Specializes in preventing, identifying, and mitigating the accidental exposure of secrets (such as passwords, API keys, tokens, private certificates, etc.) in source code, repositories, CI/CD environments, and file systems.

Detalles del cliente

A 65-year-old global biopharmaceutical company based in Mexico that challenges the limits of science to improve patients' lives. We seek to be recognized as leaders in the development of innovative therapies that will make a significant difference in the treatment of diseases affecting our society in the future.

Descripción de la oferta

1. Code Scanning and Auditing
Analyze code repositories (GitHub, GitLab, Bitbucket, etc.) for exposed secrets.

2. CI/CD Integration
Automate secret scanning in pipelines (GitHub Actions, GitLab CI, Jenkins, etc.).


3. False Positive Management
Adjust rules, patterns, and whitelists to reduce noise.
Evaluate and classify findings (real secrets vs. false positives).
Support with model or pattern training if necessary.

4. Remediation of Exposed Secrets
Automatically revokes and rotates compromised secrets

5. Security Practice Improvements
Promotes the use of secure vaults (HashiCorp Vault, AWS Secrets Manager, etc.).

Educates development teams on best practices (e.g., never uploading .env files, using environment variables, etc.).
Creates internal secret management policies.

6. Continuous Monitoring
Implements secret monitoring systems in public repositories (e.g., GitGuardian or shhgit).

7. Reporting and Compliance
Generates exposure, metrics, and coverage reports.

Perfil del candidato

Knowledge of secret detection tools, secret management, and AWS security tool management.

Oferta de empleo

100% nominal salary
Food vouchers
Family medical expenses
Extra bonus as required by law
100% remote work

Temporal position (6 mounths) with extension opportunity