SumUp enables businesses to get paid easily, process orders quickly, sell online instantly and manage their money more efficiently. We create the tools businesses need to make their business and their customer experience thrive!
As a Senior Security Engineer for our tribe, you will be responsible for embedding and scaling robust security practices throughout the product development lifecycle at SumUp. You will work closely with engineering teams to ensure security is integrated into our architecture, development processes, and delivery pipelines, helping us build secure and compliant financial products at scale.
What You’ll Do
Embed security practices across the entire product development lifecycle, ensuring security is a core part of engineering processes and decisions
Define, document, and promote secure architectural standards and best practices based on industry frameworks (OWASP, NIST, CIS)
Support engineering teams in implementing and configuring security tooling (SAST, SCA, container scanning) within CI/CD pipelines, ensuring efficiency and low friction
Drive the adoption and optimization of SAST tools, including rule tuning, developer training, and results analysis
Contribute to the Software Supply Chain Security program by assessing risks in third-party dependencies and promoting secure development practices (e.g., SCA tools, commit signing, SLSA)
Conduct security analyses and threat modeling for new and existing products, identifying vulnerabilities and guiding teams on secure design decisions
Collaborate with teams to design and implement secure authentication and authorization solutions (IAM, OAuth 2.0, OIDC, SAML)
Ensure systems and processes comply with security standards such as PCI-DSS
Deliver security training and awareness initiatives, including workshops and guidance for engineers on secure coding practices
Support and secure cloud-native environments, particularly in AWS and Kubernetes, including infrastructure hardening, secrets management, and runtime protection
Continuously improve security practices by building automation, improving tooling coverage, and establishing scalable security engagement models with engineering teams.
You’ll be great for this role if you:
You have solid experience in application security and DevSecOps practices
You have hands-on experience implementing security tooling (such as SAST, SCA, or container scanning) and integrating it into CI/CD pipelines
You have strong knowledge of modern security standards and frameworks (e.g., OWASP Top 10, OWASP ASVS) and secure design principles
You have experience with threat modeling and identifying risks in complex systems
You are familiar with cloud-native environments and security practices in AWS and/or Kubernetes
You understand authentication and authorization concepts (e.g., IAM, OAuth 2.0, OIDC)
You are comfortable working cross-functionally, influencing engineering teams, and driving adoption of security best practices
You take ownership, are pragmatic in your approach to security, and balance risk with business needs
You have strong English communication skills and enjoy working in a global environment
Why you should join SumUp**🌍 Global Experience: Collaborate with a diverse team of 3,000+ people from over 90 countries, and join our global off-sites and hackathons.🤝 Collaborative Culture: Join a team that values diversity, innovation, and teamwork, where your ideas and contributions truly matter.📈 Career Growth: Be part of a global team working on large-scale fintech products used by millions of businesses.💙 Great Benefits: Health plans, meal vouchers (VR), Zenklub, Wellhub, life insurance, childcare allowance, and more.📚 Learning & Development: Access an annual budget of R$ 10,000 for education, certifications, and conferences.🌴 Time Off: Enjoy 30 additional days off through our Break4Me program after 3 years at SumUp.💸 Grow with Us: **Participate in our virtual stock program and benefit from SumUp’s success with company shares.
Learn More About SumUp**🇧🇷 [Office tour at São Paulo](https://www.youtube.com/watch?v=8LwAYCUtfXQ)💡 [Ask me anything: Engineering at SumUp](https://www.linkedin.com/posts/sumup\_sumup-summer-company-trip-activity-7246471902838317057--sBs?utm\_source=share&utm\_medium=member\_desktop)🚀 [SumUp’s Innovation Hackathon](https://www.linkedin.com/posts/sumup\_insidesumup-innovation-hackathon-activity-7245403147458752513-0PD7?utm\_source=share&utm\_medium=member\_desktop)🤝 [Get to know our hiring process**](https://www.sumup.com/careers/how-we-hire/)
Ready to Join us?Apply now and help us shape the future of financial solutions for small businesses
Job Application Tip
We recognise that candidates feel they need to meet 100% of the job criteria in order to apply for a job. Please note that this is only a guide. If you don’t tick every box, it’s ok too because it means you have room to learn and develop your career at SumUp.