Director Security Engineer | DevSecOps

Vaga não está no LinkedIn

🔥 40 minutos atrás

Candidatar-se

Encontrar Vagas Remotas Similares

Receber Emails de Vagas Remotas

📊 Verifique sua pontuação de currículo para esta vaga

Melhore suas chances de conseguir uma entrevista verificando sua pontuação de currículo antes de se candidatar.

Enviar Currículo

Gympass

SiteLinkedInTodas as Vagas

1001 - 5000 funcionários

Fundada em 2012

🧘 Bem-estar

🤝 B2B

☁️ SaaS

💰 $5.400.000 Venture Round em 2021-12

Wellness • B2B • SaaS

Gympass é uma plataforma completa de bem-estar corporativo que conecta colaboradores a uma variedade de recursos de fitness, mindfulness, nutrição e sono por meio de planos de assinatura flexíveis e econômicos. Ao oferecer acesso a uma ampla rede de academias, estúdios, personal trainers virtuais e apps de bem-estar, o Gympass foi projetado para fortalecer o bem-estar dos colaboradores e melhorar, para as empresas, produtividade, retenção e resultados em custos de saúde. Ao permitir que as companhias ofereçam opções de bem-estar holísticas, o Gympass promove ambientes de trabalho mais saudáveis e ajuda os colaboradores a manter um estilo de vida equilibrado tanto no trabalho quanto em casa.

Descrição

• Lead the technical security strategy for product and application security, defining architecture standards, security baselines, and secure coding guidelines aligned with OWASP ASVS, NIST SSDF, and BSIMM frameworks. • Architect and implement a comprehensive DevSecOps pipeline, integrating SAST, DAST, SCA, and container scanning across all CI/CD pipelines serving 10 product verticals. • Drive threat modeling practices across critical product flows, partnering with engineering leads to identify and mitigate security risks before they reach production. • Design and implement a centralized security telemetry architecture, connecting application logs, WAF events, and fraud signals into a unified SIEM platform for real-time detection. • Lead the technical evaluation, selection, and implementation of security tools (SAST/DAST, SIEM/SOAR, PAM, API Gateway security, container security scanners). • Establish and mentor a team of 7-8 embedded DevSecOps engineers across product verticals, providing technical guidance and ensuring consistent security standards. • Own the technical roadmap for reducing MTTD from >48h to <1h and fraud detection from D+1 to real-time through security engineering and automation. • Live the mission: inspire and empower others by genuinely caring for your own wellbeing and your colleagues. Bring wellbeing to the forefront of work, and create a supportive environment where everyone feels comfortable taking care of themselves, taking time off, and finding work-life balance.

🎯 Requisitos

• A seasoned security engineer in application security, cloud security, or security engineering, with at least 4 years in a senior technical leadership role. • Deep expertise in secure software development lifecycle (SSDLC), threat modeling (STRIDE, PASTA), and security architecture for distributed systems and microservices. • Hands-on experience with security tooling: SAST (Checkmarx, Snyk, SonarQube), DAST (Burp Suite, OWASP ZAP), SCA, container scanning (Trivy, Prisma), and SIEM platforms (Elastic, Splunk, Sentinel). • Knowledge of cloud security (AWS and/or GCP), including IAM, VPC security, secrets management, and container orchestration security (Kubernetes/EKS). • Experience building and scaling DevSecOps programs, integrating security into CI/CD pipelines, and mentoring engineering teams on secure coding practices. • Proficiency in at least two programming languages (Python, Go, Java, or JavaScript) with the ability to review code, write security tooling, and automate security workflows. • Familiarity with compliance frameworks (ISO 27001, PCI DSS, LGPD/GDPR) and how they translate into technical security controls. • Strong communication skills to translate complex technical security concepts into actionable guidance for engineering teams at all levels.

🏖️ Benefícios

• Free Gold+ membership with access to onsite gyms and studios, digital fitness programs, and online wellness resources for meditation, nutrition, mental wellbeing support, and more! Add up to three family members to your plan, ensuring access to wellness for those who matter most to you. • A complete emotional wellbeing program with a unique approach. It offers personalized journeys that combine individual therapy sessions (52 per year) and on-demand content. • Health, dental, and life insurance. • As a Flexible First company, we offer hybrid and remote options to give you the freedom to work in a way that suits you. The model for this specific role can be discussed with your recruiter and hiring manager. When you join, use our home office reimbursement to set up your home office. • It’s important to take time away from work to recharge. Employees receive vacations after 6 months and additional 3 days off per year + 1 day off for each year of tenure (up to 5 additional days) + an extra holiday for your birthday! • Welcoming a new child is one of the most special moments in your life. Take the time to be present and enjoy your growing family. We offer 100% paid parental leave to all new parents. Parents giving birth are eligible for an extended leave and a ramp-back period to return part-time while they get settled. • Access world-class platforms, participate in interactive sessions, build your personalized development roadmap, and explore internal opportunities. We focus on continuous learning and feedback to support your journey toward personal and professional success. • You’ll join a team of passionate people who come together to break boundaries, support each other, and create a meaningful impact in workplace wellness. We win together, building trust through open communication and a culture where every perspective matters.