Companies you'll love to work for

About Nelo

Nelo is a leading consumer fintech and e-commerce platform in Mexico, with >$500MM in annualized GMV and >$70MM in annualized revenue. Our mission is to increase the buying power of consumers in Latin America by building a modern alternative to credit cards.

We’ve raised over $40M in venture capital from Homebrew, Two Sigma Ventures, and Susa Ventures, and secured a $100M asset credit facility from Victory Park Capital. Our lean team includes leaders from Uber, Amazon, Rappi, and DiDi, with offices in Mexico City and New York City.

About the Role

Security has been built into how we build software from day one, but as we scale we are creating a dedicated security engineering role with broad ownership across application security, infrastructure, and internal controls.

This role is built for someone who wants real ownership:

• You will prioritize where to invest time and resources

• You will implement controls yourself, not delegate them

• You will be trusted to balance risk, velocity, and pragmatism

• You will work closely with leaders including the CEO and CTO

This role is in-person in our NYC office (Tribeca).

What You’ll Do

Build Secure-by-Default Systems

• Design and implement security guardrails across cloud infrastructure and developer workflows

• Improve IAM, secrets management, endpoint management and access controls across production systems

• Harden AWS infrastructure using Terraform and policy-as-code

• Increase observability for security-relevant events and anomalies

Own Security as an Engineering Problem

• Write code, configs, and tooling to enforce security controls

• Reduce reliance on manual reviews through automation

• Make the secure path the easiest path

Lead External Security Programs

• Own and run penetration tests and bug bounty program

• Triage findings and partner with engineers to fix issues

• Turn findings into systemic improvements

Manage Certifications and Compliance

• Take Nelo through SOC2 (Type 1 and Type 2)

• Implement automated evidence collection

Raise the Bar Across the Team

• Set standards by example through high-quality implementations

• Review designs and PRs with a security-first mindset

Who You Are

Required

• 5+ years of engineering experience, with a meaningful focus on security

• Strong hands-on experience with cloud security fundamentals

• Comfortable working with Terraform or similar infrastructure-as-code tooling

Strong Signals

• You’ve taken a company through SOC2, ISO 27001, or similar certification

• You’ve run bug bounty programs or managed pentests directly

• You have strong experience with AWS (eg. GuardDuty, CloudTrail, IAM, security groups)

• You use Claude Code or other agentic coding tools

Not a Fit If

• You need a separate team to implement your ideas

• You prefer static environments over fast-moving systems

Compensation and Benefits

• Competitive compensation and meaningful equity

• 100% medical, dental, and vision coverage (50% for dependents)

• Unlimited PTO and generous parental leave

• 401(k)

About the Process

• Conversation with the hiring manager

• Case study

• On-site Interview

• Fast decision

Compensation Range: $185K - $220K