Accountabilities
You will own and continuously improve the security posture of the platform, with a strong emphasis on application security, cloud security, and secure software delivery. This includes both building security capabilities and embedding them directly into engineering workflows.
- Lead application security efforts across the product, including threat modeling, secure design reviews, and hands-on vulnerability remediation with engineering teams.
- Design, implement, and maintain secure SDLC practices by embedding security into CI/CD pipelines, including SAST, DAST, dependency scanning, and secrets detection.
- Build and manage security tooling and policy-as-code controls across Terraform/Terragrunt-based infrastructure pipelines.
- Identify, validate, prioritize, and remediate vulnerabilities across applications, APIs, cloud infrastructure, and third-party integrations.
- Own cloud security across AWS and Kubernetes, including IAM design, network security, encryption, logging, and configuration drift management.
- Develop and tune detection and response capabilities using tools such as CloudTrail, GuardDuty, and Security Hub, and lead security incident response activities.
- Drive SOC 2 and ISO 27001 compliance programs, including control design, audit coordination, and documentation ownership.
- Support customer trust initiatives by responding to security questionnaires and explaining technical controls during audits and evaluations.
- Manage and mentor an internal Security Engineer responsible for corporate IT, identity, and endpoint security.
Requirements
You are a hands-on security engineer with deep technical expertise in cloud and application security, comfortable operating directly within code, infrastructure, and CI/CD pipelines. You combine strong execution skills with the ability to guide security strategy in a product-driven environment.
- 5+ years of experience in security engineering, application security, DevSecOps, or cloud security roles.
- Strong hands-on experience with AWS and Kubernetes security in production environments.
- Deep understanding of secure SDLC practices and CI/CD security integration.
- Ability to read, review, and work directly with application code and APIs for security remediation.
- Experience implementing SAST, DAST, container scanning, and secrets management tools.
- Proven experience with SOC 2 and/or ISO 27001 compliance programs, including audit collaboration.
- Strong knowledge of IAM, network security, encryption, logging, and cloud security posture management.
- Experience working with incident response, detection engineering, and security monitoring tools.
- Leadership experience, including mentoring or managing security engineers.
- Strong communication skills, able to translate technical risk for engineers, leadership, and auditors.
- Comfortable working in Atlassian tools (Jira, Confluence) and modern SaaS engineering environments.
- Open and practical mindset toward AI tools and their use in security workflows.
Benefits
- Fully remote-friendly role with flexible working arrangements.
- Competitive compensation aligned with market standards.
- Wellness programs and employee support initiatives.
- Strong focus on learning, certifications, and professional development.
- Inclusive, collaborative, and mission-driven work culture.
- Opportunity to work on high-impact cybersecurity problems at scale.
- Employee recognition programs and long-term growth opportunities.
🇧🇷 Essa vaga exige inglês. Você está pronto?
A DevSpeak Academy prepara desenvolvedores brasileiros para conquistar vagas internacionais. Domine o inglês técnico com professores que entendem o mundo dev.
Conheça a DevSpeak AcademyCandidaturas encerradasVer outras vagas
