Dlocal9d ago

DevSecOps Engineer, Technical Referent

BarcelonaFull Timemid

CybersecurityDevSecOps Engineer

0 views0 saves0 applied

Apply Now

Quick Summary

Overview

Why should you join dLocal? dLocal enables the biggest companies in the world to collect payments in 40 countries in emerging markets.

Technical Tools

CybersecurityDevSecOps Engineer

Why should you join dLocal?

dLocal enables the biggest companies in the world to collect payments in 40 countries in emerging markets. Global brands rely on us to increase conversion rates and simplify payment expansion effortlessly. As both a payments processor and a merchant of record where we operate, we make it possible for our merchants to make inroads into the world’s fastest-growing, emerging markets.

By joining us you will be a part of an amazing global team that makes it all happen. Being a part of dLocal means working with 1000+ teammates from 30+ different nationalities and developing an international career that impacts millions of people’s daily lives. We are builders, we never run from a challenge, we are customer-centric, and if this sounds like you, we know you will thrive in our team.

What’s the opportunity?

Join dLocal’s IT Cloud Platform Services to strengthen identity, access, and endpoint security across our multi-cloud environment. You’ll design and govern role models, lead SSO and IAM integrations for AWS, GCP, and Microsoft Entra ID, and drive secure-by-default automation that reduces manual work and errors. You’ll collaborate daily with DevOps, Networking, Security, and Service Desk to standardize controls and improve developer productivity. You’ll also leverage AI tools to accelerate analysis, policy design, and continuous improvements, informed by our enterprise access matrix.

Define and maintain the enterprise role model (RBAC/ABAC), ownership, and approval flows; align designs and reviews with the access matrix.

Lead SSO and identity integrations (SAML/OIDC, SCIM, MFA) on Microsoft Entra ID; standardize application onboarding and lifecycle.

Administer AWS IAM and GCP IAM at org/account/project levels (SCPs/org policies, permission boundaries, service accounts, workload identity), enforcing least privilege and SoD.

Build automation for provisioning, deprovisioning, and periodic access reviews using IaC/PaC; integrate JIT/PAM workflows (e.g., Apono).

Strengthen endpoint and device posture with Jamf and Intune (baselines, compliance, conditional access signals) tied to identity controls.

Implement guardrails and continuous controls (audit trails, logging, anomaly detection for access usage) with clear remediation playbooks.

Identify, prioritize, and deliver automation opportunities that remove manual access tasks, reduce escalations, and increase audit readiness.

Use AI tools to analyze access patterns, suggest policy improvements, and speed up documentation and evidence gathering, safely and with governance.

Partner with DevOps, Networking, Security, and Service Desk on scalable workflows, incident resolution, and user experience improvements.

Document architectures, runbooks, and SOPs; support audits and risk assessments with clear evidence and metrics.
Implement and review application permissions in Amazon EKS (Kubernetes RBAC, service accounts, IRSA) to enforce least privilege and SoD.

Implement and review application permissions in Amazon EKS (Kubernetes RBAC, service accounts, IRSA) to enforce least privilege and SoD.

Strong security engineering across IAM/SSO/PAM, role modeling (RBAC/ABAC), least privilege, and SoD.

Public cloud expertise: AWS and GCP IAM; Microsoft Entra ID; SAML/OIDC, SCIM; tools such as Apono, Jamf, and Intune.

Automation mindset: infrastructure-as-code and policy-as-code (Terraform/Pulumi/Ansible) and scripting (Python/Bash).

Audit and compliance experience: PCI DSS, SOX, and ISO 27001 (planning, evidence collection, remediation follow-up).

Proven ability to identify and deliver security automations that reduce manual access tasks and audit effort.

Effective collaboration with DevOps, Networking, Security, and Service Desk; clear stakeholder communication.