
Sumup · São Paulo
SumUp enables businesses to get paid easily, process orders quickly, sell online instantly and manage their money more efficiently. We create the tools business...
SumUp enables businesses to get paid easily, process orders quickly, sell online instantly and manage their money more
efficiently. We create the tools businesses need to make their business and their customer experience thrive!
As a Senior Security Engineer for our tribe, you will be responsible for embedding and scaling robust security practices
throughout the product development lifecycle at SumUp. You will work closely with engineering teams to ensure security is
integrated into our architecture, development processes, and delivery pipelines, helping us build secure and compliant financial
products at scale.
What You’ll Do
processes and decisions
pipelines, ensuring efficiency and low friction
development practices (e.g., SCA tools, commit signing, SLSA)
secure design decisions
management, and runtime protection
engagement models with engineering teams.
CI/CD pipelines
principles
Why you should join SumUp
🌍 Global Experience: Collaborate with a diverse team of 3,000+ people from over 90 countries, and join our global off-sites and
hackathons.
🤝 Collaborative Culture: Join a team that values diversity, innovation, and teamwork, where your ideas and contributions truly
matter.
📈 Career Growth: Be part of a global team working on large-scale fintech products used by millions of businesses.
💙 Great Benefits: Health plans, meal vouchers (VR), Zenklub, Wellhub, life insurance, childcare allowance, and more.
📚 Learning & Development: Access an annual budget of R$ 10,000 for education, certifications, and conferences.
🌴 Time Off: Enjoy 30 additional days off through our Break4Me program after 3 years at SumUp.
💸 Grow with Us: Participate in our virtual stock program and benefit from SumUp’s success with company shares.
Learn More About SumUp
🇧🇷 Office tour at São Paulo
💡 Ask me anything: Engineering at SumUp
🚀 SumUp’s Innovation Hackathon
🤝 Get to know our hiring process
Ready to Join us?
Apply now and help us shape the future of financial solutions for small businesses
Job Application Tip
We recognise that candidates feel they need to meet 100% of the job criteria in order to apply for a job. Please note that this is
only a guide. If you don’t tick every box, it’s ok too because it means you have room to learn and develop your career at SumUp.
Senior CRM Analyst About the team SumUp enables businesses to get paid easily, process orders quickly, sell online instantly and manage their money more efficiently. We create the tools businesses need to make their business and their customer experience thrive! The Brazil CRM team manages communication throughout the entire user lifecycle, shaping how millions of merchants experience SumUp, from onboarding to retention initiatives. This is a team that works at the intersection of technical execution, strategy, and creativity, and the work directly influences product growth and user engagement. We're looking for a Senior CRM Analyst to join and take real ownership of high-impact matters, developing transactional and commercial campaigns, to meaningfully contribute to the BR market's growth trajectory. What you'll do * Design and build multi-channel campaigns and lifecycle journeys across acquisition, activation, engagement, and pre-churn stages * Lead communication strategy and end-to-end campaign execution (segmentation, automation, copywriting, briefing creatives, platform operation) * Run medium to high-complexity analyses to report on projects performed and suggest new actions to impact key business KPIs * Collaborate closely with stakeholders from different teams, such as Product, Operations and Growth, in cross-functional projects You'll be great for this role if… * Strong experience working in CRM roles, with a track record of managing multi-channel campaigns end-to-end * Advanced proficiency in data analysis and reporting * Hands-on experience with CRM platforms such as Iterable, Salesforce Marketing Cloud, Braze, or similar tools * Comfort managing multiple stakeholders and projects simultaneously, with a proactive and self-driven approach to finding information and solving problems * Intermediate to advanced English communication skills, both written and verbal * Available to work in a hybrid setup from our São Paulo office Why you should join SumUp 🌎 Work on a product used by millions of small businesses across 37 markets, from our São Paulo office 🌈 Be part of an inclusive and collaborative environment where different perspectives are valued 🏖️ 30 days of paid annual leave 🩺 Health and dental insurance (SulAmerica and Careplus) 🍽️ Meal and food vouchers (Pluxee) 🚗 Transportation vouchers 👶 Extended parental leave 💪 Gympass / Wellhub access 🤝 Employee referral programme with additional rewards 🎓 Access to learning and development opportunities across SumUp globally About SumUp Be empowered to do more that matters. At SumUp, we're on a mission to empower small businesses across the globe by providing simple and affordable tools that allow them to thrive. Today, over 4 million businesses in 