opengreenhousehardyaka
Senior Security Operations Engineer
Bitso
LocationMéxico
Last observed2026-06-13 05:23:27.326934
Job idhardyaka-bitso:greenhouse:7655700003
Working At Bitso We are a diverse team that takes pride in understanding the perspectives of others. We fully embrace working remotely and we are eager to act, improve and accelerate progress inside and outside of our organization. To drive revolutionary changes in society and make crypto useful, we delight our customers with world-class products, deep care, and intentional empathy. Your Purpose The Senior Security Engineer is a versatile member of the Security Operations team who brings deep expertise in vulnerability management while actively contributing across the full scope of security operations. You will own the vulnerability management function, but your involvement doesn’t stop there. You are expected to operate as a well-rounded security professional who supports the team across multiple disciplines, including: Vulnerability Management Cyber Incident Management Threat Intelligence and Threat Hunting Security Assessments and Tool Evaluations Regulatory Compliance and Audit Support This is a hands-on, execution-focused role within the Security Operations team. The ideal candidate owns the vulnerability management function with discipline and rigor, while consistently contributing to incident response, threat analysis, compliance support, and other operational priorities as they arise. This role requires a senior security professional who operates with a generalist mindset, brings expertise in vulnerability management, and is capable of mentoring junior team members and driving strategic improvements to the security program. Reports To Security Operations Lead Who You Are Experience : 5+ years of technical experience in security operations, with strong hands-on experience in vulnerability management. You’ve worked in a SOC, CSIRT, or similar operational security environment where you wore multiple hats and operated with a high degree of autonomy. Ops Mindset : You possess a strong sense of urgency and ownership. You don’t wait to be told what to do, you see gaps and fill them. You are willing to participate in a scheduled on-call rotation to effectively address and mitigate critical security incidents outside of business hours. Technical Proficiency: Hands-on experience with enterprise vulnerability scanning platforms (Qualys, Tenable, Rapid7, or equivalent). Strong understanding of risk-based vulnerability prioritization beyond CVSS factoring in exploit availability, threat intelligence, asset exposure, and business context. Experience investigating security alerts using EDRs and SIEM platforms. Familiarity with endpoint security policies, secure email gateways, and DLP concepts. Ability to produce clear, data-driven reporting for technical and executive audiences. Experience working with Infrastructure as Code (IaC) tools such as Terraform, CloudFormation, or Ansible, including the ability to review and secure infrastructure configurations. Cloud Native : Experience working within cloud environments, preferably AWS, with an understanding of cloud-native vulnerability considerations including containers and serverless. Automation & Scripting : Experience with Python, Bash, or similar scripting languages to automate workflows, reporting, and integration with ticketing systems. Experience leveraging AI/ML tools to improve operational efficiency is a plus. Regulatory & Compliance : Experience supporting regulatory compliance audits and working within frameworks relevant to the Mexican financial regulatory landscape (CNBV, Ley Fintech). Ability to interface with auditors, prepare evidence, and ensure security controls meet local compliance requirements. Adaptability : You are comfortable operating outside your primary domain. When the team needs support on an incident, a compliance audit, a threat intel deep-dive, or a security assessment, you lean in without hesitation. Bilingual Communication : Required full professional fluency in English and Spanish. You must be able to translate technical findings into actionable guid
This page is generated from the committed OpenOpps static snapshot. Use the source posting or apply link for the employer's current canonical posting state.