This is a fully remote position, open to applicants in Mexico.

• Utilize industry-leading tools to identify vulnerabilities within applications and infrastructure.

• Manage and execute DAST, SAST, and software composition analysis (SCA) activities.

• Evaluate vulnerability scan results, confirm findings, minimize false positives, and prioritize risks.

• Collaborate closely with development teams to assess detected vulnerabilities and provide clear, actionable remediation suggestions.

• Monitor vulnerabilities through the remediation process and confirm the effectiveness of fixes.

• Serve as a trusted AppSec consultant for engineering and product teams.

• Apply knowledge of the OWASP Top 10 and common web application and API attack techniques.

• Promote secure development practices, conduct threat modeling, and participate in design reviews.

• Contribute to guidelines, patterns, and best practices for secure coding.

• Utilize AI-powered tools (such as Copilot-style tooling and AI-assisted scanners).

• Identify opportunities to automate repetitive security tasks and workflows.

• Lead and assist in security testing for AI and LLM-driven features across the organization.

• Assess and evaluate risks highlighted in the OWASP Top 10 for LLM Applications.

• Over 5 years of experience in Application Security, Product Security, or Vulnerability Management.

• Familiarity with cloud platforms such as AWS, Azure, and OCI, along with CSPM tools (e.g., WIZ).

• Strong practical experience with DAST and SAST tools, as well as Web Application and API Security Testing.

• Comprehensive understanding of the OWASP Top 10 and Secure SDLC principles.

• Exceptional documentation and communication skills, both verbal and written.

• Strong analytical problem-solving abilities and knowledge of application security architecture.

• Experience collaborating directly with software development teams on remediation efforts.

• Solid grasp of modern application architectures including REST APIs, microservices, and cloud technologies.

• Awareness of the OWASP Top 10 as it pertains to LLMs.

• Flexible work arrangements.

• Opportunities for professional development.

Security Analyst

People also viewed