About Us and the Role:

Founded in 1987, GFT today has more than 10,000 experts around the world and is present in more than 15 markets to ensure customer proximity. With new operations from Asia to America, we continue on the path of growth on a global scale. Since 10 years ago from Costa Rica we managed North-American clients from Financial, Industry and Insurance fields.

As a Security Operations Analyst at the Application area you will play a critical role in safeguarding the integrity and resilience of modern cloud-based infrastructure. Tasked with identifying, assessing, and mitigating vulnerabilities, the analyst employs their expertise to proactively monitor the technology landscape for potential security risks. Through comprehensive vulnerability assessments and continuous monitoring, they collaborate with cross-functional teams to prioritize remediation efforts, ensuring timely resolution of identified weaknesses. Leveraging their in-depth knowledge of cloud technologies and security best practices, the analyst fortifies the organization’s technology platforms by implementing robust vulnerability management strategies, thereby contributing to a secure and high-performance cloud-first environment.

 

A Day in this Role:

• Working in conjunction with application, platform, and product development teams, regularly review, analyze, and manage vulnerability assessment results to identify potential security weaknesses in cloud infrastructure and applications.
• Collaborate with cross-functional teams to prioritize and categorize vulnerabilities based on severity, potential impact, and likelihood of exploitation.
• Analyze security findings from various sources, such as security tools, penetration tests, to identify trends and patterns.
• Manage and drive vulnerability tracking and timelines for remediation.
• Work closely with DevSecOps, IT and platform teams to ensure timely patching, configuration changes, and updates to address identified vulnerabilities.
• Stay up to date with the latest security threats, vulnerabilities, and mitigation strategies in cloud technologies, and translate this knowledge into actionable insights.
• Collaborate with third-party vendors, client cyber fusion team, and internal stakeholders to address vulnerabilities and verify successful remediation.
• Provide regular reports and updates to management regarding the organization’s vulnerability posture, ongoing remediation efforts, and improvements made to the vulnerability management program.
• Manage and track completion of security training and awareness programs for business unit.
• Assist with tracking and remediating control gaps.
• Drive efforts to ensure consistency of controls across the business unit.
• Build relationships with key stakeholders across the organization to track and manage risk. 
• Mentor teammates on processes, best practices, prioritization, and issue resolution as per client policies, standards, and technical service baselines.
• Flexibility to be a utility player where needed as this business evolves.
• Other duties as requested.  

 

The Expertise Requested:

• Bachelor’s degree in computer science, information technology, cybersecurity, or a related field or demonstrated equivalent experience.
• Have or willingness to achieve industry-recognized certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Ethical Hacker (CEH), and Certified Cloud Security Professional (CCSP).
• Knowledge of major cloud platforms such as AWS, Azure, including experience with cloud security services and configuration management.
• Some experience using scripting languages (e.g., Python, Bash) with a focus on automating security controls.
• Familiarity with container security best practices, orchestration platforms (e.g., Kubernetes), container runtime security, and related tools (e.g., container scanning tools).
• Some experience or familiarity with vulnerability scanning and assessment tools for cloud, containers, and big data systems, and the ability to interpret and prioritize the results.
• Understanding of security principles, best practices, and common vulnerabilities in cloud environments, big data systems, and container technologies (e.g., Kubernetes, Docker)
• Understanding of basic security testing methods and technologies, including penetration testing, web application security assessments, vulnerability assessments, etc
• Understanding of security monitoring tools, intrusion detection systems, and the ability to analyze logs to detect and respond to security incidents.
• Skills to assess and prioritize vulnerabilities based on risk factors, business impact, and industry standards.
• Strong analytical and problem-solving skills to identify root causes of vulnerabilities and work collaboratively with teams to remediate them.
• Effective communication skills, both written and verbal, to interact with technical and non-technical stakeholders, present findings, and provide security recommendations.
• The ability to stay current with evolving cloud, big data, and container security trends, and adapt to new technologies and emerging threats.
• Agile project management skills to manage vulnerability assessments, remediation efforts, and ongoing security initiatives.
• Collaborative attitude, willingness to work in cross-functional teams, and a commitment to a culture of security within the organization.