Devsecops engineer, technical referent

Join dLocal's IT Cloud Platform Services to strengthen identity, access, and endpoint security across our multi‐cloud environment. You'll design and govern role models, lead SSO and IAM integrations for AWS, GCP, and Microsoft Entra ID, and drive secure‐by‐default automation that reduces manual work and errors. You'll collaborate daily with DevOps, Networking, Security, and Service Desk to standardize controls and improve developer productivity. You'll also leverage AI tools to accelerate analysis, policy design, and continuous improvements, informed by our enterprise access matrix.

• Define and maintain the enterprise role model (RBAC/ABAC), ownership, and approval flows; align designs and reviews with the access matrix.
• Lead SSO and identity integrations (SAML/OIDC, SCIM, MFA) on Microsoft Entra ID; standardize application onboarding and lifecycle.
• Administer AWS IAM and GCP IAM at org/account/project levels (SCPs/org policies, permission boundaries, service accounts, workload identity), enforcing least privilege and SoD.
• Build automation for provisioning, deprovisioning, and periodic access reviews using IaC/PaC; integrate JIT/PAM workflows (e.g., Apono).
• Strengthen endpoint and device posture with Jamf and Intune (baselines, compliance, conditional access signals) tied to identity controls.
• Implement guardrails and continuous controls (audit trails, logging, anomaly detection for access usage) with clear remediation playbooks.
• Identify, prioritize, and deliver automation opportunities that remove manual access tasks, reduce escalations, and increase audit readiness.
• Use AI tools to analyze access patterns, suggest policy improvements, and speed up documentation and evidence gathering, safely and with governance.
• Partner with DevOps, Networking, Security, and Service Desk on scalable workflows, incident resolution, and user experience improvements.
• Document architectures, runbooks, and SOPs; support audits and risk assessments with clear evidence and metrics.
• Implement and review application permissions in Amazon EKS (Kubernetes RBAC, service accounts, IRSA) to enforce least privilege and SoD.

• Strong security engineering across IAM/SSO/PAM, role modeling (RBAC/ABAC), least privilege, and SoD.
• Public cloud expertise: AWS and GCP IAM; Microsoft Entra ID; SAML/OIDC, SCIM; tools such as Apono, Jamf, and Intune.
• Automation mindset: infrastructure-as-code and policy-as-code (Terraform/Pulumi/Ansible) and scripting (Python/Bash).
• Audit and compliance experience: PCI DSS, SOX, and ISO 27001 (planning, evidence collection, remediation follow‐up).
• Proven ability to identify and deliver security automations that reduce manual access tasks and audit effort.
• Effective collaboration with DevOps, Networking, Security, and Service Desk; clear stakeholder communication.

Besides the tailored benefits we have for each country, dLocal will help you thrive and go that extra mile by offering you:

- Flexibility: we have flexible schedules and we are driven by performance.

- Fintech industry: work in a dynamic and ever‐evolving environment, with plenty to build and boost your creativity.

- Referral bonus program: our internal talents are the best recruiters - refer someone ideal for a role and get rewarded.

- Social budget: you'll get a monthly budget to chill out with your team (in person or remotely) and deepen your connections!

- dLocal Houses: want to rent a house to spend one week anywhere in the world coworking with your team? We've got your back!

We focus on impact and productivity over fixed hours. xqysrnh This means our teams have flexible schedules and, depending on your role and location, you will combine self‐managed focus time with moments of in‐person connection in our collaboration hubs.