Senior Security Engineer - Cloud & Platform Security (Devsecops)
Argentina, Brazil, RomaniaPosted 26 days ago
Description
Why should you join dLocal?dLocal enables the biggest companies in the world to collect payments in 40 countries in emerging markets. Global brands rely on us to increase conversion rates and simplify payment expansion effortlessly. As both a payments processor and a merchant of record where we operate, we make it possible for our merchants to make inroads into the world’s fastest-growing, emerging markets.
By joining us you will be a part of an amazing global team that makes it all happen. Being a part of dLocal means working with 1000+ teammates from 30+ different nationalities and developing an international career that impacts millions of people’s daily lives. We are builders, we never run from a challenge, we are customer-centric, and if this sounds like you, we know you will thrive in our team.
We're not building a traditional security team. We are a lean, forward-thinking
organization that rapidly adopts the latest disruptive innovations to stay ahead of the
curve. We believe the future of defense is smart, efficient, and scaled, and we're
leveraging AI agents and modern platforms to build it (e.g., AI-assisted policy checks,
drift correlation, and AI-driven correlation of posture, CI/CD).
We are looking for a hands-on builder and executor who lives and breathes "secure-by-
default" infrastructure. This isn't just a compliance or audit role; it's a "full-stack"
security engineering position focused on prevention. You'll be an architect, an engineer,
and a key enabler, codifying security into every part of our cloud and CI/CD lifecycle.
In our environment, a small, senior team means massive impact. You won't just write
policies—you'll codify them as automated guardrails, design the hardened platforms our services run on, and build the "paved road" that makes security the easiest and fastest
path for all our engineers. You’ll partner closely with dLocal’s Cloud Platform/SRE teams
to deliver shared guardrails and ‘paved road’ services, not day-to-day platform
operations. This role is focused on prevention and platform engineering.
What You’ll Do:
Engineer Secure-by-Default Foundations: Design, build, and maintain hardened,
multi-account AWS architectures, "golden" AMIs, and secure-by-default
container/Kubernetes (EKS) base images. Automate Security via IaC: Be the expert in "Policy-as-Code." Publish and maintain
Infrastructure controls, golden Terraform modules, Helm charts, and admission
policies. You will measure adoption, drift detection, and exception aging while
preventing misconfigurations before they're deployed. Own the Platform & Edge Defense: Configure and manage runtime security for
Kubernetes (e.g., admission controllers, least-privilege policies) and own the safe-
change processes for our layered edge defenses (WAF/CDN/anti-Bot), including pre-
prod testing, blast-radius limits, rollback patterns, and change metrics. Generate High-Fidelity Signals: Integrate posture signals (CSPM, KSPM, CI/CD,
WAF) into centralized dashboards and our SIEM/SOAR with clear routing and
ownership, partnering with D&R to ensure signals are high-fidelity and actionable. Enable & Mentor: Lead threat modeling exercises and partner with Platform, SRE,
and Product teams to translate risks into actionable backlogs. You'll be mentoring
others on prevention-first design. Support Incident Response: Define platform incident playbooks for
misconfiguration and drift containment. You will act as the senior subject-matter
expert for cloud/platform incidents, providing deep technical expertise to the IR
team.
What You Bring:
A "Builder" Mindset: 4-8+ years of hands-on experience in Cloud Security, Platform
Security, or DevSecOps. You have a passion for building preventative solutions from
the ground up. Deep Cloud-Native Expertise: Advanced AWS security architecture (multi-account,
IAM boundaries, org SCPs) and expert-level, hands-on knowledge of building and
securing production environments. Mastery of Modern Stacks: Deep, practical experience with production EKS
baseline hardening (admission control, least privilege, runtime controls). You arefluent in IaC (Terraform, Pulumi, or Ansible) and have strong scripting/automation
skills (Python, Go, etc.). Application & Edge Security: Hands-on experience configuring and tuning modern
WAFs, CDNs, and edge security platforms (e.g., Cloudflare, Akamai, AWS WAF). A Pragmatic Risk-Based Approach: You can translate risks from threat models and
compliance frameworks (CIS, NIST, OWASP, PCI) into actionable, prioritized
engineering work—not just checkbox-ticking. A Force-Multiplier: You have a leadership attitude to influence and mentor
engineers, document complex systems clearly, and influence other teams to adopt
security-first practices.
