Cybersecurity Lead

Our Way of Being and Doing

The Appmax team is comprised of hands-on individuals who prioritize grit and collaboration. We strive daily to empower digital entrepreneurs to achieve more efficient and easier sales. Inspired by our clients, we are dedicated to serving them and providing tools that boost and maximize their results. If you are ready to join this journey, apply and become part of our team!

The Challenge

At Appmax, security is a core value, not just a department. Our advanced technological maturity has led to the creation of a dedicated Cybersecurity vertical. Previously, our security infrastructure was expertly managed by the SRE team. Your key challenge will be to lead the strategic evolution of this security framework, reporting to technical management while maintaining close alignment with our existing infrastructure.

You will serve as the architect for our next strategic phase, ensuring that financial sector innovation is underpinned by state-of-the-art security. This role demands total synergy with compliance standards (Bacen, PCI) and robust operational resilience.

What You Will Do (Responsibilities)

• Technical Leadership & Strategy: Consolidate Appmax's security vision, defining short, medium, and long-term roadmaps, implementing cutting-edge tools, and establishing governance standards.
• High-Performance DevSecOps: Enhance the integration of security controls throughout the development lifecycle and within CI/CD pipelines.
• Security Engineering: Architect advanced automations, conduct critical code reviews, and administer highly complex AWS environments.
• Vulnerability Management & OffSec: Coordinate Red Teaming/Pentest cycles and manage strategic remediation efforts with engineering teams.
• Governance & Compliance: Ensure our Cloud Native architectures maintain compliance with Bacen (Res. 4893/4945), PCI-DSS, and LGPD standards.
• Incident Response & Forensics: Lead the incident response committee, conducting in-depth analyses and disseminating technical learnings.
• Advocacy & Mentorship: Strengthen our "Security First" culture, serving as a technical expert for developers and SREs.

What We Are Looking For (Requirements)

• Experience in Regulated Environments: Solid professional experience within the financial sector (Fintechs/Banks), specifically dealing with Bacen and RSFN regulations.
• Cloud Proficiency (AWS): Expert command of multi-account AWS environments, including IAM, EKS (Kubernetes), and Infrastructure as Code (Terraform).
• Technical Skill in AppSec: Deep knowledge of OWASP Top 10, experience with code review (Go, PHP, or Python), and expertise in security protocols (OAuth2, JWT, TLS).
• Defensive Vision: Practical experience with WAF, EDR/MDR solutions, and centralized log management (SIEM/Observability).
• Hybrid Leadership & Assertive Communication: Ability to effectively navigate strategic discussions with stakeholders and hands-on command-line operations.

Appmax Benefits

• All necessary equipment and resources for in-person, hybrid, or remote work models.
• Cost-of-living allowance for expenses for hybrid or remote employees.
• Flexfood benefit, offering choice between meal or grocery vouchers.
• Comprehensive Health and Dental Plan.
• Wellhub access.
• Avus benefits.
• Starbem services.
• Pharmacy agreement.
• Transportation voucher.
• Life insurance.
• Guapeco Pet Plan.
• Upmaxter program for educational support.
• An environment that fosters development and high performance through monthly performance checkpoints, 1:1 practices, continuous feedback, PDI monitoring, and more.