Senior Security Engineer
About The Position
Nelo is a leading consumer fintech and e-commerce platform in Mexico, with >$500MM in annualized GMV and >$70MM in annualized revenue. Our mission is to increase the buying power of consumers in Latin America by building a modern alternative to credit cards. We’ve raised over $40M in venture capital from Homebrew, Two Sigma Ventures, and Susa Ventures, and secured a $100M asset credit facility from Victory Park Capital. Our lean team includes leaders from Uber, Amazon, Rappi, and DiDi, with offices in Mexico City and New York City. Security has been built into how we build software from day one, but as we scale we are creating a dedicated security engineering role with broad ownership across application security, infrastructure, and internal controls. This role is built for someone who wants real ownership: You will prioritize where to invest time and resources You will implement controls yourself, not delegate them You will be trusted to balance risk, velocity, and pragmatism You will work closely with leaders including the CEO and CTO This role is in-person in our NYC office (Tribeca).
Requirements
- 5+ years of engineering experience, with a meaningful focus on security
- Strong hands-on experience with cloud security fundamentals
- Comfortable working with Terraform or similar infrastructure-as-code tooling
Nice To Haves
- You’ve taken a company through SOC2, ISO 27001, or similar certification
- You’ve run bug bounty programs or managed pentests directly
- You have strong experience with AWS (eg. GuardDuty, CloudTrail, IAM, security groups)
- You use Claude Code or other agentic coding tools
Responsibilities
- Build Secure-by-Default Systems
- Design and implement security guardrails across cloud infrastructure and developer workflows
- Improve IAM, secrets management, endpoint management and access controls across production systems
- Harden AWS infrastructure using Terraform and policy-as-code
- Increase observability for security-relevant events and anomalies
- Own Security as an Engineering Problem
- Write code, configs, and tooling to enforce security controls
- Reduce reliance on manual reviews through automation
- Make the secure path the easiest path
- Lead External Security Programs
- Own and run penetration tests and bug bounty program
- Triage findings and partner with engineers to fix issues
- Turn findings into systemic improvements
- Manage Certifications and Compliance
- Take Nelo through SOC2 (Type 1 and Type 2)
- Implement automated evidence collection
- Raise the Bar Across the Team
- Set standards by example through high-quality implementations
- Review designs and PRs with a security-first mindset
Benefits
- Competitive compensation and meaningful equity
- 100% medical, dental, and vision coverage (50% for dependents)
- Unlimited PTO and generous parental leave
- 401(k)
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Education Level
No Education Listed
