Director, Security Engineer – DevSecOps

Job not on LinkedIn

🔥 2 hours ago

Apply Now

Find Similar Remote Jobs

Receive Emails For Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Upload Resume

Gympass

WebsiteLinkedInAll Job Openings

1001 - 5000 employees

Founded 2012

🧘 Wellness

🤝 B2B

☁️ SaaS

💰 $5.4M Venture Round on 2021-12

Wellness • B2B • SaaS

Gympass is a comprehensive corporate wellness platform that connects employees with a variety of fitness, mindfulness, nutrition, and sleep resources through flexible and cost-effective subscription plans. Offering access to a vast network of gyms, studios, virtual personal trainers, and wellness apps, Gympass is designed to enhance employee wellbeing and improve productivity, retention, and healthcare cost outcomes for businesses. By enabling companies to provide holistic wellness options, Gympass fosters healthier workplace environments and supports employees in maintaining balanced lifestyles both at work and at home.

📋 Description

• Lead the technical security strategy for product and application security, defining architecture standards, security baselines, and secure coding guidelines aligned with OWASP ASVS, NIST SSDF, and BSIMM frameworks. • Architect and implement a comprehensive DevSecOps pipeline, integrating SAST, DAST, SCA, and container scanning across all CI/CD pipelines serving 10 product verticals. • Drive threat modeling practices across critical product flows, partnering with engineering leads to identify and mitigate security risks before they reach production. • Design and implement a centralized security telemetry architecture, connecting application logs, WAF events, and fraud signals into a unified SIEM platform for real-time detection. • Lead the technical evaluation, selection, and implementation of security tools (SAST/DAST, SIEM/SOAR, PAM, API Gateway security, container security scanners). • Establish and mentor a team of 7-8 embedded DevSecOps engineers across product verticals, providing technical guidance and ensuring consistent security standards. • Own the technical roadmap for reducing MTTD from >48h to <1h and fraud detection from D+1 to real-time through security engineering and automation. • Live the mission: inspire and empower others by genuinely caring for your own wellbeing and your colleagues. Bring wellbeing to the forefront of work, and create a supportive environment where everyone feels comfortable taking care of themselves, taking time off, and finding work-life balance.

🎯 Requirements

• A seasoned security engineer in application security, cloud security, or security engineering, with at least 4 years in a senior technical leadership role. • Deep expertise in secure software development lifecycle (SSDLC), threat modeling (STRIDE, PASTA), and security architecture for distributed systems and microservices. • Hands-on experience with security tooling: SAST (Checkmarx, Snyk, SonarQube), DAST (Burp Suite, OWASP ZAP), SCA, container scanning (Trivy, Prisma), and SIEM platforms (Elastic, Splunk, Sentinel). • Knowledge of cloud security (AWS and/or GCP), including IAM, VPC security, secrets management, and container orchestration security (Kubernetes/EKS). • Experience building and scaling DevSecOps programs, integrating security into CI/CD pipelines, and mentoring engineering teams on secure coding practices. • Proficiency in at least two programming languages (Python, Go, Java, or JavaScript) with the ability to review code, write security tooling, and automate security workflows. • Familiarity with compliance frameworks (ISO 27001, PCI DSS, LGPD/GDPR) and how they translate into technical security controls. • Strong communication skills to translate complex technical security concepts into actionable guidance for engineering teams at all levels.

🏖️ Benefits

• Free Gold+ membership with access to onsite gyms and studios, digital fitness programs, and online wellness resources for meditation, nutrition, mental wellbeing support, and more! Add up to three family members to your plan, ensuring access to wellness for those who matter most to you. • A complete emotional wellbeing program with a unique approach. It offers personalized journeys that combine individual therapy sessions (52 per year) and on-demand content. • Health, dental, and life insurance. • As a Flexible First company, we offer hybrid and remote options to give you the freedom to work in a way that suits you. The model for this specific role can be discussed with your recruiter and hiring manager. When you join, use our home office reimbursement to set up your home office. • It’s important to take time away from work to recharge. Employees receive vacations after 6 months and additional 3 days off per year + 1 day off for each year of tenure (up to 5 additional days) + an extra holiday for your birthday! • Welcoming a new child is one of the most special moments in your life. Take the time to be present and enjoy your growing family. We offer 100% paid parental leave to all new parents. Parents giving birth are eligible for an extended leave and a ramp-back period to return part-time while they get settled. • Access world-class platforms, participate in interactive sessions, build your personalized development roadmap, and explore internal opportunities. We focus on continuous learning and feedback to support your journey toward personal and professional success. • You’ll join a team of passionate people who come together to break boundaries, support each other, and create a meaningful impact in workplace wellness. We win together, building trust through open communication and a culture where every perspective matters.