dLocal

Senior Security Engineer – Cloud & Platform Security, Devsecops

dLocal

full-time

Posted on:

Location Type: Remote

Location: Spain

Visit company website

Explore more

AI Apply
Apply

Job Level

Senior

Tech Stack

AnsibleAWSCloudGoKubernetesPythonTerraform

About the role

  • Engineer Secure-by-Default Foundations: Design, build, and maintain hardened, multi-account AWS architectures, "golden" AMIs, and secure-by-default container/Kubernetes (EKS) base images.
  • Automate Security via IaC: Be the expert in "Policy-as-Code." Publish and maintain Infrastructure controls, golden Terraform modules, Helm charts, and admission policies. You will measure adoption, drift detection, and exception aging while preventing misconfigurations before they're deployed.
  • Own the Platform & Edge Defense: Configure and manage runtime security for Kubernetes (e.g., admission controllers, least-privilege policies) and own the safe-change processes for our layered edge defenses (WAF/CDN/anti-Bot), including pre-prod testing, blast-radius limits, rollback patterns, and change metrics.
  • Generate High-Fidelity Signals: Integrate posture signals (CSPM, KSPM, CI/CD, WAF) into centralized dashboards and our SIEM/SOAR with clear routing and ownership, partnering with D&R to ensure signals are high-fidelity and actionable.
  • Enable & Mentor: Lead threat modeling exercises and partner with Platform, SRE, and Product teams to translate risks into actionable backlogs. You'll be mentoring others on prevention-first design.
  • Support Incident Response: Define platform incident playbooks for misconfiguration and drift containment. You will act as the senior subject-matter expert for cloud/platform incidents, providing deep technical expertise to the IR team.

Requirements

  • A "Builder" Mindset: 4-8+ years of hands-on experience in Cloud Security, Platform Security, or DevSecOps. You have a passion for building preventative solutions from the ground up.
  • Deep Cloud-Native Expertise: Advanced AWS security architecture (multi-account, IAM boundaries, org SCPs) and expert-level, hands-on knowledge of building and securing production environments.
  • Mastery of Modern Stacks: Deep, practical experience with production EKS baseline hardening (admission control, least privilege, runtime controls). You are fluent in IaC (Terraform, Pulumi, or Ansible) and have strong scripting/automation skills (Python, Go, etc.).
  • Application & Edge Security: Hands-on experience configuring and tuning modern WAFs, CDNs, and edge security platforms (e.g., Cloudflare, Akamai, AWS WAF).
  • A Pragmatic Risk-Based Approach: You can translate risks from threat models and compliance frameworks (CIS, NIST, OWASP, PCI) into actionable, prioritized engineering work—not just checkbox-ticking.
  • A Force-Multiplier: You have a leadership attitude to influence and mentor engineers, document complex systems clearly, and influence other teams to adopt security-first practices.
Benefits
  • Flexibility: we have flexible schedules and we are driven by performance.
  • Fintech industry: work in a dynamic and ever-evolving environment, with plenty to build and boost your creativity.
  • Referral bonus program: our internal talents are the best recruiters - refer someone ideal for a role and get rewarded.
  • Learning & development: get access to a Premium Coursera subscription.
  • Language classes: we provide free English, Spanish, or Portuguese classes.
  • Social budget: you'll get a monthly budget to chill out with your team (in person or remotely) and deepen your connections!
  • dLocal Houses: want to rent a house to spend one week anywhere in the world coworking with your team? We’ve got your back!
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
AWSKubernetesTerraformHelmPythonGoIaCWAFCDNCloud Security
Soft Skills
leadershipmentoringcommunicationrisk assessmentproblem-solvingcollaborationinfluencedocumentationpreventative mindsetadaptability
Certifications
CISNISTOWASPPCI