37 markets rely on SumUp as their financial partner to manage payments, finance and customer relationships. Our commitment to small businesses is reflected in our diverse teamOpens in new window of over 3,000 SumUppers from over 90 nationalities, united by global collaboration and an innovative mindset. Our core values lay the foundation for who we are and what we stand for, shaping our work culture and driving our success. We foster inclusivity and a continuous learning culture, providing a safe space for personal and professional growth. Our differences make us unique and strong as we strive to create an environment where everyone belongs and feels supported, no matter how they identify. SumUp is proud to be an Equal Employment Opportunity employer, actively seeking and embracing diversity in our workforce. We don't make hiring or employment decisions based on race, colour, religion or religious belief, ethnic or national origin, nationality, sex, gender, gender identity, sexual orientation, disability, age or any other basis protected by applicable laws or prohibited by company policy. Our commitment extends beyond recruitment to creating a safe and respectful workplace where harassment of any form is strictly prohibited. Discover more about our culture and opportunities on our careers website, and follow our journey on LinkedInOpens in new window, InstagramOpens in new window, and TikTokOpens in new window. Job Application Tip We recognise that candidates feel they need to meet 100% of the job criteria in order to apply for a job. Please note that this is only a guide. If you don’t tick every box, it’s ok too because it means you have room to learn and develop your career at SumUp. Job Application Tip We recognise that candidates feel they need to meet 100% of the job criteria in order to apply for a job. Please note that this is only a guide. If you don’t tick every box, it’s ok too because it means you have room to learn and develop your career at SumUp.
Applications deadline: We are conducting interviews actively and aim to fill this role as soon as we find someone suitable. THE OPPORTUNITY We're looking for a senior Security Engineer to own security at Apollo Research from end to end. You'll be the first dedicated security hire at Apollo. Security at Apollo exists to maintain the trust of our frontier AI lab partners and enable our research mission. This role sits within the engineering team and reports directly to the CEO. YOU HAVE THE OPPORTUNITY TO - Build and own Apollo's security programme. Own the security roadmap, conduct risk assessments, and evolve the programme as the org grows. You decide what Apollo's security posture needs to look like given our size, threat model, and partner relationships. - Maintain the trust of our frontier AI lab partners. Become the primary security point of contact for partner security teams. Build relationships with partner CISOs, produce and maintain technical documentation on Apollo's security practices, and demonstrate that our security posture meets the bar required for our ongoing partnerships. - Set security direction for engineering. Define security principles and AppSec strategy which the engineering team implements. Build paved roads that make the secure path easy for engineers. - Define how Apollo uses AI tools, agents, and integrations. Decide what's approved, what data can go where, and how new tools get vetted. This is a live and evolving challenge, and you'll need to balance security with the fact that researchers need to use cutting-edge tools to do their jobs. - Own the security tooling stack and automate security operations. Select, implement, and manage security controls including EDR/MDR, endpoint management, email protection, and identity management. Automate wherever possible: zero-touch deployments, IaC for security tooling, automated provisioning and deprovisioning. - Drive compliance and certification. Lead certification efforts (ISO 27001, SOC 2) as needed to meet partner requirements. Automate where needed and treat compliance as a byproduct of good security practice. - Own IT administration across the organisation. Manage Google Workspace, define access policies, and build secure onboarding and offboarding processes. WHAT WE'RE LOOKING FOR - Engineering mindset. You treat security operations and GRC as engineering problems. You reach for automation and systems solutions over manual processes. - Pragmatism. You understand that security exists to enable Apollo's mission and maintain partner trust, and you tailor your advice to our risk profile. - Leadership. You are capable of building out our security programme from scratch. - Hands-on. In addition to leading the security programme, you are willing and able to drive implementation yourself. - Speed. You make good-enough decisions quickly and execute fast once a decision is made. - Adaptability to new developments. You have a strong base of knowledge that enables you to make decisions under uncertainty as AI tooling and the threat landscape evolve. - Stakeholder credibility. Non-security people trust you internally, and you can credibly represent Apollo to lab partner security teams externally.