Nice to Have:
Experience with modern posture management tools (CSPM/KSPM/DSPM). Experience with common, large-scale edge security stacks (e.g., Cloudflare, Akamai,
AWS WAF). Multi-cloud experience (GCP, Azure) in addition to AWS. Certifications like CKA/CKS, AWS Security Specialty, or OSCP are valued but not
required.
How You’ll Work
You will work through Cloud Platform/SRE teams to roll out guardrails as shared
services and "paved roads."
You'll coordinate with the Application Security team for threat modeling and with
the Detection & Response (D&R) team for signal fidelity and automated containment
handoffs
Why You'll Love It Here: This is a high-impact, high-ownership role. You'll join a small, senior team where
everyone contributes end-to-end. We're building a modern, intelligent, and automated
defense program from the ground up. If you're tired of legacy tools and "bolt-on"
security, and you want to build the future of proactive, automated cyber defense from the
code up, let's talk.
What do we offer?
Besides the tailored benefits we have for each country, dLocal will help you thrive and go that extra mile by offering you:- Flexibility: we have flexible schedules and we are driven by performance.- Fintech industry: work in a dynamic and ever-evolving environment, with plenty to build and boost your creativity.- Referral bonus program: our internal talents are the best recruiters - refer someone ideal for a role and get rewarded.- Learning & development: get access to a Premium Coursera subscription.- Language classes: we provide free English, Spanish, or Portuguese classes.- Social budget: you'll get a monthly budget to chill out with your team (in person or remotely) and deepen your connections!- dLocal Houses: want to rent a house to spend one week anywhere in the world coworking with your team? We’ve got your back!
Flexibility in how you work: We focus on impact and productivity over fixed hours. This means our teams have flexible schedules and, depending on your role and location, you will combine self‑managed focus time with moments of in‑person connection in our collaboration hubs.
What happens after you apply?Our Talent Acquisition team is invested in creating the best candidate experience possible, so don’t worry, you will definitely hear from us. We will review your CV and keep you posted by email at every step of the process!
Also, you can check out our webpage, Linkedin and Youtube for more about dLocal!
By joining us you will be a part of an amazing global team that makes it all happen. Being a part of dLocal means working with 1000+ teammates from 30+ different nationalities and developing an international career that impacts millions of people’s daily lives. We are builders, we never run from a challenge, we are customer-centric, and if this sounds like you, we know you will thrive in our team.
Why should you join dLocal?
dLocal enables the biggest companies in the world to collect payments in 40 countries in
emerging markets. Global brands rely on us to increase conversion rates and simplify
payment expansion effortlessly. As both a payments processor and a merchant of record
where we operate, we make it possible for our merchants to make inroads into the
world’s fastest-growing, emerging markets.
By joining us you will be a part of an amazing global team that makes it all happen, in a
flexible, remote-first dynamic culture with travel, health and learning benefits, among
others. Being a part of dLocal means working with around 1500 teammates from 30+
different nationalities and developing an international career that impacts millions of
people’s daily lives. We are builders, we never run from a challenge, we are customer-
centric, and if this sounds like you, we know you will thrive in our team.
We're not building a traditional security team. We are a lean, forward-thinking
organization that rapidly adopts the latest disruptive innovations to stay ahead of the
curve. We believe the future of defense is smart, efficient, and scaled, and we're
leveraging AI agents and modern platforms to build it (e.g., AI-assisted policy checks,
drift correlation, and AI-driven correlation of posture, CI/CD).
We are looking for a hands-on builder and executor who lives and breathes "secure-by-
default" infrastructure. This isn't just a compliance or audit role; it's a "full-stack"
security engineering position focused on prevention. You'll be an architect, an engineer,
and a key enabler, codifying security into every part of our cloud and CI/CD lifecycle.
