives.
• Hands-on experience in software development or DevOps
• Familiarity with Java, JavaScript, and cloud-native environments
• Experience with DevOps tooling and infrastructure as code
• In-depth knowledge of SAST, DAST, SCA, and other application security testing techniques.
• Proven experience managing API security, including hands-on implementation of security controls across REST and GraphQL architectures.
• Familiarity with modern application development practices such as microservices and cloud-native architectures
• Strong written and verbal communication skills in English are essential
• Familiarity with DevSecOps practices and integrating security into CI/CD pipelines.
• Knowledge of modern authentication and authorization frameworks (OAuth2, OIDC)
• Familiarity with containers and container security.
• Experience with modern security tools like SIEM, WAF, bot defense, etc.

Benefits

⏰ Flexible working hours

🏠 Hybrid work model – choose to work from the office or anywhere you want!

📖 Training and professional development support to help you grow in your role.

🏋 TuPase gym membership – access hundreds of gyms across the country!

🥗 Affordable meal options when you’re at the office.

🍎 Snacks, fruit, coffee, and yerba always available!

🎁 Gifts for your birthday and work anniversaries.

🎉 After-office events and team-building parties to have fun together!

🖖 Exclusive discounts and special deals for employees.

If you’re excited to join our team, apply now! We’d love to chat with you and get to know you better!