Lead Security Engineer
ARQ (formerly DolarApp) is a modern finance app that gives travelers, investors, and professionals access to global assets and currencies. It offers digital dollars and euros at real market rates, a borderless cashback card, international payments, and investment access to stocks and ETFs.
Funding
Projects
About ARQ
ARQ, rebranded from DolarApp, is a fintech platform aimed at making global finance accessible to travelers, investors, and professionals, primarily serving users in Mexico and Latin America. Its core offerings include converting local currency into digital dollars (USDc) and digital euros (EURc) at real market exchange rates without hidden fees, a global card offering competitive conversion rates and cashback for spending at home or abroad, and the ability to receive and send international payments (from the US and Europe) using personal account details instead of traditional remittance services. The platform also provides earnings accounts and access to leading global stocks and ETFs so users can invest and grow their wealth across markets. ARQ states it serves over 2 million people worldwide who manage their finances through the app, with app store ratings of 4.7/5 and 4.6/5.
Skills
About the Role
You will set the technical direction for detection engineering, alert pipelines, and automated response across the security stack, raising the bar on how the team designs and reviews detections. You will own incident response readiness at a program level, designing IR playbooks, leading tabletop exercises, and acting as technical lead during major incidents. You will define the DLP and data protection strategy across Google Workspace, Slack, and internal tooling, guiding the team executing it. You will set the standard for cloud security assessments across AWS and Kubernetes, reviewing findings from other engineers and tackling the most complex environments yourself. You will drive the application security roadmap, including threat modelling standards, secure code review practices, API security testing strategy, and security pipeline architecture. You will define the company's approach to securing AI/agentic workflows, setting guardrails for prompts, destructive actions, and data exposure, and advising other teams building with LLMs/MCP servers. You will own the vendor security assessment framework, continuously improving the due diligence process and handling the highest-risk vendor reviews. You will act as a technical mentor to mid and senior engineers, reviewing their detection logic, assessments, and playbooks without formal management responsibilities.
Requirements
- 7+ years in information security, including demonstrated experience building or substantially maturing a security function or program from the ground up
- 2+ years at a regulated fintech/bank/payment company
- Deep, hands-on expertise in cloud infrastructure security (AWS, Kubernetes), able to architect controls
- Strong detection engineering background
- Proven experience driving application security programs: threat modelling frameworks, secure code review standards, CI/CD pipeline hardening, and API security testing strategy
- Deep experience with endpoint security tooling (EDR/XDR) and identity & access management architecture in a SaaS-heavy environment (Google Workspace, Okta/Cloudflare Access, SSO/SCIM)
- Demonstrated ability to define practical security guardrails for AI/agentic tooling
- Experience designing or significantly evolving a vendor security assessment/third-party due diligence program
- Excellent written and verbal communication
- Business fluent in English
Responsibilities
- Set the technical direction for detection engineering, alert pipelines, and automated response across the security stack
- Raise the bar on how the team designs and reviews detections
- Own incident response readiness at a program level
- Design IR playbooks
- Lead tabletop exercises
- Act as technical lead during major incidents
- Define DLP and data protection strategy across Google Workspace, Slack, and internal tooling
- Guide the team executing the DLP strategy
- Set the standard and approach for cloud security assessments across AWS and Kubernetes
- Review findings from other engineers
- Tackle the most complex security environments directly
- Drive the application security roadmap
- Set threat modelling standards
- Define secure code review practices
- Define API security testing strategy
- Architect security pipeline
- Define the company's approach to securing AI/agentic workflows
- Set guardrails for prompts, destructive actions, and data exposure
- Advise other teams building with LLMs/MCP servers
- Own the vendor security assessment framework
- Improve the due diligence process
- Handle the highest-risk vendor reviews
- Act as a technical mentor to mid and senior engineers
- Review detection logic, assessments, and playbooks of other engineers
Benefits
- Stock options
- Discretionary performance bonus
- The latest tools and technology
