Senior Security Engineer

Nelo is a leading consumer fintech and e-commerce platform in Mexico, with >$500MM in annualized GMV and >$70MM in annualized revenue. Our mission is to increase the buying power of consumers in Latin America by building a modern alternative to credit cards.

We’ve raised over $40M in venture capital from Homebrew, Two Sigma Ventures, and Susa Ventures, and secured a $100M asset credit facility from Victory Park Capital. Our lean team includes leaders from Uber, Amazon, Rappi, and DiDi, with offices in Mexico City and New York City.

Security has been built into how we build software from day one, but as we scale we are creating a dedicated security engineering role with broad ownership across application security, infrastructure, and internal controls.

This role is built for someone who wants real ownership:

• You will prioritize where to invest time and resources

• You will implement controls yourself, not delegate them

• You will be trusted to balance risk, velocity, and pragmatism

• You will work closely with leaders including the CEO and CTO

This role is in-person in our NYC office (Tribeca).

• Design and implement security guardrails across cloud infrastructure and developer workflows

• Improve IAM, secrets management, endpoint management and access controls across production systems

• Harden AWS infrastructure using Terraform and policy-as-code

• Increase observability for security-relevant events and anomalies

• Write code, configs, and tooling to enforce security controls

• Reduce reliance on manual reviews through automation

• Make the secure path the easiest path

• Own and run penetration tests and bug bounty program

• Triage findings and partner with engineers to fix issues

• Turn findings into systemic improvements

• Take Nelo through SOC2 (Type 1 and Type 2)

• Implement automated evidence collection

• Set standards by example through high-quality implementations

• Review designs and PRs with a security-first mindset

• 5+ years of engineering experience, with a meaningful focus on security

• Strong hands-on experience with cloud security fundamentals

• Comfortable working with Terraform or similar infrastructure-as-code tooling

• You’ve taken a company through SOC2, ISO 27001, or similar certification

• You’ve run bug bounty programs or managed pentests directly

• You have strong experience with AWS (eg. GuardDuty, CloudTrail, IAM, security groups)

• You use Claude Code or other agentic coding tools

• You need a separate team to implement your ideas

• You prefer static environments over fast-moving systems

• Competitive compensation and meaningful equity

• 100% medical, dental, and vision coverage (50% for dependents)

• Unlimited PTO and generous parental leave

• 401(k)

• Conversation with the hiring manager

• Case study

• On-site Interview

• Fast decision