Grupo QuintoAndar | Senior Security Engineer (Vulnerability Management)

About Grupo QuintoAndar We are Grupo QuintoAndar, the largest real estate ecosystem in Latin America. Guided by a shared purpose of helping people love where they live, we have a diversified portfolio of brands and solutions across different countries in Latin America, covering all phases of the housing journey. We also have a Technology Hub in Portugal.

We develop technology and innovation to transform and enhance the overall living experience. 1 billion and continues to grow year over year. Here, you will work with top professionals in the market, in an environment that breathes innovation, collaboration, and high performance. com/pt/ .

Location & Remote Work Our technology team operates under a "remote-first" model, which means we work from home and can live anywhere in Brazil. We also offer the option of working from our São Paulo offices or partner coworking spaces, up to twice a week.

Hiring Process Stages The stages of our hiring processes aim to assess your experiences and allow you to meet our teams and explore career opportunities. They are structured as follows.

Tech screening Tech interview 1 Tech interview 2 People Interview Hiring Comittee Offer About the Team We are looking for a Senior Security Engineer to technically lead our Vulnerability Management strategy and the adoption of the CTEM (Continuous Threat Exposure Management) framework.

This position operates at a strategic and systemic level, influencing multiple teams and technical domains, ensuring that risk identification and remediation are integrated into security engineering and operations workflows.

Responsibilities Implementation of the CTEM Program: Lead the continuous threat exposure cycle, focusing on full visibility of the attack surface and prioritization based on real risk. This includes managing Bug Bounty programs, Vulnerability Management, and AppSec findings.

Synergy with AppSec / Cyber Security / Business Units: Work in close collaboration with Application Security (AppSec) professionals to ensure that infrastructure, cloud, and code vulnerabilities are handled holistically within the Secure Development Lifecycle (SDLC) .

Articulation and Teamwork: This is a shared responsibility, requiring high-level teamwork skills and fine-tuning with multiple stakeholders (Product Managers, Tech Leads, and DevOps) to balance security with agility. Assessment and Planning: Critically evaluate findings, present risks clearly to non-technical areas, and plan remediation schedules with Engineering teams.

Act as a technical reference for complex decisions, such as critical vulnerabilities and zero-days , risk exceptions, formal acceptance, and trade-offs between speed, cost, and security. Remediation Orchestration: Define mitigation strategies that do not just fix the immediate problem, but instead elevate the systemic resilience of the platform.

Behavioral and Technical Profile: Extreme Collaboration: Ability to share responsibilities and build joint solutions with AppSec, Engineering, and Business teams, avoiding silos and ensuring a 360º view of risk. Strategic Communication: Ability to navigate between deep technical discussions with engineers and executive presentations for strategic, tactical, and operational stakeholders.

Important Our hiring process starts with the application! If you truly want to be part of our team, please complete this step of the process. We analyze all candidates individually and provide feedback to all applicants. br to ensure our emails are not sent to spam.

Benefits Competitive salary Profit sharing Meal allowance Health insurance Dental plan Life insurance Childcare subsidy and Atypical Parenthood subsidy Wellhub Home office allowance Employee assistance program (mental health, social, legal, and financial support) Extended parental leave Day off on birthday, Mother’s Day, and Father’s Day Benefits Club (discounts on everyday services) Discounts at educational institutions Reading kit for children – PlayKids Diversity & Inclusion at Grupo QuintoAndar We value diversity and want everyone to feel welcome here, regardless of their age, gender identity, sexual orientation, race, color, ethnicity, origin, disability, religion, or any other characteristic.

All our job openings are open to all individuals! You'll notice there are some diversity questions in the application form. For affirmative action roles, this information may be used to verify your alignment with the target audience for the opportunity. In such cases, it may be used for elimination purposes.

For non-affirmative action roles, this data will be used anonymously, exclusively to monitor and improve our inclusion practices in the hiring process, and will have no impact on your application.

Privacy and Data Protection The Grupo QuintoAndar operates in compliance with privacy and data protection laws, including, but not limited to, the Brazilian General Personal Data Protection Law (LGPD) (Law No. 13,709/2018), and ensures the security of your data. To learn more, please access our Privacy Notice for Candidates .

For questions or to exercise your rights as a data subject, please contact us through our Service Channel .