About the Company:

At Playlist, life's richest moments happen when people step away from screens to move, connect, explore, and play. We're building the definitive platform for intentional living, connecting people with inspiring experiences in fitness, wellness, and beyond. With popular brands like Mindbody and ClassPass, Playlist empowers businesses and individuals, making it effortless for aspirations to become actions. Join us in reshaping technology's role to foster meaningful, real-world connections.

Employment Type (Brazil): This position is offered as a CLT (Consolidação das Leis do Trabalho) employee role. Candidates must be comfortable being hired under a CLT employment arrangement.

Who we are

We are a dedicated team of product security engineers committed to developing and supporting ground-breaking software products. Together we will work to safeguard the future, enabling wellness businesses worldwide to empower their customers to lead healthy lives. Driven by a higher purpose, we continuously challenge ourselves and our organization to excel, recognizing the strength that comes from collaborative efforts toward a common objective. We are strong advocates for a diverse workplace, fostering an environment where individuals can bring their authentic selves to contribute to our shared success. At the core of our achievements is a deep belief in the value of our people. If you share our passion and vision, we invite you to consider joining our team. Together, we can explore remarkable feats and make a lasting impact!

Your role

• As a Senior Security Engineer, you will be responsible for contributing to the success of the Product Security team in several key areas. You’ll work to reduce security friction across engineering by fostering partnership and collaboration to enhance our security posture. Security enablement will be a crucial aspect of your responsibilities, spanning devsecops integration, automation, vulnerability identification, and remediation, and hands-on tooling development. You will own the integration and operation of SAST, DAST, SCA, and CNAPP solutions within synchronous and asynchronous pipelines — identifying issues, submitting remediation PRs, and validating fixes through automated retesting. You will also build, maintain, and continuously improve agentic security tooling that scales the team’s capabilities across all phases of the SDLC.
• You’ll play a vital role to ensure software solutions are secure by default. You will facilitate continuous security testing, measurability, and reporting on the impact of security initiatives.
• You’ll pursue continuous improvement to help Playlist achieve its mission: Powering the world’s fitness and wellness businesses and connecting them with more consumers, more effectively, than anyone else.

You will

• Partner with software engineering and platform teams to identify and solve complex security problems.
• Operate, integrate, and continuously tune SAST, DAST, SCA, and CNAPP tooling within pipelines — supporting engineering, triaging findings, driving remediation, and measuring coverage and effectiveness over time.
• Design, build, and maintain agentic security tools — including LLM-assisted workflows for exploitable code identification, vulnerability triage, and remediation guidance — deployed across planning, development, testing, and production phases of the SDLC.
• Identify security gaps and demonstrate strategic recommendations for remediation.
• Address security issues identified throughout the secure software development lifecycle.
• Conduct security testing, beginning with the product planning phase continuing through production deployment.
• Define and integrate security requirements ensuring alignment with industry standards and best practices.
• Ability to work independently, and lead both cyber security and cross functional security initiatives.
• Stay abreast of emerging security threats, vulnerabilities and controls.

About the right team member

You are an intellectually curious senior engineer who is passionate about creating impactful security solutions and who communicates those solutions clearly to both technical and non-technical audiences. You bring deep expertise in devsecops, cloud security, and application security — and you write code to solve security problems, not just identify them. You are fluent in one or more modern languages (Python, .NET, or TypeScript preferred) and comfortable building automation, integrations, and agentic tooling. You have a software engineering background and are eager to apply it to grow the Product Security function while working closely with security champions, engineering teams, and company leadership.

You will thrive in this role with experience

• 4+ year experience across multiple security domains with an emphasis on product security and cloud-native security.
• Possess verifiable software engineering and penetration testing skills.
• 2+ year senior security experience leading and executing product security initiatives (i.e. devsecops, security consulting, and penetration testing).
• Proficiency with modern languages including Python, .NET, or TypeScript, with hands-on experience building security automation, integrations, and agentic tooling.
• Hands-on experience operating and integrating SAST, DAST, SCA, WAF, and CNAPP solutions (e.g., Semgrep, Checkmarx, Snyk, Wiz, or equivalents) within CI/CD pipelines.
• Hands-on experience with design, code review, and securing products and solutions for public cloud-based applications and infrastructure.
• Experience with offensive testing tools like Burp Suite and Kali Linux.
• Experience securing applications deployed using Docker, Kubernetes, and public cloud environments.
• Product Security experience working for a SaaS-based organization or within a consulting firm.
• Excellent leadership skills with a track record of driving security initiatives within software development teams.
• Excellent communication skills (both written and verbal).
• Self-motivated, self-directed, and self-organized.

Have we piqued your curiosity?

Sound like the role for you? We’d love to hear from you! Even if you’re not 100% sure about potential fit, we still encourage you to apply. We’re looking for the right person, not the perfect series of checkboxes.

The Company is an Equal Opportunity Employer. We highly value diversity at our company and encourage people of all different backgrounds, experiences, abilities and perspectives to apply. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, disability status, or other protected characteristics.

By entering your email and phone number and submitting your application, you consent to receive emails, calls and SMS about your application and other roles at The Company, including by auto-dialer. Message and data rates may apply. Opt-out or text STOP to cancel at any time. If you are a California resident or reside outside the United States then by submitting your application you confirm that you have read, understood, agree and - where applicable - grant your prior, free, informed and express consent for the processing of your personal information, including sensitive personal information, as described in our California Applicant Privacy Notice or International Applicant Privacy Notice (as applicable).

Note: This description outlines key responsibilities but isn’t intended to cover every task or duty. Additional responsibilities may be assigned as needed to support the team and business goals.