The leading digital commerce platform in Mexico. We are building the leading operating system for commerce in Mexico, consolidating software, payments, and financial services into a single destination. We believe that extraordinary ideas come from extraordinary people, and the greater the challenge, the stronger the inspiration to make ideas happen. Our values guide our actions and ideas come from every voice, every perspective, every Clipper. **The role:** At **Clip**, we are looking for a **DevSecOps Engineer** to join our **Cyber Protection Team**. The mission of this role is to **ensure security across applications, pipelines, and technology infrastructure**, embedding security controls at every stage of the software development lifecycle. **We value** **hands\-on experience in fintechs or financial institutions****, the ability to** **anticipate risks****, and a** **proactive mindset to protect critical and regulated environments****.** **What will I be doing?** * Analyze financial applications and services to identify vulnerabilities and risks. * Design and implement security controls in **CI/CD pipelines**. * Ensure compliance with a **Secure Software Development Lifecycle (Secure SDLC)**. * Recommend and promote **security best practices** in software development and operations. * Guarantee data encryption **in transit and at rest** under the highest standards (TLS 1\.3, AES\-256, KMS, HSM). * Integrate security analysis tools (**SAST, DAST, SCA**). * Strengthen container, Kubernetes, and cloud configurations following a **Zero Trust** approach. * Collaborate with the incident response team to **reduce exposure times** and reinforce controls. * Document and share security guidelines across the organization. **Ideal Candidate:** * Background in Computer Science, Engineering, Cybersecurity, or related fields (*or equivalent hands\-on experience in fintechs or financial institutions*). * **Experience**: + **3–5 years of proven experience** in DevSecOps, Application Security, or Cybersecurity roles. + Previous work in **fintechs, banks, payment gateways, or financial companies**, ideally within cybersecurity or DevSecOps teams. + Experience implementing **security controls in CI/CD pipelines** (SAST, DAST, dependency scanning, secure deployments). + Participation in **regulatory compliance projects** (PCI DSS, ISO 27001, SOC 2 or similar). + Practical experience in **encryption, secrets and key management**, sensitive data protection, and tokenization. + Exposure to or management of **financial security incidents** (fraud, API attacks, data breaches). + Knowledge of **containers and cloud environments** (Docker, Kubernetes, AWS/GCP/Azure) with a strong security focus. **Experience in** **security automation** **through scripting (Python, Bash, Go, Node.js).** **Technical knowledge** * Proven experience in **fintechs, banks, or financial institutions** in security, DevSecOps, or similar roles. * Solid knowledge of **CI/CD pipelines** (GitHub Actions, GitLab CI, Jenkins, Gitea Actions, or others). * Experience applying security standards: **OWASP Top 10, OWASP ASVS, MITRE ATT\&CK**. * Strong knowledge of **secrets management and encryption** (HashiCorp Vault, AWS KMS, GCP Secret Manager). * Experience with **regulatory compliance** in the financial sector (PCI DSS, ISO 27001, SOC 2\). * Practical knowledge of **cryptography applied to financial data** and tokenization. * Hands\-on experience with **containers, Kubernetes, and cloud security** (AWS, GCP, Azure). * Ability to **modify and optimize existing pipelines** with integrated security controls. **Nice to Have / Plus** * Experience handling **financial security incidents** (fraud, API attacks, data breaches). * Knowledge of **SIEM/SOAR** (Splunk, ELK, Wazuh, Sentinel). * Experience in **payment applications, mPOS, or payment gateways**. * Skills in **security automation** (Python, Go, Bash, Node.js). Hazlo fácil, hazlo Clip. Disclaimer: At Clip, we do not discriminate based on race, age, national origin, sexual orientation, gender identity, religion, or pregnancy.