About the Role

We're looking for a Senior or Lead Security Engineer focused on Defensive Security (Blue Team / SOC) to own our security detection, monitoring, and incident response capabilities across infrastructure, cloud environments, and corporate systems.

This role focuses on threat detection engineering, incident response, threat hunting, and security monitoring, with direct responsibility for supporting ISO/IEC 27001 and PCI DSS requirements for logging, monitoring, and incident management.

At E2, you independently execute detection and incident response activities, build detection content, and operate SIEM/SOAR platforms.
At E3, you act as a technical leader for Blue Team and SOC capabilities, setting detection strategy, defining response metrics, and mentoring others on incident response and threat hunting.

What You'll Do

• Own detection & response posture — Design, implement, and continuously improve detection and monitoring capabilities across cloud, endpoints, and networks
• Lead incident response — Handle security incidents end-to-end: triage, containment, eradication, recovery, forensics, and post-incident reviews
• Build detection engineering capabilities — Create, tune, and maintain SIEM correlation rules, alerts, and automated response workflows (SOAR)
• Threat hunting & intelligence — Perform advanced threat hunting and operationalize threat intelligence platforms and external feeds
• Develop detection content — Maintain detection artifacts, including YARA rules, signatures, and behavioral detections aligned with MITRE ATT&CK
• Define security metrics — Track and improve SOC and IR KPIs (MTTD, MTTR, alert fidelity, false positives) and build dashboards for visibility
• Support compliance — Review, validate, and provide evidence for ISO/IEC 27001 and PCI DSS controls related to logging, monitoring, and incident response
• Improve visibility — Ensure proper logging, telemetry, and signal quality across AWS, operating systems, and network layers
• Post-incident improvement — Lead post-mortems and continuously improve detection, response playbooks, and procedures
• Mentor and guide — Coach engineers and security team members on incident response, detection engineering, and threat hunting best practices
• Detect and respond to exploitation attempts related to common web application risks (OWASP Top 10) using logs, alerts, and incident analysis
  
  

What We're Looking For

Technical

• 3+ years in Blue Team, SOC, or Incident Response roles (5+ years for E3)
• Strong experience with SIEM and SOAR tools (rule creation, tuning, automation)
• Proven experience in incident response operations and security monitoring
• Experience with threat intelligence platforms and threat feeds, and their use in detection and response
• Strong experience performing advanced threat hunting techniques
• Hands-on experience creating and maintaining detection content, including YARA rules
• Ability to define and measure security and incident response metrics
• Experience building security dashboards for SOC and IR visibility
• Solid understanding of logging pipelines, telemetry, and event analysis
• Familiarity with MITRE ATT&CK and attacker techniques
• Experience supporting PCI DSS and ISO/IEC 27001 controls related to monitoring, logging, and incident response
• Cloud security fundamentals (AWS preferred: CloudTrail, GuardDuty, Security Hub, IAM logging)
• Scripting skills for automation (Python, Bash)
  
  

AI Fluency

• Uses AI tools for log analysis, threat detection, and incident response automation
• Understands AI-related security risks (data leakage, model abuse, misuse of AI tools)
• Applies AI to accelerate threat hunting and incident analysis
• Stays current on emerging AI security threats relevant to SOC operations
  
  

Leadership & Communication

• Experience communicating incidents, risks, and metrics to technical and non-technical stakeholders
• Comfortable interacting with auditors during ISO 27001 and PCI DSS assessments
• Strong documentation skills for procedures, playbooks, and incident reports
• Fluent in Spanish; working knowledge of English for vendors and documentation
  
  

Mindset

• Strong defensive security mindset: prevention, detection, and response first
• Proactive about identifying threats before they escalate into incidents
• Calm and methodical under pressure during security incidents
• Strong ownership—you see incidents and improvements through to completion
• Curious about fintech-specific threats, fraud patterns, and regulatory impact
  
  

Nice to Have

• Industry-recognized Blue Team / SOC certifications:
  
  
  • GIAC (GCED, GCIA, GCIH)
  • Blue Team Level 1 / Level 2 (BTL1 / BTL2)
  • SC-200 (Microsoft Security Operations Analyst)
  • CISSP or CCSP
    
    
• Experience acting as an incident commander during major incidents
• Experience in financial services or regulated environments
  
  

Our Stack

Cloud: AWS (CloudTrail, GuardDuty, Security Hub, IAM)
Infrastructure: Pulumi, Terraform, Datadog, Jenkins
Endpoint: Jamf, Microsoft Intune
Identity: SSO/SCIM, Active Directory
Compliance: PCI DSS, ISO/IEC 27001

Why Aplazo

Our mission is to empower financial access and opportunity across Latin America through fair, simple, and transparent solutions. Our tech vision is to be the most beloved and innovative tech organization in Latin America.

We're a Series B fintech growing fast—security is critical to our customers' trust and our ability to operate. You'll own core Blue Team and incident response capabilities for a platform that handles millions of financial transactions.