Senior Security Engineer

POSITION SUMMARY 

We are seeking a passionate Senior Security Engineer to lead security engineering efforts within our growing Information Security organization. As a Senior Professional, you will be critical to embedding security and implementing guardrails for the company's AI-first strategy. You will be expected to demonstrate advanced technical skills, create significant impact across the engineering org, and foster a collaborative environment. You should have hands-on experience securing modern cloud and enterprise environments, a natural sense of curiosity, and a diplomatic approach to problem-solving. This position will be ideally a hybrid role from our Mexico City office as part of our expanding site. EarnIn offers excellent benefits for our employees, including healthcare, internet and cell phone reimbursement, a learning and development stipend, and potential opportunities to travel to our Mountain View headquarters.  Our salary ranges are determined by role, level, and location. We are unable to provide visa sponsorship or immigration support for this position.

• Threat Management: Monitor active threats, perform in-depth analysis of AI-related attack vectors (e.g., prompt injection, model poisoning), and lead the development of comprehensive remediation plans.
• Infrastructure Security: Monitor, audit, detect, and remediate critical security exposures across our cloud infrastructure.
• Incident Response: Respond to security incidents and manage the end-to-end incident response lifecycle.
• Automation & Tooling: Implement advanced automation and AI agents for security tasks, including detection rule testing, auditing, metrics collection, and reporting to improve operational efficiency.
• Security Architecture: Work cross-functionally with engineering teams to architect secure, scalable solutions, including implementing security guardrails and governance for AI/ML workloads, and evaluating third-party security tools.
• Mentorship & Expertise: Serve as a recognized security expert in multiple specialty areas and maintain a strong awareness of the external threat landscape.
• Process Improvement: Drive the implementation of security, technical, and process improvements across the organization.

WHAT WE'RE LOOKING FOR 

• Experience: At least 4+ years of industry experience in security engineering or a related field.
• AWS Expertise: Strong hands-on experience with AWS services (VPC, EC2, S3, EKS) and associated networking, IAM, and security controls in production environments.
• Containerization: Solid understanding of Docker and containerization, including building, optimizing, scanning, and securing container images and workflows.
• Kubernetes: Strong knowledge of Kubernetes architecture and experience operating or securing platforms like EKS in production.
• Infrastructure as Code (IaC): Proficiency with Terraform for provisioning and managing cloud infrastructure in a repeatable, scalable manner.
• Programming: Proficiency in at least one scripting or programming language, with a strong preference for Python to support security tooling and automation.
• Networking: Foundational knowledge of general networking concepts, including TCP/IP, DNS, routing, firewalls, and load balancing across cloud and containerized environments.
• Security Domain Depth: In-depth knowledge of Threat/Intrusion Detection, Vulnerability Management, and specialized expertise in securing AI agents, LLMs, and Model Context Protocol (MCP) environments.
• Education: MS or Bachelor’s degree in Computer Science or an equivalent field, or equivalent experience
• AI Exposure: Experience using AI-assisted development tools (e.g., Copilot, Cursor, LLMs)
• Compliance Frameworks: Familiarity with compliance standards such as ISO 27001, SOC2, NIST, SOX, and PCI is a plus.
• Enterprise Solutions: Experience with IAM tools (Okta, OneLogin), Zero Trust architectures, and Data Loss Prevention (DLP) solutions is a plus. 
• Data Security: Experience with access control and PII management is a plus. 
• Industry Experience: Previous experience in the financial services industry is highly preferred and is a plus. 
• SOAR: Experience with security orchestration, automation, and response (SOAR) technologies is a plus