Full-Time Security Analyst – Risk, Apps & Infra

Experian Employer Services, Verifications, and Housing (EVH) seeks a Security Analyst to manage risks and vulnerabilities for applications and infrastructure in a cloud-first environment.

Key Responsibilities:

• Identify, assess, and mitigate security risks related to IT applications and infrastructure.
• Develop and implement risk management frameworks for continuous security posture improvement.
• Define and implement security policies and guidelines aligned with risk tolerance.
• Facilitate risk assessments and security reviews across business units and IT environments.
• Evaluate IT applications and infrastructure against security control frameworks (e.g., NIST, ISO 27001, CIS, SOC 2).
• Conduct internal security audits to assess compliance with corporate policies and regulatory requirements.
• Identify security control gaps, document findings, and support remediation planning.
• Maintain documentation and evidence for security audits and assessments.
• Analyze, categorize, and prioritize vulnerabilities based on severity, impact, and exploitation likelihood.
• Track vulnerability remediation efforts and ensure timely patching.
• Conduct regular security assessments of applications, APIs, and cloud infrastructure.
• Monitor security tools, analyze logs, and respond to suspicious activity, vulnerabilities, and policy violations.
• Assist with security incident response, forensic analysis, and remediation.
• Engage with internal and external stakeholders (including Experian's Cyber Fusion team) to enhance security posture.
• Train and mentor teams on security best practices, secure coding, and compliance.
• Assist in tracking and improving security control effectiveness across business units.
• Promote a culture of security awareness through training.
• Support integration of security tools into CI/CD pipelines for automated security testing.
• Utilize security tooling (SAST/SCA/DAST/CSPM/DSPM) to evaluate and improve security posture.
• Enhance API security practices and application security testing.
• Work cross-functionally to drive security improvements.
• Generate reports for management on vulnerability status, security incidents, and audit findings.
• Ensure alignment of security initiatives with business objectives and risk tolerance.

Qualifications:

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or related field.
• Industry certifications (e.g., CISSP, CISM, CEH, CCSP, CISA) are a plus.
• Understanding of cloud platforms (AWS, Azure) and cloud security best practices.
• Experience with vulnerability scanning and assessment tools.
• Familiarity with security frameworks and compliance standards (NIST, ISO 27001, SOC 2, CIS Benchmarks).
• Proficiency in security testing, penetration testing, and vulnerability analysis.
• Knowledge of security monitoring tools, intrusion detection systems, and SIEM solutions.
• Strong problem-solving and collaborative skills.
• Effective written and verbal communication skills.

Location: Remote, Costa Rica (Heredia)

Benefits: Medical, life, and dental insurance, Asociacion Solidarista, International Share Save Plan, Flex Work/Work from home, Paid time off, Annual Performance Bonus, Education Reimbursement, Family Bonding, Bereavement Leave, Referral Program.

What is the last date for applying to the job?

Which countries are accepted for this remote job?