Your Purpose

As a Security Engineer, your primary focus will be to ensure the integrity and security of our operations, particularly in the context of SPEI and related financial systems. You will be responsible for managing and maintaining security tools, ensuring their continuous effectiveness and alignment with organizational objectives. Your role will include identifying, evaluating, and remediating security vulnerabilities, as well as contributing to the implementation and maintenance of ISO 27001 standards.

In addition, you will play a key role in incident response, addressing security events promptly to mitigate risks and ensure business continuity. You will collaborate with a dynamic team to develop and execute strategies to protect critical assets and maintain a strong security posture. Your expertise will be instrumental in improving processes and policies, ensuring compliance with regulatory requirements, and fostering a proactive security culture throughout the organization.

Reports To

Security Operations Lead

Who You Are

• Bachelor's degree in Computer Science, Information Technology, or a related field (or equivalent work experience).
• Experienced with vulnerability assessment tools such as Nessus, Qualys, and Rapid7.
• Skilled in analyzing security vulnerabilities, assessing risks, and developing effective mitigation strategies.
• Experience in leveraging AWS for vulnerability management, utilizing services like AWS Inspector.
• Proficient in scripting languages such as Python and Bash, as well as Infrastructure as Code (IaC) tools for automation and integration tasks.
• Familiarity with security standards and compliance requirements (e.g., GDPR, ISO27001, NIST).
• Excellent problem-solving and analytical skills.
• Effective communication and collaboration skills, with a proven track record of successfully working in cross-functional teams to oversee the lifecycle of vulnerabilities across the organization.
• Ability to work autonomously, taking initiative and ownership of projects with minimal supervision, while being accountable and self-driven.

Nice to have

• Experience working with Mexican regulatory bodies such as CNBV and the Bank of Mexico.
• Familiarity with the Mexican Fintech Law and its implications for infrastructure and security compliance.
• Knowledge of the SPEI system, including its integration, security requirements, and operational processes.

What You Will Do

• Analyze and interpret vulnerability scan results, providing detailed reports and actionable recommendations.
• Collaborate with cross-functional teams to prioritize and remediate identified vulnerabilities.
• Develop and maintain security policies, procedures, and documentation to ensure consistent and effective security practices.
• Monitor and respond to security incidents, ensuring timely resolution and thorough documentation.
• Stay current with the latest security trends, vulnerabilities, and industry best practices to continuously improve the security posture.
• Develop and maintain metrics to measure and report on the effectiveness of the vulnerability management program.
• As part of the Security Operations team, you’ll be part of the Cyber Incident Management team which also includes on-call rotations.

Research in Diversity, Equity, and Inclusion suggests that individuals may hesitate to apply for jobs if they do not meet all the listed criteria. At Bitso, we value diversity and your unique strengths could be just what we're looking for. If this role excites you but you don't match every point in the description, we still want to hear from you.

#LI-Remote