Director, Security Engineer – DevSecOps

This is a fully remote position, open to applicants in Brazil.

📋 Description

• Lead the technical strategy for product and application security by defining architecture standards, security baselines, and secure coding guidelines that align with the OWASP ASVS, NIST SSDF, and BSIMM frameworks.

• Design and implement a thorough DevSecOps pipeline that incorporates SAST, DAST, SCA, and container scanning across all CI/CD pipelines serving 10 product verticals.

• Propel threat modeling practices throughout critical product flows, collaborating with engineering leads to identify and address security risks prior to production.

• Create and implement a centralized security telemetry architecture that integrates application logs, WAF events, and fraud signals into a cohesive SIEM platform for real-time detection.

• Oversee the technical evaluation, selection, and implementation of security tools including SAST/DAST, SIEM/SOAR, PAM, API Gateway security, and container security scanners.

• Build and mentor a team of 7-8 embedded DevSecOps engineers across product verticals, offering technical guidance and ensuring uniform security standards.

• Take ownership of the technical roadmap aimed at decreasing MTTD from over 48 hours to under 1 hour and improving fraud detection from D+1 to real-time through security engineering and automation.

• Embody the mission: inspire and empower others by genuinely caring for your own wellbeing and that of your colleagues. Prioritize wellbeing in the workplace to foster an environment where everyone feels comfortable managing their health, taking time off, and achieving work-life balance.

⛳️ Requirements

• A seasoned security engineer specializing in application security, cloud security, or security engineering, with a minimum of 4 years in a senior technical leadership role.

• Extensive knowledge of the secure software development lifecycle (SSDLC), threat modeling (STRIDE, PASTA), and security architecture for distributed systems and microservices.

• Practical experience with security tools, including SAST (Checkmarx, Snyk, SonarQube), DAST (Burp Suite, OWASP ZAP), SCA, container scanning (Trivy, Prisma), and SIEM platforms (Elastic, Splunk, Sentinel).

• Understanding of cloud security (AWS and/or GCP), encompassing IAM, VPC security, secrets management, and container orchestration security (Kubernetes/EKS).

• Proven experience in building and scaling DevSecOps programs, integrating security into CI/CD pipelines, and providing mentorship to engineering teams on secure coding practices.

• Proficient in at least two programming languages (Python, Go, Java, or JavaScript), with the capability to review code, develop security tools, and automate security workflows.

• Familiarity with compliance frameworks (ISO 27001, PCI DSS, LGPD/GDPR) and their translation into technical security controls.

• Excellent communication skills to convey complex technical security concepts into actionable guidance for engineering teams at all levels.

🏝️ Benefits

• Free Gold+ membership providing access to onsite gyms and studios, digital fitness programs, and online wellness resources for meditation, nutrition, mental wellbeing support, and more! You can add up to three family members to your plan, ensuring wellness access for your loved ones.

• A comprehensive emotional wellbeing program with a unique approach, featuring personalized journeys that combine individual therapy sessions (52 per year) and on-demand content.

• Health, dental, and life insurance coverage.

• As a Flexible First company, we offer hybrid and remote options, allowing you to work in a manner that suits you best. The specifics of this role’s model can be discussed with your recruiter and hiring manager. Upon joining, you can use our home office reimbursement to establish your home workspace.

• It’s essential to take time off to refresh. Employees receive vacation time after 6 months, in addition to 3 extra days off annually + 1 additional day for each year of tenure (up to 5 additional days) + an extra holiday for your birthday!

• Welcoming a new child is a wonderful occasion. Take the time to be present and enjoy your growing family. We provide 100% paid parental leave for all new parents, with parents giving birth eligible for extended leave and a gradual return to work part-time.

• Access to leading platforms, participation in interactive sessions, the ability to create your personalized development roadmap, and exploration of internal opportunities. We emphasize continuous learning and feedback to support your personal and professional growth.

• Join a team of passionate individuals who collaborate to break boundaries, support one another, and make a meaningful impact in workplace wellness. We succeed together by fostering trust through open communication and a culture where every perspective is valued.