Job Description:

Location: Anywhere in Mexico (WFH/Remote)

Applications from persons not living in Mexico will NOT be accepted.

The Vulnerability Analyst is an advanced, hands-on practitioner and representative of the Information Security Team. The individual in this role is expected to have a general understanding of many different systems and applications across the company. The individual will understand applications, operating systems, networking, cloud infrastructure and emerging threats. Working closely as a handson practitioner with IT infrastructure, application developers and security operations, the analyst will collaborate to remediate vulnerabilities and the attack surface. The role is highly technical, and the individual is expected to have a diverse understanding of cybersecurity principles, enterprise systems and business process dependencies. Long-term success requires staying up to date with the evolving threat landscape and potential impact on advanced technologies, as well as legacy systems and applications.

The successful Vulnerability Analyst takes an active lead to inform, advise, and partner with technology leadership and business units to secure the company.

The analyst will regularly report on the state of vulnerabilities including criticality, exploit probability, business impact and remediation to security and IT leadership. This includes all company digital assets that may have weaknesses to allow internal or external threat actors to potentially exploit, which may lead to a breach. The ability to collaborate with multiple teams and take a pragmatic approach, while at the same time possessing a sense of urgency when needed, is essential. The Vulnerability Analyst will support strategic initiatives driven from information security and IT leadership for short- and long-term plans to identify and reduce the attack surface across applications and systems. Individuals will support tactical change focused on automation, innovation, and operational efficiencies to detect and remediate weaknesses in the enterprise.

Essential Job Duties

• Support ITs responsibility to remediate system and application vulnerabilities.
• Monitor for vulnerabilities within applications, endpoints, databases, networking, mobile
• services, cloud services, and third-party assets.
• Work closely with technical and non-technical system owners to advise and support remediation efforts to close vulnerability exposure to new threats in the wild and verify the organization's security posture against them.
• Provide vulnerability education and guidance to stakeholder to prevent new offerings from being at risk of misconfiguration, compromise, or information leakage.
• Supervise testing and validation vulnerability remediation and controls.
• Conduct continuous discovery, vulnerability assessment and remediation status of enterprisewide assets.
• Prioritize vulnerability remediation based on criticality, exploit probability, rating, and business
• risk exposure.
• Document, prioritize, recommend, validate, and report on the state of vulnerabilities.
• Automate asset inventory and vulnerability discovery and reporting.
• Communicate vulnerability results in a manner understood by technical and non-technical staff based on risk tolerance and threat to the business.
• Procure and maintain tools and scripts used in asset discovery and vulnerability status.
• Leverage vulnerability database sources to understand each weakness, its probability, and remediation options, including vendor-supplied fixes and workarounds.
• Collaborate with IT & security groups to form a holistic team dedicated to reducing attack
• surface.
• Guide application development teams to continuously improve security practices and
• outcomes.
• Liaise with the security operations team to improve monitoring and response workflow.
• Assist with change management operations to ensure vulnerabilities are not introduced.
• Define key performance indicators and metrics to illustrate efficacy with vulnerability
• management.
• Understand breach and attack simulation solutions for known vulnerabilities and work with the team to validate controls effectiveness.
• Remain current with emerging threats and share knowledge with colleagues to improve security posture.
• Work as a team to consistently learn and share advanced skills and foster team excellence.
• Maintain documentation related to vulnerability policies and procedures.
• Serve as a point of contact for new and existing vulnerability-related issues.

Skills and Experience

• 5-7+ years information security administration, vulnerability management, security operations, or IT project/program management.
• Proficient with commercial and open source vulnerability management solutions.
• Experience stabilizing systems to run minimal application requirements, least privilege, and additional host hardening.
• Understanding of networking protocols and devices.
• Advanced knowledge of operating systems, applications, infrastructure, and cloud computing services.
• Preferably some experience with vulnerability management across cloud environments such as Microsoft Azure, Amazon Web Services, or Google Cloud Platform.
• Experience conducting organization-wide vulnerability scanning and remediation processes.
• Ability to influence technical and non-technical teams and collaborate to reduce attack surface.
• Capable of scripting in Python, Bash, Perl, or PowerShell preferred.
• Understanding of OWASP, CVSS, the MITRE ATT&CK framework and the software development lifecycle.
• Capacity to comprehend complex technical infrastructure, managed services, and third-party dependencies.
• Track record of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively.
• Experience with one or more of the following frameworks a plus: NIST, ISO 27001, PCI DSS,
• HIPAA, HITECH, SOX, GDPR, CCPA, CIS, or SOC 2.
• Self-starter requiring minimal supervision.
• Analytical and problem-solving mindset.
• Highly organized and efficient.
• Demonstrated strategic and tactical thinking, along with decision-making skills and business acumen.

Education Requirements

• Preferably higher education with a technical focus such as information security, IT, management information systems, or equivalent industry experience.

Certification Requirement

• CISSP, CRISC, GCED, GCCC, GPEN, GCIH, GCIA, GEVA, CND, ECIH, CSA, CEH, CySA+, or PMP preferred.

Salary Package:
MX$ 90,000.00 - 110,000.00 (Mexican Peso)