We are seeking an experienced SecOps Engineer with strong offensive security and Red Team background to join our fintech payments platform. In this role, you'll be responsible for identifying vulnerabilities, conducting penetration testing, and implementing robust security controls to protect our payment infrastructure and customer data. As a key member of our security team, you'll collaborate with development teams to integrate security throughout the software development lifecycle while ensuring compliance with financial regulations and responding to emerging threats.
Tareas
- Offensive Security & Penetration Testing: Conduct regular penetration tests and vulnerability assessments of network infrastructure, cloud environments, and web/mobile applications to identify security weaknesses before they can be exploited by malicious actors.
- Security Architecture & Design: Provide recommendations for security architecture improvements, safe development practices, and secure-by-design principles to development teams, ensuring security is built into our systems from the ground up.
- Threat Intelligence & Vulnerability Management: Stay aware of emerging threats and zero-day vulnerabilities, analyze their potential impact on company infrastructure, and coordinate remediation efforts across teams.
- Incident Response & CSIRT Activities: Participate in security incident response, analyze security events, propose solutions, and develop remediation guidance to minimize impact and prevent recurrence.
- Security Controls & Monitoring: Test and enhance active monitoring controls, implement new detection capabilities, and ensure our security monitoring systems can effectively identify potential threats in our environment.
- Vulnerability Disclosure & Bug Bounty Programs
Requisitos
- Offensive Security Expertise: penetration testing, ethical hacking, and vulnerability assessments for networks, cloud environments, and web and mobile applications.
- Cloud Security Knowledge: Experience securing AWS environments, identifying misconfigurations, and implementing security best practices in cloud infrastructure.
- Programming & Automation: Strong programming skills to develop security tools, automate security testing, and create scripts for security monitoring and incident response.
- Network Security: Deep understanding of network security concepts, protocols, firewalls, and intrusion detection/prevention systems.
- Leadership & Communication: Ability to effectively communicate security findings to technical and non-technical stakeholders, influence security decisions, and guide teams on remediation approaches.
- Scaling zero to one a complex infrastructure of companies sharing information in secure and encrypted environments. Experience in the fintech or payment processing industry is preferred.
- Certifications, extra points if the candidate has experience implementing ISO27001 and PCI compliance
- Minimum 5 years of experience in cybersecurity roles with focus on penetration testing, Red Team activities, or security engineering.
- Demonstrated experience in identifying, analyzing, and remediating security vulnerabilities in payment processing systems.
- Experience with implementing DevSecOps practices and integrating security into CI/CD pipelines.
- Participating in bug bounty programs and vulnerability disclosure initiatives is a plus.
- Spanish native.
- English proficiency a plus.
Beneficios
- Chance to build and lead the security department from the ground up
- Ownership in the design, implementation, and improvement of key company structures.
- Exposure to the national and international fintech ecosystem.
- Openness to new ideas and methodologies, promoting innovation in both processes and strategy.
- Opportunity for growth in a dynamic, high-impact startup environment.
- Flexible culture and hybrid work model.
Apply now and be part of the financial transformation at Monato!