Senior Application Security Engineer

Job description

About Félix

At Félix, we're building the financial ecosystem for Latin immigrants in the U.S., starting with a revolution in remittances.

Our core product is an AI-powered chatbot powered by WhatsApp, allowing our users to send money home as easily as sending a text message.

We leverage cutting-edge technology like AI, blockchain, and stablecoins to make cross-border payments faster, more affordable, and more accessible than ever before.

We are a hyper-growth Series B company, backed by over $100 million in funding from top-tier global investors, including QED, Castle Island, Switch Ventures, HTwenty, Monashees, and General Catalyst Customer Value Fund.

This isn't just about the numbers; it's a testament to the trust our investors have in our vision and our team.

Additionally, Félix was selected as an “Endeavour Entrepreneur” and was a recipient of the CrossTech Fintech Startups Award.

We are a group of extremely talented and dedicated high-performers, united by our shared obsession with a single goal: empowering our customers.

We are all owners of Félix, driven by a bias for action and a true experimentation spirit to get shit done with urgency and focus.

The Role

As a Senior Application Security Engineer, you will be a critical part of our SecOps team, working alongside Damian Finol, our Head of EngOps.

You will be responsible for embedding security into every stage of our software development lifecycle (SDLC).

This is a hands-on role for a builder who is passionate about shifting security left and empowering developers to ship secure code, quickly and confidently.

You will be instrumental in maturing our DevSecOps practices, building out our security automation, and ensuring our platform meets the stringent security and compliance requirements of the fintech landscape, including our goals for SOC 2 Type I readiness.

What You'll Do

• Build and Automate Secure CI/CD Pipelines: Design, implement, and maintain security controls within our GitHub Actions CI/CD pipelines.
  
  You will be hands-on with tools for Static Application Security Testing (SAST), Software Composition Analysis (SCA), Infrastructure-as-Code (IaC) scanning, and secret detection.
  
  
• Drive Vulnerability Management: Take ownership of our vulnerability management program using platforms like DefectDojo.
  
  You will work closely with engineering teams to triage findings, prioritize remediation efforts, and reduce our overall risk profile.
  
  
• Champion Secure Development: Act as a security subject matter expert for our product engineering teams.
  
  You will conduct security architecture reviews, perform threat modeling for new features, and promote secure coding best practices across our Python-based services.
  
  
• Coordinate Security Assessments: Manage and support internal and external penetration testing engagements, track findings, and drive remediation efforts with the relevant teams.
  
  
• Develop Security Standards: Help define and document foundational security requirements for source code management, secrets management, and our CI/CD processes to ensure they are secure by design.
  
  
• Support Compliance Initiatives: Partner with our GRC function to implement necessary application security controls and gather evidence to support our SOC 2 and PCI compliance audits.
  
  

Qualifications

• Proven experience as an Application Security Engineer, Product Security Engineer, or in a similar role.
  
  
• Hands-on experience building, securing, and operating CI/CD pipelines, preferably with GitHub Actions.
  
  
• Strong proficiency with security scanning tools (e.g., SAST, DAST, SCA, secret scanning).
  
  
• Proficiency in a scripting or programming language, with a strong preference for Python to align with our primary tech stack.
  
  
• Deep understanding of web application vulnerabilities, secure architecture principles, and the OWASP Top 10.
  
  
• Experience working with cloud-native technologies and environments (GCP, Kubernetes/GKE, Docker).
  
  
• These are the applicable requisites, although equivalent competencies in any of the above will also be considered.
  
  

Nice to Haves

• Experience in a regulated industry (Fintech, Healthcare, etc.) and familiarity with compliance frameworks like SOC 2 and PCI DSS.
  
  
• Experience with Infrastructure-as-Code tools like Terraform and related security scanners (e.g., Checkov).
  
  
• Familiarity with vulnerability management platforms like DefectDojo.
  
  

What We Offer

• Competitive salary
• Initial stock options grant
• Annual performance bonus
• Health, dental, and vision plans
• Remote work environment, although we have offices in Miami and México City and would love to work in hybrid model if you are up to it.
  
  
• Continuous learning opportunities
• Unlimited PTO
• Paid parental leave
• Empowering opportunities for growth in a dynamic entrepreneurial environment

Equal Opportunity Employer

At Félix, we are committed to providing equal employment opportunities to all qualified employees and applicants without regard to race, religion, nationality, sex, sexual orientation, gender identity, age, or disability.

This policy applies to all terms and conditions of employment, including recruitment, hiring, placement, promotion, training, compensation, benefits, and termination.

Want to learn more about our privacy practices?

Check out our Privacy Policy.

Required Skill Profession

Gestión Informática Y Gestión De Proyectos Informáticos