Senior Security Engineer

SumUp enables businesses to get paid easily, process orders quickly, sell online instantly and manage their money more efficiently. We create the tools businesses need to make their business and their customer experience thrive! As a Senior Security Engineer for our tribe, you will be responsible for embedding and scaling robust security practices throughout the product development lifecycle at SumUp. You will work closely with engineering teams to ensure security is integrated into our architecture, development processes, and delivery pipelines, helping us build secure and compliant financial products at scale. What You’ll Do Embed security practices across the entire product development lifecycle, ensuring security is a core part of engineering processes and decisions Define, document, and promote secure architectural standards and best practices based on industry frameworks (OWASP, NIST, CIS) Support engineering teams in implementing and configuring security tooling (SAST, SCA, container scanning) within CI/CD pipelines, ensuring efficiency and low friction Drive the adoption and optimization of SAST tools, including rule tuning, developer training, and results analysis Contribute to the Software Supply Chain Security program by assessing risks in third-party dependencies and promoting secure development practices (e.g., SCA tools, commit signing, SLSA) Conduct security analyses and threat modeling for new and existing products, identifying vulnerabilities and guiding teams on secure design decisions Collaborate with teams to design and implement secure authentication and authorization solutions (IAM, OAuth 2.0, OIDC, SAML) Ensure systems and processes comply with security standards such as PCI-DSS Deliver security training and awareness initiatives, including workshops and guidance for engineers on secure coding practices Support and secure cloud-native environments, particularly in AWS and Kubernetes, including infrastructure hardening, secrets management, and runtime protection Continuously improve security practices by building automation, improving tooling coverage, and establishing scalable security engagement models with engineering teams. You’ll be great for this role if you: You have solid experience in application security and DevSecOps practices You have hands-on experience implementing security tooling (such as SAST, SCA, or container scanning) and integrating it into CI/CD pipelines You have strong knowledge of modern security standards and frameworks (e.g., OWASP Top 10, OWASP ASVS) and secure design principles You have experience with threat modeling and identifying risks in complex systems You are familiar with cloud-native environments and security practices in AWS and/or Kubernetes You understand authentication and authorization concepts (e.g., IAM, OAuth 2.0, OIDC) You are comfortable working cross-functionally, influencing engineering teams, and driving adoption of security best practices You take ownership, are pragmatic in your approach to security, and balance risk with business needs You have strong English communication skills and enjoy working in a global environment Why you should join SumUp 🌍 Global Experience : Collaborate with a diverse team of 3,000+ people from over 90 countries, and join our global off-sites and hackathons. 🤝 Collaborative Culture: Join a team that values diversity, innovation, and teamwork, where your ideas and contributions truly matter. 📈 Career Growth : Be part of a global team working on large-scale fintech products used by millions of businesses. 💙 Great Benefits : Health plans, meal vouchers (VR), Zenklub, Wellhub, life insurance, childcare allowance, and more. 📚 Learning Development : Access an annual budget of R$ 10,000 for education, certifications, and conferences. 🌴 Time Off : Enjoy 30 additional days off through our Break4Me program after 3 years at SumUp. 💸 Grow with Us: Participate in our virtual stock program and ... (truncated, view full listing at source)