About Baubap

We are a fast-growing, Mexican fintech startup with the mission to become the bridge to people’s financial freedom through technology.

We are providing microloans to people in financial need through a fast and efficient process, always treating them with the respect and dignity they deserve.

Our long-term vision is to be the most inclusive digital bank in LATAM with more than 2.5 million clients.

About your role

As a Security Engineer, your role will be crucial to our organization's security posture. You'll lead the way in developing and implementing robust, cutting-edge security protocols and systems. You'll ensure our products and processes meet the latest IT security standards and best practices, including CIS-18, ITIL4, and DevSecOps, to safeguard our growing client base and our credit portfolio.

Objectives

1. Design and Implement Robust Security Architecture: Develop and implement systems that can effectively defend against threats. These systems should incorporate the latest security protocols and tools.
2. Conduct Regular System Testing: Regularly perform system testing to ensure the effectiveness of security measures. This can include penetration testing, vulnerability assessments, and security audits.
3. Maintain Awareness of Latest Security Threats and Developments: Stay up-to-date with the latest cybersecurity threats, vulnerabilities, and trends. This information should guide the update and refinement of the organization's security systems.
4. Incident Response and Recovery: Develop and implement procedures for responding to security incidents and for restoring operations in the event of an attack or disaster. This includes creating a detailed incident response plan.
5. Promote Security Best Practices: Encourage a culture of security consciousness within the organization. This can involve developing and delivering training sessions to educate staff on security best practices and potential risks.
6. Compliance and Governance: Ensure that all security policies, procedures, and systems are in compliance with relevant laws, regulations, and standards. This might involve regular audits and documentation.
7. Evaluation and Recommendation of Security Tools: Continually assess and recommend security tools, technologies, and processes that will enhance the organization's security posture.

Responsibilities

1. System Design and Implementation: Develop and execute robust security infrastructures to safeguard the organization from cyber threats.
2. Security Monitoring: Oversee security access and conduct assessments to identify potential vulnerabilities.
3. Incident Management: Lead the response to security breaches and coordinate recovery actions.
4. Security Training and Policies: Develop and enforce security policies, conduct employee training, and foster a security-conscious culture.
5. Technology Evaluation: Assess and recommend security products to strengthen the organization's defenses.
6. Collaboration: Work with different departments to incorporate security practices into daily operations.
7. Compliance Management: Ensure the organization adheres to industry regulations for data privacy and security.
8. CIS SecureSuite Certification: Guide the organization towards achieving the CIS SecureSuite Certification by implementing the CIS Controls and Benchmarks, thereby ensuring best practices in security are met.

What You Bring to the Team

• Bachelor’s or Master’s degree in Computer Science, Information Technology, Cybersecurity, or a related field, or equivalent experience.
• 7+ years of experience in IT security, with a proven track record of leading security projects and teams.
• Recognized certifications in cybersecurity, such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Certified Information Security Manager (CISM), Certified Cloud Security Professional (CCSP).

Desirable Skills

• In-depth knowledge and certification in DevOps and DevSecOps practices and tools, such as Certified Kubernetes Administrator (CKA), AWS Certified DevOps Engineer, or Jenkins Certified Engineer.
• Certification in IT Service Management (ITSM) or ITIL.

Your skills

• Clear and Transparent Communication. You can articulate your thoughts clearly, concisely and can facilitate technical understanding to non-technical stakeholders.
• Relentless Resourcefulness. You are solution-focused, and known for your creativity and resourcefulness when facing challenges.
• Sense of Urgency. You possess a proactive approach, always pushing forward to achieve desired outcomes.
• Flexibility and Resilience. You maintain your composure and focus amidst changes, adapting swiftly when necessary.
• Self-Driven and Committed. You are motivated and committed to ensuring the success of your team and the business.
• Strategic Thinking. You use data to inform decisions, understanding the deeper implications of certain strategic choices.
• Critical / Analytical Thinking. You can analyze complex issues, identify their root causes, and propose clear, logical action plans.
• Team Player. You understand the importance of collaboration and fostering a positive team culture.

• A significant role in a multinational, highly driven team of professionals.
• A flexible and remote working environment.
• High level of ownership and independence.
• 25 vacation days / year + 75% holiday bonus.
• 1 month (proportional) of Christmas bonus.
• "Vales de despensa" - 3,912 MXN / month.
• Health & Life insurance.
• Home office set-up budget.
• Unlimited budget for Kindle books.
• Baubap Free Loan.
• A competitive salary.