Director, Security Engineer – DevSecOps

Gympass

. Lead the technical security strategy for product and application security, defining architecture standards, security baselines, and secure coding guidelines aligned with OWASP ASVS, NIST SSDF, and BSIMM frameworks.

Posted 6/25/2026full-timeRemote • 🇧🇷 BrazilLeadWebsite

Tech Stack

Tools & technologies

AWSCloudDistributed SystemsGoGoogle Cloud PlatformJavaJavaScriptKubernetesMicroservicesPythonSplunk

About the role

Key responsibilities & impact

Lead the technical security strategy for product and application security, defining architecture standards, security baselines, and secure coding guidelines aligned with OWASP ASVS, NIST SSDF, and BSIMM frameworks.
Architect and implement a comprehensive DevSecOps pipeline, integrating SAST, DAST, SCA, and container scanning across all CI/CD pipelines serving 10 product verticals.
Drive threat modeling practices across critical product flows, partnering with engineering leads to identify and mitigate security risks before they reach production.
Design and implement a centralized security telemetry architecture, connecting application logs, WAF events, and fraud signals into a unified SIEM platform for real-time detection.
Lead the technical evaluation, selection, and implementation of security tools (SAST/DAST, SIEM/SOAR, PAM, API Gateway security, container security scanners).
Establish and mentor a team of 7-8 embedded DevSecOps engineers across product verticals, providing technical guidance and ensuring consistent security standards.
Own the technical roadmap for reducing MTTD from >48h to <1h and fraud detection from D+1 to real-time through security engineering and automation.
Live the mission: inspire and empower others by genuinely caring for your own wellbeing and your colleagues. Bring wellbeing to the forefront of work, and create a supportive environment where everyone feels comfortable taking care of themselves, taking time off, and finding work-life balance.

Requirements

What you’ll need

A seasoned security engineer in application security, cloud security, or security engineering, with at least 4 years in a senior technical leadership role.
Deep expertise in secure software development lifecycle (SSDLC), threat modeling (STRIDE, PASTA), and security architecture for distributed systems and microservices.
Hands-on experience with security tooling: SAST (Checkmarx, Snyk, SonarQube), DAST (Burp Suite, OWASP ZAP), SCA, container scanning (Trivy, Prisma), and SIEM platforms (Elastic, Splunk, Sentinel).
Knowledge of cloud security (AWS and/or GCP), including IAM, VPC security, secrets management, and container orchestration security (Kubernetes/EKS).
Experience building and scaling DevSecOps programs, integrating security into CI/CD pipelines, and mentoring engineering teams on secure coding practices.
Proficiency in at least two programming languages (Python, Go, Java, or JavaScript) with the ability to review code, write security tooling, and automate security workflows.
Familiarity with compliance frameworks (ISO 27001, PCI DSS, LGPD/GDPR) and how they translate into technical security controls.
Strong communication skills to translate complex technical security concepts into actionable guidance for engineering teams at all levels.

Benefits

Comp & perks

Free Gold+ membership with access to onsite gyms and studios, digital fitness programs, and online wellness resources for meditation, nutrition, mental wellbeing support, and more! Add up to three family members to your plan, ensuring access to wellness for those who matter most to you.
A complete emotional wellbeing program with a unique approach. It offers personalized journeys that combine individual therapy sessions (52 per year) and on-demand content.
Health, dental, and life insurance.
As a Flexible First company, we offer hybrid and remote options to give you the freedom to work in a way that suits you. The model for this specific role can be discussed with your recruiter and hiring manager. When you join, use our home office reimbursement to set up your home office.
It’s important to take time away from work to recharge. Employees receive vacations after 6 months and additional 3 days off per year + 1 day off for each year of tenure (up to 5 additional days) + an extra holiday for your birthday!
Welcoming a new child is one of the most special moments in your life. Take the time to be present and enjoy your growing family. We offer 100% paid parental leave to all new parents. Parents giving birth are eligible for an extended leave and a ramp-back period to return part-time while they get settled.
Access world-class platforms, participate in interactive sessions, build your personalized development roadmap, and explore internal opportunities. We focus on continuous learning and feedback to support your journey toward personal and professional success.
You’ll join a team of passionate people who come together to break boundaries, support each other, and create a meaningful impact in workplace wellness. We win together, building trust through open communication and a culture where every perspective matters.

ATS Keywords

✓ Tailor your resume

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

secure software development lifecyclethreat modelingsecurity architectureDevSecOpsprogramming languagessecurity toolingcloud securitycontainer orchestration securitysecure coding practicesautomation

Soft Skills

leadershipmentoringcommunicationteam buildingsupportive environmentwellbeing focusinspirationempowermentwork-life balanceguidance

Certifications

ISO 27001PCI DSSLGPDGDPR