[Hiring] Director Security Engineer | DevSecOps @Wellhub

Role Description

We are hiring a Director of Security Engineering for our Information Security team in Brazil! This is a Remote – Brazil position, meaning you can work from anywhere within the country. Please note that this role is only open to candidates in Brazil.

The Information Security team is responsible for protecting our subscription-based product serving millions of users. As a Director of Security Engineering, you will be the technical leader driving application security, DevSecOps practices, and security engineering across our 10 product verticals. This is a unique opportunity to build security capabilities in a high-growth environment. You will help construct the technical security strategy, architect security solutions, lead threat modeling, and establish secure development practices across all engineering teams. The role requires deep technical expertise in application security, cloud security, and modern DevSecOps practices.

• Serve as the primary architect for our security engineering roadmap, ensuring that protection is integrated at every stage.
• Oversee the deployment of automated security tooling.
• Mentor senior engineers in advanced vulnerability research.
• Partner with product leaders to balance rapid feature delivery with robust risk mitigation.
• Foster a culture of shared security responsibility.

Qualifications

• A seasoned security engineer with experience in application security, cloud security, or security engineering, with at least 4 years in a senior technical leadership role.
• Deep expertise in secure software development lifecycle (SSDLC), threat modeling (STRIDE, PASTA), and security architecture for distributed systems and microservices.
• Hands-on experience with security tooling: SAST (Checkmarx, Snyk, SonarQube), DAST (Burp Suite, OWASP ZAP), SCA, container scanning (Trivy, Prisma), and SIEM platforms (Elastic, Splunk, Sentinel).
• Extensive knowledge of cloud security (AWS and/or GCP), including IAM, VPC security, secrets management, and container orchestration security (Kubernetes/EKS).
• Experience building and scaling DevSecOps programs, integrating security into CI/CD pipelines, and mentoring engineering teams on secure coding practices.
• Proficiency in at least two programming languages (Python, Go, Java, or JavaScript) with the ability to review code, write security tooling, and automate security workflows.
• Familiarity with compliance frameworks (ISO 27001, PCI DSS, LGPD/GDPR) and how they translate into technical security controls.
• Effective communication skills (Portuguese and English) to translate complex technical security concepts into actionable guidance for engineering teams at all levels.

Requirements

• Prior experience in application security engineering and DevSecOps pipeline implementation is a mandatory requirement.

Benefits

• Free Gold+ membership with access to onsite gyms and studios, digital fitness programs, and online wellness resources for meditation, nutrition, mental wellbeing support, and more!
• A complete emotional wellbeing program with personalized journeys that combine individual therapy sessions (52 per year) and on-demand content.
• Health, dental, and life insurance.
• Flexible work options to suit your needs.
• Paid time off including vacations after 6 months and additional days off based on tenure.
• 100% paid parental leave for all new parents.
• Access to world-class platforms and continuous learning opportunities.
• A collaborative, supportive, and inclusive culture.