Security Architect

São Paulo
In the street, at work, by Taxi or Pop, as a driver or passenger, we are the starting point for thousands of people every day and we also want to be part of their professional path. 99's mission is to revolutionize urban mobility and transform the life of people. We are a Brazilian startup founded in 2012 and five years later became the first Brazilian unicorn (startups that are valued at one billion dollars). Now, 99 is part of Didi Chuxing, the world's largest application-driven transport platform.

Diversity goes beyond ethnic, physical, sexual, sensory and gender differences! Our goal is to cultivate an inclusive environment by focusing on high performance and valuing diversity in our work environment. We respect and value the differences!
Come and be part of a diverse environment where your ideas and opinions will always be heard. Inclusion and diversity are in our recruitment principles! 

This position is open to application for people with disabilities (PCD)

About the job: Assists in the development and maintenance of an Information Security Strategy Roadmap for all Security Technology domains and provide input on the strategic direction of the architecture team.

Designs, develops, engineers, and implements solutions to IT Security requirements.

Acts as a technical consultant for the enterprise, ensuring security design for systems align with business needs, architecture and technical standards.

Determines security requirements by evaluating business strategies and requirements; researching information security standards; conducting system security and vulnerability analyses and risk assessments; studying architecture/platform; identifying integration issues; preparing cost estimates.

Ensures that information security controls meet the requirements of all regulatory and/or contractual requirements.

Serves as an active member of incident response teams and participates in security incident response efforts by having an in-depth knowledge of common security exploits, vulnerabilities and countermeasures.

Upgrades security systems by monitoring security environment; identifies security gaps; evaluates and implements enhancements. Prepares system security reports by collecting, analyzing, and summarizing data and trends.
Updates job knowledge by tracking and understanding emerging security practices and standards; participates in educational - awareness program; participates in professional organizations.

Enhances department and organization reputation by accepting ownership for accomplishing new and different requests; explores opportunities to add value to job accomplishments.

Communicates complicated technical concepts effectively to a broad group of stakeholders. Establishes relationships with IT leaders, architects, and technical specialists for the purpose of advancing proposed architectural solutions.


    • Experience in Information Security;
    • Strong experience with security strategy, risk mapping and analytcs with a passion to make security realistic, achievable and business enablement vision;
    • Strong experience with cloud provider ecosystems, including Amazon AWS and Microsoft Azure;
    • Experience in Application Security, with deep experience of OWASP ASVS, Secure SDLC processes and Microservices;
    • Experience with a broad range of security technologies, including NextGen Firewalls, Network security concepts, Identity Management, Certificate Management, SIEM, Endpoint Protection, Anti-malware and vulnerability management;
    • Experience designing and implementing encryption solutions such as PKI and encryption at rest technologies.
    • Strong oral, written, and presentation abilities - able to convey risk to all levels of the business;
    • Experience in migrating enterprise companies from traditional data center infrastructure, application and data designs to hybrid or fully-cloud enabled practices.
    • Experience with business acumen with the ability to build business cases for technology initiatives and to effectively communicate the value proposition to non-technical stakeholders.
    • Some proven ability in security process and organizational design including agile methods; Current understanding of Industry trends and emerging threats.
    • Able to communicate in english.