**Senior Security Engineer** **About the role** At Fintual, we are looking for the person who will lead the security of our operations in Mexico. Although the global security team is based in Chile, the Mexican operation has regulatory and cultural complexities (such as CNBV, PIN usage, SPEI) that require a local professional who understands the context. We are not looking for a traditional corporate profile focused solely on managing permissions, nor for a "hacker" who only wants to conduct penetration testing all day. We seek a hybrid and pragmatic profile capable of navigating between technical, strategic, and regulatory domains. **What you’ll actually do** Your job will be to ensure that our product in Mexico is secure and compliant with the law—without slowing down development speed. This involves three main responsibilities: * **Regulatory compliance (Mexico):** Understand and translate CNBV and Fintech Law requirements into real technical controls. We need someone who is not intimidated by regulation and can keep it up to date. * **Cloud infrastructure:** Secure our environments on AWS and Google Cloud. You will get hands-on with configurations—not just oversee them. * **Product security:** Review business logic. You don’t need to write code from scratch, but you must be able to read and audit code in Python (Django) or Ruby on Rails to detect vulnerabilities before they reach production. **Who we’re looking for** * **Real-world experience:** You have at least 5 years in security. You’ve handled real incidents and know how to prioritize what’s important over what’s urgent. * **"Hands-on" profile:** Even as a Senior, you still open the terminal, configure your own tools, and understand how things work under the hood. * **Autonomy:** If you identify a problem, you don’t wait for instructions—you investigate, test, and propose a solution (even if it’s a temporary network-level patch when code changes aren’t possible). * You come from agile environments or startups. You understand that security must enable the business—not block it with unnecessary processes. **Technical requirements** * Demonstrable experience securing cloud infrastructure (AWS/GCP). * Ability to read and understand code. * Knowledge of Mexican financial regulations or standards such as ISO 27001. **What we offer** * Competitive salary and Stock Options (company shares). * 7 weeks of vacation per year. * Major Medical Expenses Insurance. Employment type: Full-time Application question(s): * This role requires direct technical configuration. Which cloud services (AWS or GCP) have you used to secure infrastructure, and when was the last time you performed direct configurations via terminal/console? * How comfortable are you reading Python (Django) or Ruby on Rails code to identify logical vulnerabilities? * Have you previously worked with CNBV regulations, the Fintech Law, or ISO 27001? Work location: Remote