Director Security Engineer | DevSecOps

About the Role

As a technical leader, the Director of Security Engineering will oversee the deployment of automated security tooling, mentor senior engineers in advanced vulnerability research, and partner with product leaders to balance rapid feature delivery with robust risk mitigation. This role requires deep technical expertise in application security, cloud security, and modern DevSecOps practices.

Wellhub's Information Security team is responsible for protecting the company's subscription-based product, which serves millions of users worldwide. The team is looking for a seasoned security engineer who can drive the technical security strategy, architect security solutions, and lead threat modeling practices.

What You Will Do

• Lead the technical security strategy for product and application security, defining architecture standards, security baselines, and secure coding guidelines
• Architect and implement a comprehensive DevSecOps pipeline, integrating SAST, DAST, SCA, and container scanning across all CI/CD pipelines
• Drive threat modeling practices across critical product flows, partnering with engineering leads to identify and mitigate security risks
• Design and implement a centralized security telemetry architecture, connecting application logs, WAF events, and fraud signals into a unified SIEM platform
• Lead the technical evaluation, selection, and implementation of security tools, such as SAST/DAST, SIEM/SOAR, PAM, API Gateway security, and container security scanners
• Establish and mentor a team of embedded DevSecOps engineers across product verticals, providing technical guidance and ensuring consistent security standards
• Own the technical roadmap for reducing MTTD and fraud detection, driving security engineering and automation
• Collaborate with product leaders to balance rapid feature delivery with robust risk mitigation
• Develop and maintain a culture of shared security responsibility across the organization

What We Are Looking For

• A seasoned security engineer with experience in application security, cloud security, or security engineering
• At least 4 years of experience in a senior technical leadership role
• Deep expertise in application security, cloud security, and modern DevSecOps practices
• Strong understanding of industry-recognized security frameworks, such as OWASP ASVS, NIST SSDF, and BSIMM
• Experience with security tools, such as SAST/DAST, SIEM/SOAR, PAM, API Gateway security, and container security scanners
• Strong technical leadership and mentoring skills, with the ability to establish and lead a team of embedded DevSecOps engineers
• Excellent communication and collaboration skills, with the ability to partner with product leaders and engineering teams

Nice to Have

• Experience with cloud-based security solutions, such as AWS or Azure
• Knowledge of containerization and orchestration technologies, such as Docker and Kubernetes
• Familiarity with agile development methodologies and DevOps practices
• Certification in security engineering or a related field, such as CISSP or CEH

Benefits and Perks

• Opportunity to work with a leading company in the workplace wellness industry
• Collaborative and dynamic work environment with a team of experienced professionals
• Flexible remote work arrangement, with the option to work from anywhere in Portugal
• Access to cutting-edge security tools and technologies
• Professional development opportunities, including training and certification programs
• Competitive compensation package, with benefits and perks tailored to remote workers
• Opportunity to make a real impact on the company's security posture and contribute to the development of a healthier, more balanced world

• Ensure your resume and online profiles highlight your experience with application security, cloud security, and DevSecOps practices.
• Be prepared to discuss your technical expertise in security engineering, including your experience with security tools and frameworks.
• Show examples of your leadership skills, including your ability to establish and lead a team of embedded DevSecOps engineers.
• Research Wellhub's company culture and values, and be prepared to discuss how you can contribute to the organization's mission and vision.
• Don't be afraid to ask questions during the interview process, such as what the biggest security challenges are and how the company approaches security engineering.
• Consider creating a portfolio of your work, including examples of your security engineering projects and accomplishments.
• Be prepared to negotiate your salary and benefits package, and don't be afraid to ask about opportunities for professional development and growth.