Software Security Analyst


Curitiba, PR, BR

Company:  ExxonMobil

About Us

ExxonMobil, one of the world’s largest publicly traded energy providers, develops and applies next-generation technologies to help safely and responsibly meet the world’s growing needs for energy, while improving living standards around the globe. An industry leader, we operate facilities or market products in most of the world’s countries and explore for oil and natural gas on every continent.
ExxonMobil has been present in Brazil for more than 100 years. We are one of the largest exploration acreage holders among international companies, a highly respected manufacturer and marketer of petrochemical products, and we operate a Global Business Center that provides support to an extensive portfolio of businesses in more than 70 countries. With over 1800 employees, we are located in Rio de Janeiro, Curitiba and São Paulo.

We are a hip crew of technologically savvy individuals, and we make a great team. One that focuses on collaboration, encourages creativity, and embraces change. We are continuously advancing across multiple platforms, driving strategy and innovation through global digitization and technology enablement, in order to keep ExxonMobil at the top and to make you proud and excited to come to work every day. 
ExxonMobil is committed to promote diversity and to provide all candidates with equal opportunities. We value our people over their jobs, looking for the best candidate, regardless of age, ethnicity, religion or gender identity. Each individual and their unique perspective is what makes us stronger and powerful. 

Where you start your career is only the beginning. A position in any of our locations can lead to opportunities throughout the region or around the globe.

Build a career with us and use your energy to change the world!

For more information, visit

Job Role Summary

ExxonMobil Cyber Security / Software Security Group is seeking an experienced Software Security Analyst to support vendor/in-house security scanning tools implemented on local and cloud platforms.


Job Role Responsibilities

• Responsible for supporting and implementing enterprise scale software security solutions to support business initiatives
• Part of a global team of software and container security specialists, evaluating/supporting application and container security solutions, developing related security standards, and implementing software security controls and automations
• Develop software security strategies and guidance/best practice documentation to drive the strategy
• Continuously seek to improve the tools, processes, and procedures
• Contribute to and/or lead knowledge sharing sessions with application developers relating to application security and security scanning tools
• Resolve technical issues escalated from the developers and/or infrastructure platform teams
• Mentor and invest in the development of team members.

Expected Level of Proficiency

• 2+ years of experience in software or cyber security
• 2+ years of experience in Red Hat OpenShift and/or Azure
• Practical scripting experience with tools/languages like PowerShell, Python, Node.js, Javascript, Bash, Ruby, Perl, .NET, etc.
• Knowledge of software vulnerability remediation techniques and libraries
• Knowledge of common Open Source Software frameworks and associated security challenges
• Knowledge of the OWASP Top 10 and the ability to explain how these issues should be remediated
• Knowledge of CVSS, CVE and related schema and scoring
• Knowledge of Identity and Access Management (IAM), especially as implemented in cloud environments
• Knowledge of encryption concepts and implementation methods
• Knowledge of remote access technologies and implementation best practices
• Ability to perform successful security code reviews is preferred but not required
• Understanding of static code analysis, dynamic analysis, and threat modeling tools principles and practices

• BS/BA in a related discipline (i.e., Computer Science, Information Systems, Engineering, Business, etc.); and/or 4 years of experience in related field
• Hands-on technical expertise in building security capabilities in code and deploying infrastructure in code
• Technical experience working with enterprise security solutions such as firewalls, IDS/IPS, WAF, and SIEM is a plus

Your Benefits

An ExxonMobil career is one designed to last, with benefits built to support every stage of your life. That means world-class compensation and benefits, teammates who support and inspire, and the flexibility to explore multiple challenges and roles.

Our commitment to you runs deep, we care for our people, that’s why we provide the safest workplace we can, so you can work with focus and peace of mind.


Alternate Location:  

Job Segment: Cloud, Open Source, Systems Engineer, Computer Science, Information Systems, Technology, Engineering