Senior / Lead Defensive Security Engineer

About the Role

We're looking for a Senior or Lead Security Engineer focused on Defensive Security (Blue Team / SOC) to own our security detection, monitoring, and incident response capabilities across infrastructure, cloud environments, and corporate systems.

This role focuses on threat detection engineering, incident response, threat hunting, and security monitoring, with direct responsibility for supporting ISO/IEC 27001 and PCI DSS requirements for logging, monitoring, and incident management.

At E2, you independently execute detection and incident response activities, build detection content, and operate SIEM/SOAR platforms.
At E3, you act as a technical leader for Blue Team and SOC capabilities, setting detection strategy, defining response metrics, and mentoring others on incident response and threat hunting.

What You'll Do

Own detection & response posture — Design, implement, and continuously improve detection and monitoring capabilities across cloud, endpoints, and networks

Lead incident response — Handle security incidents end-to-end: triage, containment, eradication, recovery, forensics, and post-incident reviews

Build detection engineering capabilities — Create, tune, and maintain SIEM correlation rules, alerts, and automated response workflows (SOAR)

Threat hunting & intelligence — Perform advanced threat hunting and operationalize threat intelligence platforms and external feeds

Develop detection content — Maintain detection artifacts, including YARA rules, signatures, and behavioral detections aligned with MITRE ATT&CK

Define security metrics — Track and improve SOC and IR KPIs (MTTD, MTTR, alert fidelity, false positives) and build dashboards for visibility

Support compliance — Review, validate, and provide evidence for ISO/IEC 27001 and PCI DSS controls related to logging, monitoring, and incident response

Improve visibility — Ensure proper logging, telemetry, and signal quality across AWS, operating systems, and network layers

Post-incident improvement — Lead post-mortems and continuously improve detection, response playbooks, and procedures

Mentor and guide — Coach engineers and security team members on incident response, detection engineering, and threat hunting best practices

Detect and respond to exploitation attempts related to common web application risks (OWASP Top 10) using logs, alerts, and incident analysis

What We're Looking For

Technical

3+ years in Blue Team, SOC, or Incident Response roles (5+ years for E3)

Strong experience with SIEM and SOAR tools (rule creation, tuning, automation)

Proven experience in incident response operations and security monitoring

Experience with threat intelligence platforms and threat feeds, and their use in detection and response

Strong experience performing advanced threat hunting techniques

Hands-on experience creating and maintaining detection content, including YARA rules

Ability to define and measure security and incident response metrics

Experience building security dashboards for SOC and IR visibility

Solid understanding of logging pipelines, telemetry, and event analysis

Familiarity with MITRE ATT&CK and attacker techniques

Experience supporting PCI DSS and ISO/IEC 27001 controls related to monitoring, logging, and incident response

Cloud security fundamentals (AWS preferred: CloudTrail, GuardDuty, Security Hub, IAM logging)

Scripting skills for automation (Python, Bash)

AI Fluency

Uses AI tools for log analysis, threat detection, and incident response automation

Understands AI-related security risks (data leakage, model abuse, misuse of AI tools)

Applies AI to accelerate threat hunting and incident analysis

Stays current on emerging AI security threats relevant to SOC operations

Leadership & Communication

Experience communicating incidents, risks, and metrics to technical and non-technical stakeholders

Comfortable interacting with auditors during ISO 27001 and PCI DSS assessments

Strong documentation skills for procedures, playbooks, and incident reports

Fluent in Spanish; working knowledge of English for vendors and documentation

Mindset

Strong defensive security mindset: prevention, detection, and response first

Proactive about identifying threats before they escalate into incidents

Calm and methodical under pressure during security incidents

Strong ownership—you see incidents and improvements through to completion

Curious about fintech-specific threats, fraud patterns, and regulatory impact

Nice to Have

Industry-recognized Blue Team / SOC certifications:

GIAC (GCED, GCIA, GCIH)

Blue Team Level 1 / Level 2 (BTL1 / BTL2)

SC-200 (Microsoft Security Operations Analyst)

CISSP or CCSP

Experience acting as an incident commander during major incidents

Experience in financial services or regulated environments

Our Stack

Cloud: AWS (CloudTrail, GuardDuty, Security Hub, IAM)
Infrastructure: Pulumi, Terraform, Datadog, Jenkins
Endpoint: Jamf, Microsoft Intune
Identity: SSO/SCIM, Active Directory
Compliance: PCI DSS, ISO/IEC 27001

Why Aplazo

Our mission is to empower financial access and opportunity across Latin America through fair, simple, and transparent solutions. Our tech vision is to be the most beloved and innovative tech organization in Latin America.

We're a Series B fintech growing fast—security is critical to our customers' trust and our ability to operate. You'll own core Blue Team and incident response capabilities for a platform that handles millions of financial transactions.