DevSecOps Engineer

About Addi

We are a leading financial platform, building the future of payments, shopping, and banking—a world where consumers and merchants can transact effortlessly, grow together and where we create abundance and generate pride in them. Today, we serve over 2 million customers and partner with more than 20,000 merchants, making Addi Colombia’s fastest-growing marketplace.

We provide banking solutions (deposits, payments, unsecured credit) and commerce services (e-commerce, marketing) using state-of-the-art technology, bridging the financial gap for millions and redefining how people experience financial freedom. As the country’s leading Buy Now, Pay Later provider, we have secured regulatory approval to operate as a bank, unlocking even greater opportunities for our customers. In the past year, we have also achieved profitability, reinforcing the strength of our business model and our ability to scale sustainably.

Our mission has earned the trust of world-class investors, including Andreessen Horowitz, Architect Capital, GIC, Goldman Sachs, Greycroft, Monashees, Notable Capital, Quona Capital, Union Square Ventures, Victory Park Capital, and more, who back our vision for the future. With their support, we are not just growing—we are transforming Latin America’s financial ecosystem and shaping the next generation to shop, pay, and bank in Colombia.

But what truly sets us apart is how we build. We are a conscious company, driven by deep experience in scaling technology, services and products, and we live by our values every day.

About the Role

This is where you come in. Below, you’ll find what this role is all about—the impact you’ll drive, the challenges you’ll tackle, and what it takes to thrive at Addi. If you’re ready to be part of something big, keep reading.

What’s the mission you’ll drive

Ensure the security, reliability, and scalability of Addi’s cloud infrastructure and software development lifecycle by embedding security best practices into DevOps processes, while driving proactive threat mitigation, automated security tooling, and compliance adherence, ensuring Addi’s systems remain resilient against evolving cyber threats while maintaining high availability and performance.

What you will do

• Reduce security vulnerabilities in code through automated security checks.

  • Enhance our current implementation for Static & Dynamic Application Security Testing (SAST & DAST).

  • Ensure seamless security automation across build, test, and deployment stages.

  • Follow up on vulnerability remediation with the different team owners.

• Reduce cloud misconfigurations through proactive monitoring and remediation.

  • Deploy runtime security controls (e.g., container security, Kubernetes hardening) to prevent exploits.

  • Improve our SIEM (Security Information & Event Management) and SOAR (Security Orchestration & Response) solutions for real-time monitoring.

  • Automate log analysis, anomaly detection, and security alerting for proactive threat detection.

  • Develop runbooks for incident response, ensuring rapid containment and mitigation.

• Increase security automation coverage to reduce manual intervention in key areas.

  • Implement automated remediation for common security misconfigurations.

  • Leverage AI-driven security analytics to predict and prevent potential threats.

  • Streamline security logging, alerting, and forensic analysis to improve response efficiency.

• Achieve 100% adherence to compliance ISO 27001

  • Implement automated security compliance checks for infrastructure and applications.

  • Define and enforce secure coding guidelines & security policies for developers.

  • Enforce least privilege access policies and continuous compliance monitoring.

• Foster a security-first mindset within engineering teams.

  • Conduct secure coding workshops & threat modeling exercises to improve developer security maturity.

  • Integrate just-in-time security training within developer workflows.

  • Foster a security-first mindset within engineering teams by embedding security champions.

What we’re looking for

• Proven DevSecOps & Cloud Security Expertise

  • 5+ years in DevSecOps, cloud security, or cybersecurity engineering, ideally in fintech or high-scale SaaS environments.

  • Proven track record of implementing security automation and key cloud security frameworks such as the AWS Well-Architected Framework and CIS Benchmarks for AWS, along with secure software development practices.

  • Deep knowledge of cloud security, container security, and core DevSecOps principles such as "Security as Code," "Shift Left," automation of security processes, and fostering a culture of shared security responsibility to secure software development and deployment pipelines.

  • Experience implementing SIEM/SOAR solutions (e.g., Splunk, ELK, Sentinel, Datadog Security) for proactive threat detection.

  • Experience in securing CI/CD pipelines, integrating SAST, DAST, and SCA tools to prevent vulnerabilities.

  • Ability to educate and influence engineering teams, driving secure coding practices and proactive threat mitigation.

• Demonstrates solid AWS & Cloud Security Best Practices

  • Expertise in AWS security hardening and Kubernetes security.

  • Hands-on experience with AWS security, Kubernetes security, and container security (e.g., Falco, Aqua Security, Prisma Cloud).

  • Strong proficiency in CI/CD security automation, and secure coding best practices.

• Strong Compliance & Risk Management Knowledge

  • Strong understanding of ISO 27001, ensuring adherence to security compliance requirements.

• Proven Automation & Scalability Experience

  • Experience in proposing security best practices in code across languages like Java and Python.

• Demostrates outstanding Collaboration & Cross-Functional Leadership

  • Ability to align security priorities with engineering, product, and compliance teams, ensuring seamless integration of security measures. Able to be actively involved in our software development cycle by reviewing technical specifications, conduct pentestings previous to a release, etc.

Why join us?

• Work on a problem that truly matters – We are redefining how people shop, pay, and bank in Colombia, breaking down financial barriers and empowering millions. Your work will directly impact customers' lives by creating more accessible, seamless, and fair financial services.

• Be part of something big from the ground up – This is your chance to help shape a company, influencing everything from our technology and strategy to our culture and values. You won’t just be an employee—you’ll be an owner

• Unparalleled growth opportunity – The market we’re tackling is massive, and we’re growing faster than almost any fintech lender at our stage. If you’re looking for a high-impact role in a company that’s scaling fast, this is it.

• Join a world-class team – Work alongside top-tier talent from around the world, in an environment where excellence, ownership, and collaboration are at the core of everything we do. We care deeply about what we build and how we build it—and we want you to be a part of it.

• Competitive compensation & meaningful ownership – We believe in rewarding our talent. You’ll receive a generous salary, equity in the company, and benefits that go beyond the basics to support your growth.

How the hiring process looks like

We believe in a fast, transparent, and engaging hiring experience that allows both you and us to determine if there's a great fit. Here’s what our process looks like:

• Step 1: People Interview (30 min)
  A conversation with a recruiter or hiring manager to get to know you, your experience, and what you're looking for. We’ll also share more about Addi, our culture, and the role.

• Step 2: Initial Interview (60 min)
  A more in-depth conversation with our Engineering Manager, where we explore your skills, experience, and problem-solving approach. We want to understand how you think and work.

• Step 5: Deep Dive Interview (60 min)
  You'll meet future colleagues and cross-functional team members to get a feel for how we work together. We’re looking for strong contributors and cultural fits, so bring your questions, too!

• Step 5: Co-Founder Interview
  If there’s a strong match, you’ll have a final conversation with our Founder to align on expectations, cultural fit and ensure mutual excitement. From there, we’ll move quickly to an offer and discuss next steps.

We value efficiency and respect for your time, so we aim to complete the process as quickly as possible. Our goal is to make this experience insightful and exciting for you, just as much as it is for us. Regardless of the outcome, we are committed to always providing feedback, ensuring that you walk away with valuable insights from your experience with us.