Senior Security Engineer (Cyber Detection & Response) - Argentina, Brazil, Spain, Romania & Uruguay

dLocal enables the biggest companies in the world to collect payments in 40 countries in emerging markets. Global brands rely on us to increase conversion rates and simplify payment expansion effortlessly. As both a payments processor and a merchant of record where we operate, we make it possible for our merchants to make inroads into the world’s fastest-growing, emerging markets.

By joining us you will be a part of an amazing global team that makes it all happen, in a flexible, remote-first dynamic culture with travel, health and learning benefits, among others. Being a part of dLocal means working with 1000+ teammates from 30+ different nationalities and developing an international career that impacts millions of people’s daily lives. We are builders, we never run from a challenge, we are customer‑centric, and if this sounds like you, we know you will thrive in our team.

We’re not building a traditional security team. We are a lean, forward‑thinking organization that rapidly adopts the latest disruptive innovations to stay ahead of the curve. We believe the future of defense is smart, efficient, and scaled, and we’re leveraging AI agents and modern platforms to build it.

We are looking for a hands‑on security engineer who lives and breathes proactive defense. This isn’t just an incident response role; it’s a "full-stack" security engineering position. You’ll be a hunter, a builder, and a strategist, operating across the entire incident lifecycle with an adversary‑centric mindset.

In our environment, a small, senior team means massive impact. You won’t just own alerts—you’ll help design the AI‑driven systems that generate them, build the automation that crushes repetitive work, and hunt for threats before they ever become incidents.

• Hunt, Don't Just Wait: Conduct adversary‑centric threat hunts, fueled by cutting‑edge threat intelligence and the MITRE ATT&CK framework. You’ll go beyond alerts to perform proactive, hypothesis‑driven analysis.
• Lead End‑to‑End Response: Command the full incident lifecycle—from triage and containment to eradication and post‑mortem—for incidents across our endpoint, identity, and multi‑cloud environments.
• Build Smarter Detections: Engineer, tune, and maintain high‑fidelity detections in our SIEM. Your goal isn’t just to find evil, but to do so with precision, minimizing noise and maximizing signal.
• Automate Everything: Design, build, and scale our automated response workflows. You’ll be a primary driver in leveraging our SOAR, AI agents, and custom automations (Tines, etc.) to create smart, efficient responses that allow us to scale.
• Integrate Threat Intelligence: Actively consume and integrate threat intel to inform detection engineering, enrich investigations, and guide proactive hunting campaigns.
• Partner & Innovate: Work directly with engineers and product teams to ensure security telemetry is actionable, measurable, and built for a modern, automated defense.
• Act as a Senior Escalation Point: Serve as a key leader for major incidents, providing technical and strategic guidance to the wider Cyber Defense team.

• A "Builder" Mindset: 4–8 years of experience in Security Operations, Detection Engineering, or Incident Response, with a clear passion for building solutions, not just operating them.
• Proven IR Expertise: Demonstrable, hands‑on experience with advanced incident response (host, identity, or cloud).
• Deep Detection & SIEM Skills: Strong expertise in SIEM and detection (e.g., Sumo Logic, Splunk, Sentinel, Elastic, Crowdstrike, Panther, Hunters) and a proven track record of creating and tuning robust detections.
• An Adversary‑Centric Approach: You think like an attacker. You’re deeply familiar with the MITRE ATT&CK framework and modern attacker tradecraft.
• A Passion for Automation: You have a clear drive to automate the mundane. Whether it’s with SOAR platforms, Python, or other tools, you believe in automating to focus on the critical.
• Technical Acumen: Familiarity with endpoint security (EDR), identity protection and data loss prevention tools, and modern cloud environments.
• Clarity & Discipline: Strong written communication and documentation skills are essential. You know how to write a playbook, document a finding, and communicate complex issues clearly.
• Curiosity for the Future: A genuine excitement for new technology. You’re eager to learn and apply new tools, including AI agents and modern platforms, to solve complex security problems.

• Deep experience with cloud‑native security (AWS, GCP, or Azure).
• Experience integrating and operationalizing threat intelligence platforms.
• Familiarity with IaC (Terraform/Ansible) or container security concepts.
• Prior exposure to purple‑team exercises.
• Certifications such as GCIA, GCFA, OSCP, or similar are valued but not required.

• This is a high‑impact, high‑ownership role. You’ll join a small, senior team where everyone contributes end‑to‑end. We’re building a modern, intelligent, and automated defense program from the ground up. If you’re tired of legacy tools and rigid, reactive processes, and you want to build the future of cyber defense using the latest disruptive innovations, let’s talk.

Besides the tailored benefits we have for each country, dLocal will help you thrive and go that extra mile by offering you:

• Remote work: work from anywhere or one of our offices around the globe!
• Flexibility: we have flexible schedules and we are driven by performance.
• Fintech industry: work in a dynamic and ever‑evolving environment, with plenty to build and boost your creativity.
• Referral bonus program: our internal talents are the best recruiters - refer someone ideal for a role and get rewarded.
• Learning & development: get access to a Premium Coursera subscription.
• Language classes: we provide free English, Spanish, or Portuguese classes.
• Social budget: you’ll get a monthly budget to chill out with your team (in person or remotely) and deepen your connections!
• dLocal Houses: want to rent a house to spend one week anywhere in the world coworking with your team? We’ve got your back!

*For people based in Montevideo (Uruguay) applying to non‑IT roles, 55% monthly attendance to the office is required

Our Talent Acquisition team is invested in creating the best candidate experience possible, so don’t worry, you will definitely hear from us. We will review your CV and keep you posted by email at every step of the process!

Also, you can check out our webpage, Linkedin, Instagram, and Youtube for more about dLocal!