
Staff DevSecOps at VTEX. Location Information: Brazil. . About the role. . We’re looking for a . Staff Security Engineer. . - . DevSecOps. to help us scale platform security — without slowing anyone down. You’ll focus on making . AppSec and CloudSec part of how we build. - not something bolted on later. This is a . hands-on, high-impact role. where you’ll design and embed secure-by-default practices across the . SDLC and our cloud-native infrastructure. , while working closely with . Detection Engineering, Red Team, and platform teams. .You’ll be a . technical reference for secure architecture. , lead and support vulnerability . remediation. , and drive initiatives that reduce our attack surface without blocking innovation. This is not a compliance role — it’s a . core engineering function embedded in our platform strategy. .. . Key Responsibilities. . . Design and maintain secure-by-default pipelines, IaC modules, and developer guardrails. . Lead architectural reviews and threat modeling for platform-critical services. . Identify and drive remediation of vulnerabilities across code, CI/CD, and cloud. . Own security posture for core cloud infrastructure (CSPM, least privilege, K8s runtime protection). . Collaborate with Detection Engineering on threat-informed defense (e.g. logging, alerting, detections). . Act as AppSec and CloudSec technical lead on cross-functional engineering projects. . Contribute to tooling strategy for SAST, secrets management, IaC scanning, and CSPM. . Partner with engineering and DevOps to evolve secure paved roads and templates. . Guide internal security champions and mentor other engineers across the org. . Support post-incident forensics and validate fixes through regression testing. . . About the team. . The VTEX InfoSec team is a dynamic and collaborative group dedicated to ensuring the highest standards of digital security across the platform. The team works closely with various internal departments to proactively identify and address potential security risks, ensuring that both the company's infrastructure and customer data are well protected. The InfoSec team is known for its problem-solving skills, attention to detail, and ability to work cross-functionally, making security a top priority for VTEX and its clients.. . Who you are. . . . Must-Have. . . Solid background as a . software engineer, platform engineer, or SRE. . Experience building or securing production systems in . cloud-native environments (AWS, Kubernetes, Terraform). . Familiarity with . threat modeling, secure architecture, and modern attack surfaces. . Practical experience with security tooling: . SAST, secrets scanning, IaC scanning. . Able to reason about risk, prioritize what matters, and help teams fix the right things, fast. . Comfortable navigating codebases, CI/CD pipelines, and infrastructure stacks. . Strong written and async communication — docs, reviews, design feedback. . . Nice to Have. . . Experience collaborating with Detection/Blue Team or Red Team. . Worked on developer platforms, paved roads, or internal tooling. . Understanding of the software supply chain and related security controls. . Experience improving SDLC security through automation and integration. . . Bonus Points. . . Contributions to security or platform open-source tooling. . Participated in purple teaming, incident retrospectives, or forensics. . Familiarity with CSPM, runtime cloud security, or cloud IAM hardening. . You’ve been the security person on an engineering team — or the engineer on a security team. . . . . #LI-Remote. . . ABOUT VTEX . . . VTEX (NYSE: VTEX) is the composable and complete commerce platform that delivers more efficiency and less maintenance to organizations seeking to make smarter IT investments and modernize their tech stack. Through our pragmatic composability approach, we empower brands, distributors, and retailers with unparalleled flexibility and comprehensive solutions, enabling them to invest solely in what provides a clear business advantage and boosts profitability. VTEX is trusted by 2,600 global B2C and B2B clients, including Carrefour, Colgate, Motorola, Sony, Stanley Black & Decker, and Whirlpool, having 3,500 active online stores across 43 countries (as of FY ended on December 31, 2023). For more information, visit . www.vtex.com. .. . BENEFITS . . . Annual profit-sharing program and equity eligibility. . Health, dental, and life insurance with national coverage provided by VTEX. . Annual budget for professional development in Tech. . Language development incentive program (English, Spanish, Portuguese). . Flexible meal allowance. . Extended parental leaves. . Child-care assistance. . Flexible work schedule and remote-first culture. . Financial assistance to build your work-from-home setup. . Wellness program. . Free shipping on 1000+ VTEX stores. . .