Security Analyst

Summary

Join Experian's Employer Services, Verifications, and Housing (EVH) team as a Security Analyst! This remote, permanent position in Costa Rica focuses on managing application and infrastructure risks and vulnerabilities within a cloud-first environment. You will play a critical role in safeguarding Experian's IT systems, ensuring compliance with security frameworks. Responsibilities include risk management, compliance and audit functions, vulnerability management, security operations and monitoring, promoting security best practices, utilizing security technology and automation, and collaborating and reporting. The ideal candidate possesses strong security expertise, experience with various security tools and frameworks, and excellent communication skills. Experian offers a comprehensive benefits package.

Requirements

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or related field (or equivalent experience)
• Understanding of cloud platforms (AWS, Azure) and cloud security best practices
• Experience with vulnerability scanning and assessment tools for applications and infrastructure
• Familiarity with security frameworks and compliance standards (NIST, ISO 27001, SOC 2, CIS Benchmarks)
• Proficiency in security testing, penetration testing, and vulnerability analysis
• Knowledge of security monitoring tools, intrusion detection systems, and SIEM solutions
• Ability to assess security risks, prioritize vulnerabilities, and recommend remediations
• Experience conducting security audits and control evaluations
• Strong problem-solving skills and ability to work collaboratively in cross-functional teams
• Effective written and verbal communication skills for both technical and non-technical audiences

Responsibilities

• Identify, assess, and mitigate security risks related to IT applications and infrastructure
• Develop and implement risk management frameworks to ensure continuous monitoring and improvement of security postures
• Work with stakeholders to define and implement security policies and guidelines aligned with risk tolerance
• Facilitate risk assessments and security reviews across business units and IT environments
• Evaluate IT applications and infrastructure against security control frameworks (e.g., NIST, ISO 27001, CIS, SOC 2)
• Conduct internal security audits to assess compliance with corporate security policies and regulatory requirements
• Identify gaps in security controls, document findings, and support remediation planning
• Maintain documentation and evidence for security audits and regulatory assessments
• Collaborate with teams to analyze, categorize, and prioritize vulnerabilities based on severity, potential impact, and likelihood of exploitation
• Track vulnerability remediation efforts and ensure timely patching and risk mitigation
• Conduct regular security assessments of applications, APIs, cloud infrastructure
• Monitor security tools and analyze logs for signs of suspicious activity, vulnerabilities, or policy violations
• Assist with security incident response, forensic analysis, and remediation plans
• Engage with internal and external stakeholders, including Experian’s Cyber Fusion team, to enhance security posture
• Act as a Security Champion, training and mentoring teams on security best practices, secure coding, and compliance
• Assist in tracking and improving security control effectiveness across business units
• Promote a culture of security awareness through training and engagement programs
• Support the integration of security tools into CI/CD pipelines to enable automated security testing
• Utilize security tooling (SAST/SCA/DAST/CSPM/DSPM) to evaluate and improve security posture
• Enhance API security practices and application security testing methodologies
• Work cross-functionally to drive security improvements
• Generate reports for management on vulnerability status, security incidents, and audit findings
• Ensure alignment of security initiatives with business objectives and risk tolerance

Preferred Qualifications

Industry certifications such as CISSP, CISM, CEH, CCSP, or CISA

Benefits

• Medical, life and dental insurance
• Asociacion Solidarista
• International Share Save Plan
• Flex Work/Work from home
• Paid time off
• Annual Performance Bonus
• Education Reimbursement
• Family Bonding
• Bereavement Leave
• Referral Program