In our environment, a small, senior team means massive impact. You won't just write
policies—you'll codify them as automated guardrails, design the hardened platforms our services run on, and build the "paved road" that makes security the easiest and fastest
path for all our engineers. You’ll partner closely with dLocal’s Cloud Platform/SRE teams
to deliver shared guardrails and ‘paved road’ services, not day-to-day platform
operations. This role is focused on prevention and platform engineering.
What You’ll Do:
multi-account AWS architectures, "golden" AMIs, and secure-by-default
container/Kubernetes (EKS) base images.
Infrastructure controls, golden Terraform modules, Helm charts, and admission
policies. You will measure adoption, drift detection, and exception aging while
preventing misconfigurations before they're deployed.
Kubernetes (e.g., admission controllers, least-privilege policies) and own the safe-
change processes for our layered edge defenses (WAF/CDN/anti-Bot), including pre-
prod testing, blast-radius limits, rollback patterns, and change metrics.
WAF) into centralized dashboards and our SIEM/SOAR with clear routing and
ownership, partnering with D&R to ensure signals are high-fidelity and actionable.
and Product teams to translate risks into actionable backlogs. You'll be mentoring
others on prevention-first design.
misconfiguration and drift containment. You will act as the senior subject-matter
expert for cloud/platform incidents, providing deep technical expertise to the IR
team.
What You Bring:
Security, or DevSecOps. You have a passion for building preventative solutions from
the ground up.
IAM boundaries, org SCPs) and expert-level, hands-on knowledge of building and
securing production environments.
baseline hardening (admission control, least privilege, runtime controls). You arefluent in IaC (Terraform, Pulumi, or Ansible) and have strong scripting/automation
skills (Python, Go, etc.).
WAFs, CDNs, and edge security platforms (e.g., Cloudflare, Akamai, AWS WAF).
compliance frameworks (CIS, NIST, OWASP, PCI) into actionable, prioritized
engineering work—not just checkbox-ticking.
engineers, document complex systems clearly, and influence other teams to adopt
security-first practices.
Nice to Have:
AWS WAF).
required.
How You’ll Work
services and "paved roads."
the Detection & Response (D&R) team for signal fidelity and automated containment
handoffs
Why You'll Love It Here: This is a high-impact, high-ownership role. You'll join a small, senior team where
everyone contributes end-to-end. We're building a modern, intelligent, and automated
defense program from the ground up. If you're tired of legacy tools and "bolt-on"
security, and you want to build the future of proactive, automated cyber defense from the
code up, let's talk.
What do we offer?
Besides the tailored benefits we have for each country, dLocal will help you thrive and go that extra mile by offering you:- Flexibility: we have flexible schedules and we are driven by performance.- Fintech industry: work in a dynamic and ever-evolving environment, with plenty to build and boost your creativity.- Referral bonus program: our internal talents are the best recruiters - refer someone ideal for a role and get rewarded.- Learning & development: get access to a Premium Coursera subscription.- Language classes: we provide free English, Spanish, or Portuguese classes.- Social budget: you'll get a monthly budget to chill out with your team (in person or remotely) and deepen your connections!- dLocal Houses: want to rent a house to spend one week anywhere in the world coworking with your team? We’ve got your back!
Flexibility in how you work: We focus on impact and productivity over fixed hours. This means our teams have flexible schedules and, depending on your role and location, you will combine self‑managed focus time with moments of in‑person connection in our collaboration hubs.
What happens after you apply?Our Talent Acquisition team is invested in creating the best candidate experience possible, so don’t worry, you will definitely hear from us. We will review your CV and keep you posted by email at every step of the process!
Also, you can check out our webpage, Linkedin and Youtube for more about dLocal!
About dLocal
Founded
2016 (over 10 years ago)
People
501-1000 employees
Industry
Financial Services
Type
Public Company
Locations
Links