About us: Causaly is redefining how humans acquire knowledge and develop insights in biomedicine. Our AI-powered platform enables researchers and decision-makers to discover and interpret evidence from millions of scientific publications, clinical trials, regulatory documents, and other complex data sources in minutes. We are building the world’s most advanced biomedical knowledge platform, powered by a high-precision Knowledge Graph and GenAI capabilities. Our technology is already used by leading biopharmaceutical organizations to accelerate drug discovery, improve safety, and drive better decision-making. Backed by top-tier investors including ICONIQ, Index Ventures, Pentech, and Marathon, we are scaling rapidly and expanding our product suite and market presence. About the Role We are looking for a Senior or Staff Security Engineer to join our security team and own our vulnerability management program, collaborate with several Engineering and Product teams as a Security advisor and support SecOps. You will operate with a high degree of autonomy — defining strategy, building processes, and acting as a trusted security advisor to our engineering organisation. What You'll Do * Own the vulnerability management program end-to-end: strategy, tooling, prioritisation, and remediation tracking across dependencies, containers, and cloud environments. * Define and maintain a dependency security strategy, including policies for third-party library adoption and update cadence. * Integrate and maintain security tooling in CI/CD pipelines (SAST, SCA, secrets detection, container scanning). * Act as a security consultant to product and engineering squads — supporting design reviews, architecture decisions, and secure coding practices. * Define and maintain security standards and guidelines practical for development teams. * Manage and continuously improve the Security Champions program — growing security awareness and capability across engineering teams. * Support SecOps in incident triage and response, contributing security engineering context where needed. Requirements * Strong knowledge of cloud security — IAM, network security, secure configuration best practices. * Hands-on experience with security tooling in CI/CD pipelines (SAST, SCA, secrets scanning, container scanning). * Proven experience in a vulnerability management role, through the entire lifecycle. * Passionate and knowledgeable about using LLMs for building robust security practices, including triage, secure code review, threat analysis and tooling * In-depth knowledge of secure coding practices in Node.js, TypeScript, Python, and/or React. * Familiarity with security frameworks and standards (e.g. OWASP, NIST, CIS Benchmarks). * Strong communication skills, with the ability to translate risk for both technical and non-technical audiences. Nice to Have * Experience with Semgrep for static analysis and custom rule authoring. * Experience with Wiz for cloud security posture management. * Experience running or contributing to a Security Champions program. * Experience with threat modelling (e.g. STRIDE). * Familiarity with SOC 2 and ISO 27001. * Relevant certifications are considered a plus (e.g. CISSP, IaaS specific certifications, etc..). Benefits UK: 💰 Competitive compensation package 🩺 Private medical insurance 🦷 Private dental insurance 📔 Life insurance (4 x salary) 🤓 Personal development budget 🧘 Individual wellbeing budget 🌴 25 days holiday plus bank holidays 🥳 Your birthday off! 🚀 Potential to have real impact and accelerated career growth as a member of an international team that's building a transformative AI product. We are on a mission to accelerate scientific breakthroughs for ALL humankind, and we are proud to be an equal opportunity employer. We welcome applications from all backgrounds and fairly consider qualified candidates without regard to race, ethnic or national origin, gender, gender identity or expression, sexual orientation, disability, neurodiversity, genetics, age, religion or belief, marital/civil partnership status, domestic / family status, veteran status or any other difference.