Role Description Félix is looking for a Senior Application Security Engineer to help scale the security of our software development lifecycle in a fast-growing, cloud-native fintech platform. This is a hands-on role focused on embedding security across CI/CD pipelines and developer workflows. You will work closely with SecOps and engineering teams to ensure that security controls are integrated early in the development process, enabling teams to ship secure code quickly and confidently. Your mission is to ensure that application security is consistently integrated into Félix’s SDLC, strengthening our overall security posture while supporting rapid product development. Responsibilities - Build and Automate Secure CI/CD Pipelines: Design, implement, and maintain security controls within our GitHub Actions CI/CD pipelines. - Drive Vulnerability Management: Take ownership of our vulnerability management program using platforms like DefectDojo. - Champion Secure Development: Act as a security subject matter expert for our product engineering teams. - Coordinate Security Assessments: Manage and support internal and external penetration testing engagements. - Develop Security Standards: Help define and document foundational security requirements for source code management. - Support Compliance Initiatives: Partner with our GRC function to implement necessary application security controls. Qualifications - Proven experience as an Application Security Engineer, Product Security Engineer, or in a similar role. - Hands-on experience building, securing, and operating CI/CD pipelines, preferably with GitHub Actions. - Strong proficiency with security scanning tools (e.g., SAST, DAST, SCA, secret scanning). - Proficiency in a scripting or programming language, with a strong preference for Python. - Deep understanding of web application vulnerabilities, secure architecture principles, and the OWASP Top 10. - Experience working with cloud-native technologies and environments (GCP, Kubernetes/GKE, Docker). - Experience in a regulated industry (Fintech, Healthcare, etc.) and familiarity with compliance frameworks like SOC 2 and PCI DSS. - Experience with Infrastructure-as-Code tools like Terraform and related security scanners (e.g., Checkov). - Familiarity with vulnerability management platforms like DefectDojo. Requirements - These are the applicable requisites, although equivalent competencies in any of the above will also be considered. Benefits - Competitive salary - Initial stock options grant - Annual performance bonus - Health, dental, and vision plans - Remote work environment, although we have offices in Miami and México City. - Continuous learning opportunities - Unlimited PTO - Paid parental leave - Empowering opportunities for growth in a dynamic entrepreneurial environment Equal Opportunity Employer At Félix, we are committed to providing equal employment opportunities to all qualified employees and applicants without regard to race, religion, nationality, sex, sexual orientation, gender identity, age, or disability.

• Develop understanding of regulated industry compliance requirements as they apply to Snowflake. • Establish programs to manage Snowflake’s compliance posture with those regulations, including ensuring readiness, how we communicate that posture externally, and leading customer or regulator audits of the same. • Become an expert on Snowflake’s control environment, security features and best practices for customer deployment. • Respond to customer inquiries about Snowflake’s security and compliance obligations and lean into how we can enable customers and field personnel to increasingly self-serve. • Become a trusted advisor, facilitator and respond to customer and regulatory inquiries about Snowflake’s security and compliance obligations and documentation. • Participate in sales calls to discuss Snowflake's security and compliance capabilities.

• Manage and conduct advisory assignments in the field of cybersecurity and compliance • Guide and conduct evaluations based on recognized control frameworks or specific frameworks used by Bureau Veritas Cybersecurity • Assist organizations in implementing ISMS and CSMS in accordance with relevant standards • Actively contribute to the development of knowledge and services • Support key clients with coordination across multiple stakeholders

• Lead and automate the ISO 27001 ISMS: full ownership of the ISO 27001 program integrated into the QMS — controls, risk register, policies, internal audits, corrective actions. Design and improve automation workflows (Notion, AI agents, reporting) to remain continuously audit-ready • ISMS / medical device cybersecurity interface: Ensure alignment between the ISMS and QMS, support medical device cybersecurity requirements (IEC 81001-5-1, IEC 62443, SBOM, MDR Annex I §17) in partnership with the QARA team, contribute to technical files and audits on security aspects, support the DiGA gap assessment (BSI TR-03161) on security, monitor FDA cybersecurity guidance • Prepare for new regulatory frameworks: Anticipate and translate NIS2, HIPAA, SOC 2 requirements into pragmatic controls and concrete deliverables