Jobs · remotefirstjobs
Director Security Engineer | DevSecOps
Halcyon Labs · Remote · Posted 20d ago
Available in 4 locations
Brazil (Remote) · remote Apply → Portugal (Remote) · remote Apply → Remote · remote Apply → South America · remote Apply →About the role
Lead application security and DevSecOps practices across product verticals for a wellness platform.
Your wellbeing, our mission. Join a company shaping a healthier world. GET TO KNOW US At Wellhub we're revolutionizing workplace wellness. Our platform connects employees worldwide to the best partners for fitness, mindfulness, therapy, nutrition, and sleep—all in one simple subscription. Headquartered in NYC with team members in Europe, North America and South America, we’re on a mission to make every company a wellness company. We believe work should be fulfilling, inspiring, and balanced. Here, you’ll find a team that values wellbeing, collaboration, and different perspectives, where passion and creativity push boundaries to create real impact. Your contributions will help shape a healthier, more balanced world for you and millions of people globally. Join us in redefining the future of wellbeing! THE OPPORTUNITY We are hiring a Director Security Engineer to our Information Security team in Brazil ! This is a Remote – Brazil position, meaning you can work from anywhere within the country. Please note that this role is only open to candidates in Brazil. The Information Security team is responsible to protect our subscription-based product serving millions of users. As Director Security Engineer, you will be the technical leader driving application security, DevSecOps practices, and security engineering across our 10 product verticals. This is a unique opportunity to build security capabilities in a high-growth environment. You will help construct the technical security strategy, architect security solutions, lead threat modeling, and establish secure development practices across all engineering teams. The role requires deep technical expertise in application security, cloud security, and modern DevSecOps practices.In this capacity, you will serve as the primary architect for our security engineering roadmap, ensuring that protection is integrated at every stage. You will oversee the deployment of automated security tooling, mentor senior engineers in advanced vulnerability research, and partner with product leaders to balance rapid feature delivery with robust risk mitigation. Your leadership will be pivotal in scaling our security posture to meet the demands of a global, multi-vertical ecosystem while fostering a culture of shared security responsibility. YOUR IMPACT Lead the technical security strategy for product and application security, defining architecture standards, security baselines, and secure coding guidelines aligned with OWASP ASVS, NIST SSDF, and BSIMM frameworks. Architect and implement a comprehensive DevSecOps pipeline, integrating SAST, DAST, SCA, and container scanning across all CI/CD pipelines serving 10 product verticals. Drive threat modeling practices across critical product flows, partnering with engineering leads to identify and mitigate security risks before they reach production. Design and implement a centralized security telemetry architecture, connecting application logs, WAF events, and fraud signals into a unified SIEM platform for real-time detection. Lead the technical evaluation, selection, and implementation of security tools (SAST/DAST, SIEM/SOAR, PAM, API Gateway security, container security scanners). Establish and mentor a team of 7-8 embedded DevSecOps engineers across product verticals, providing technical guidance and ensuring consistent security standards. Own the technical roadmap for reducing MTTD from >48h to Live the mission: inspire and empower others by genuinely caring for your own wellbeing and your colleagues. Bring wellbeing to the forefront of work, and create a supportive environment where everyone feels comfortable taking care of themselves, taking time off, and finding work-life balance. WHO YOU ARE A seasoned security engineer in application security, cloud security, or security engineering, with at least 4 years in a senior technical leadership role. Deep expertise in secure software development lifecycle (SSDLC), threat modeling (STRIDE, PASTA), and security architecture for distributed systems and microservices. Hands-on experience with security tooling: SAST (Checkmarx, Snyk, SonarQube), DAST (Burp Suite, OWASP ZAP), SCA, container scanning (Trivy, Prisma), and SIEM platforms (Elastic, Splunk, Sentinel). Knowledge of cloud security (AWS and/or GCP), including IAM, VPC security, secrets management, and container orchestration security (Kubernetes/EKS). Experience building and scaling DevSecOps programs, integrating security into CI/CD pipelines, and mentoring engineering teams on secure coding practices. Proficiency in at least two programming languages (Python, Go, Java, or JavaScript) with the ability to review code, write security tooling, and automate security workflows. Familiarity with compliance frameworks (ISO 27001, PCI DSS, LGPD/GDPR) and how they translate into technical security controls. Strong communication skills to translate complex technical security concepts into actionable guidance for engineering teams at all levels. We re
Read the full posting on remotefirstjobs →
FAQ
Is the Director Security Engineer | DevSecOps role at Halcyon Labs remote?+
This Director Security Engineer | DevSecOps position is listed as remote (Remote).
What is the salary for the Director Security Engineer | DevSecOps role at Halcyon Labs?+
The listing states Estimated 131k-280k USD.
What seniority level is this Director Security Engineer | DevSecOps role?+
This is a lead level position.
How do I apply for the Director Security Engineer | DevSecOps role at Halcyon Labs?+
Use the "Apply on remotefirstjobs" button to open the original posting on remotefirstjobs, where you can submit your application directly to Halcyon Labs.