Lead Security Engineer

At
belo
, we're building simple, intuitive financial products so people can focus on what truly matters. Our mission is to empower users worldwide with seamless access to innovative financial services.

Whether it's paying with Pix in Brazil, receiving international payments, or managing crypto assets,
belo
bridges traditional finance with cutting-edge solutions. Built by industry experts and passionate entrepreneurs, our platform is crafted for freelancers, remote workers, and everyday users across Latin America seeking more accessible and efficient financial tools.

We're now ready to strengthen the security of our platform as we scale. To do this, we're looking for a Lead Security Engineer with a strong hands-on approach and an offensive security mindset, complemented by solid defensive security experience.

This role is crucial in proactively identifying vulnerabilities, building detection and response capabilities, and fostering a security-first culture across the company.

What You'll Do

• Perform continuous penetration testing on our mobile app, backend APIs, and infrastructure
• Simulate real-world attacks to identify vulnerabilities before they are exploited
• Reverse engineer client applications and analyze network traffic to uncover weaknesses
• Collaborate with engineers to provide actionable guidance and support remediation efforts
• Design and implement automated security testing as part of our CI/CD pipeline
• Investigate and reproduce bug bounty submissions or vulnerability disclosures
• Contribute to our internal knowledge base of attack vectors, best practices, and secure coding guidelines
• Participate in incident response processes, including forensic analysis, root cause investigation, and post-mortems
• Help maintain and improve security playbooks, including incident response plans and disaster recovery plans
• Contribute to risk assessments, threat modeling, and security policy updates
• Support defensive capabilities by helping to design, configure, and tune detection tools (SIEM, EDR, monitoring systems)
• Drive a security-first mindset across product, engineering, and operations

What We're Looking For

• 3+ years of experience in offensive security, pentesting, or AppSec roles
• Strong knowledge of common vulnerabilities (OWASP Top 10, SSRF, RCE, IDOR, etc.) and how to exploit them
• Experience testing APIs, mobile applications (React Native is a plus), and cloud infrastructure (especially AWS)
• Familiarity with tools like Burp Suite, ZAP, MobSF, Metasploit, and custom scripts
• Comfortable writing exploits and PoCs in scripting languages like Python, JavaScript, or Bash
• Experience in incident response, forensics, and defensive security operations (SIEM, EDR, monitoring, detection engineering)
• Knowledge of risk management practices and security policy development is a plus
• Ability to clearly communicate risks and mitigation strategies to technical and non-technical stakeholders
• A self-starter mindset with a strong sense of ownership and curiosity
• Proficiency in English is mandatory
• Experience in fintech, crypto, or blockchain ecosystems is a big plus
• Proficiency in Portuguese is another big plus

What We Offer

• The opportunity to build and own the security foundation of a fast-growing fintech platform
• A passionate team focused on innovation, transparency, and impact
• Competitive compensation in USDT
• Six weeks of vacation
• Flexible hours
• A MacBook and an annual budget to invest in your professional development
• Mostly remote, with at least one day a week at our Buenos Aires office
• A vibrant startup culture with flexibility, autonomy, and a results-oriented approach

At
belo
, we're redefining financial services for LatAm and beyond. Join us to protect the tools people need to thrive in the modern economy.