Back to all jobs

Software Security Analyst

São Paulo · Legal & Compliance

At SumUp, we are driven to empower small businesses across the globe by de-hassling their lives and helping them to succeed. Our vision as a global FinTech company is to build the first-ever global card acceptance brand, and we are well on our way as small businesses in over 31 countries around the world rely on SumUp to get paid. To get there, we are putting together an awesome team that is committed to one another and to our merchants. You could be our missing link! Help us bring card acceptance to the masses!

We are looking for a detail-oriented, self-motivated, and highly communicative Software Security Analyst. You will play a key role in advancing software and system security at SumUp by collaborating with our engineering and product teams and strengthening the security mindset and culture. In this role you will work in an international team ensuring that SumUp’s services are secure from external abuse and our users’ data is appropriately protected. You will integrate and maintain processes and tools to identify security vulnerabilities and will provide security guidance to our E&P teams.

We work on a number of different domains that span technologies, systems, and processes. A few of the technologies we are leveraging on SumUp platform include Ruby, Java, Node, Erlang, Go, Kafka, Kubernetes, and Docker.

In this position you will:

  • Educate, train and collaborate with our Engineering & Product teams

  • Conduct security reviews of software and architecture, be the point of contact for software security-related concerns, assist engineers with solutions and provide understanding

  • Integrate and maintain automated security testing tools in the SDLC (e.g. threat modelling, SAST, DAST, fuzzing, etc.)

  • Ensure and manage continuous security assessments like penetration testing, vulnerability scanning, bug bounty

  • Establish and maintain a vulnerability management program that covers all pieces of software, including third-party dependencies, frameworks, etc.

Your profile

  • You have solid experience working as a software security engineer/analyst

  • Deep and broad understanding of security vulnerabilities, attacks, and techniques to identify and mitigate them

  • Detailed understanding of authentication protocols, encryption, operating systems, containers, and network protocols

  • Having strong penetration testing skills will be considered a plus

  • Experience with modern development practices (CI/CD), microservices architecture and Restful APIs

  • Experienced in software development (any language)

  • You are self-motivated, proactive and a good communicator

  • You are fluent in English - you'll be part of a truly global company!

Why SumUp?

  • The opportunity to join one of the fastest-growing companies and have an impact, irrespective of your job description.

  • Be a part of the mission to empower small merchants all over the world.

  • A dedicated annual budget for attending conferences and advancing your career through further education.

  • A startup work environment, passionate, collaborative and results oriented

  • Our office has a strong sense of community: we get together regularly for breakfasts, brunches, soccer, yoga lessons, cocktail nights and office parties.

  • Our team comes from 50 different countries building a fun, international environment.

SumUp is an Equal Employment Opportunity employer that proudly pursues and hires a diverse workforce. SumUp does not make hiring or employment decisions on the basis of race, color, religion or religious belief, ethnic or national origin, nationality, sex, gender, gender identity, sexual orientation, disability, age or any other basis protected by applicable laws or prohibited by Company policy. SumUp also strives for a healthy and safe workplace and strictly prohibits harassment of any kind.