Grupo QuintoAndar | Senior Security Engineer (Vulnerability Management)

About Grupo QuintoAndar

We are Grupo QuintoAndar, the largest real estate ecosystem in Latin America. Guided by a shared purpose of helping people love where they live, we have a diversified portfolio of brands and solutions across different countries in Latin America, covering all phases of the housing journey. We also have a Technology Hub in Portugal. We develop technology and innovation to transform and enhance the overall living experience.

With the support of a world-class team of investors and advisors, including Kaszek, Qualcomm, General Atlantic, and SoftBank, Grupo QuintoAndar is currently valued at over USD 5.1 billion and continues to grow year over year.

Here, you will work with top professionals in the market, in an environment that breathes innovation, collaboration, and high performance. To learn more about our story, visit: https://grupoquintoandar.com/pt/.

Location & Remote Work

Our technology team operates under a "remote-first" model, which means we work from home and can live anywhere in Brazil. We also offer the option of working from our São Paulo offices or partner coworking spaces, up to twice a week.

Hiring Process Stages

The stages of our hiring processes aim to assess your experiences and allow you to meet our teams and explore career opportunities. They are structured as follows:

• People Interview
• Tech screening 
• Case 
• Tech interview - Case presentation

About the Team

We are seeking a Senior Security Engineer to technically lead our Vulnerability Management strategy, ensuring that the identification, prioritization, mitigation, and orchestration of vulnerabilities are deeply integrated into engineering, operations, and incident response workflows. This role operates at a strategic and systemic level, influencing multiple teams and technical domains, with a direct impact on reducing business risk.

Requirements

• Define and evolve the company’s Vulnerability Management strategy, aligned with risk appetite, business growth, and technical maturity.
• Establish a prioritization model based on real risk, going beyond CVSS by incorporating business and exposure criteria.
• Serve as a technical reference for complex decisions, including critical and zero-day vulnerabilities, risk exceptions and formal acceptance, and trade-offs between speed, cost, and security.
• Develop and maintain executive metrics and dashboards, reporting program indicators on a biweekly basis.
• Critically assess vulnerabilities beyond automated tool outputs, focusing on real impact and risk context.
• Integrate the Vulnerability Management program with Incident Response and Threat Intelligence, ensuring continuous risk visibility and coordinated response.
• Manage the Security Bug Bounty program, acting as the focal point with researchers, validating findings, prioritizing fixes, and ensuring governance of the process.

Problems we need to solve with this role:

• Achieve measurable reduction in exposure to high/critical vulnerabilities.
• Define and report measurable indicators on vulnerability and risk management, translating technical risks into business language.
• Ensure engineering teams (or vulnerability owners) have clarity on priorities and responsibilities, eliminating ambiguities about who fixes, when to fix, and with what level of urgency.
• Integrate Vulnerability Management into the core of security operations, connecting vulnerabilities, incidents, threat intelligence, response, and cyber risks.
• Establish an integrated Vulnerability Management program (covering containers, endpoints, infrastructure, and applications) that is predictable, scalable, and risk-driven.
• Evolve a Vulnerability Management program that is predictable, scalable, and risk-driven, reducing reliance on manual efforts and reactive decision-making.
• Conduct structural process reviews and strengthen organizational awareness of vulnerability management, raising the company’s technical and operational maturity level.

Important

• Our hiring process starts with the application! If you truly want to be part of our team, please complete this step of the process. We analyze all candidates individually and provide feedback to all applicants.

• All communication will be conducted via email, so please stay tuned for our messages and release the domain @quintoandar.com.br to ensure our emails are not sent to spam.

Benefits

• Competitive salary
• Profit sharing
• Meal allowance 
• Health insurance
• Dental plan
• Life insurance
• Childcare subsidy and Atypical Parenthood subsidy
• Wellhub
• Home office allowance
• Employee assistance program (mental health, social, legal, and financial support)
• Extended parental leave
• Day off on birthday, Mother’s Day, and Father’s Day
• Benefits Club (discounts on everyday services)
• Discounts at educational institutions
• Reading kit for children – PlayKids
  
  

Diversity & Inclusion at Grupo QuintoAndar

We value diversity and want everyone to feel welcome here, regardless of their age, gender identity, sexual orientation, race, color, ethnicity, origin, disability, religion, or any other characteristic. All our job openings are open to all individuals!

You'll notice there are some diversity questions in the application form. For affirmative action roles, this information may be used to verify your alignment with the target audience for the opportunity. In such cases, it may be used for elimination purposes. For non-affirmative action roles, this data will be used anonymously, exclusively to monitor and improve our inclusion practices in the hiring process, and will have no impact on your application.

Privacy and Data Protection

The Grupo QuintoAndar operates in compliance with privacy and data protection laws, including, but not limited to, the Brazilian General Personal Data Protection Law (LGPD) (Law No. 13,709/2018), and ensures the security of your data. To learn more, please access our Privacy Notice for Candidates. For questions or to exercise your rights as a data subject, please contact us through our Service Channel.