Senior Security Operations Engineer
Bitso is a Latin America-focused cryptocurrency platform that allows users to invest, trade, and make borderless payments. It provides a suite of tools for buying, selling, and earning crypto, alongside a blockchain-based payments platform for businesses to facilitate secure and efficient cross-border transactions. Bitso also supports the ecosystem's growth through its stablecoin startup accelerator program, 'The Push'.
Projects
About Bitso
Bitso is a comprehensive cryptocurrency platform serving over 9 million users and 1,900 B2B clients. For individuals, it offers tools for investing, portfolio tracking, automated trading, and earning yields on digital assets, with an advanced trading app, Bitso Alpha. For businesses, Bitso provides a financial services platform using blockchain technology to streamline cross-border and local payments, offering instant settlements and 24/7 availability through a single API. The company prioritizes security and regulatory compliance, holding local licenses in Mexico, Brazil, and Argentina, and an international certification from the Gibraltar Financial Services Commission (GFSC). Demonstrating its commitment to innovation, Bitso has also launched 'The Push,' a stablecoin accelerator program to fund and support emerging startups in Latin America.
Skills
About the Role
You will be a versatile member of the Security Operations team, bringing deep expertise in vulnerability management while actively contributing across the full scope of security operations. You will own the vulnerability management function end-to-end and also support incident management, threat intelligence, security assessments, and regulatory compliance efforts. This is a hands-on, execution-focused role that requires you to operate with a generalist mindset, mentor junior team members, and drive strategic improvements to the security program. You will participate in a scheduled on-call rotation to address critical security incidents outside of business hours.
Requirements
- 5+ years of technical experience in security operations, with strong hands-on experience in vulnerability management
- Experience working in a SOC, CSIRT, or similar operational security environment with high autonomy
- Willingness to participate in a scheduled on-call rotation
- Hands-on experience with enterprise vulnerability scanning platforms (Qualys, Tenable, Rapid7, or equivalent)
- Strong understanding of risk-based vulnerability prioritization beyond CVSS
- Experience investigating security alerts using EDRs and SIEM platforms
- Familiarity with endpoint security policies, secure email gateways, and DLP concepts
- Ability to produce clear, data-driven reporting for technical and executive audiences
- Experience working with Infrastructure as Code (IaC) tools such as Terraform, CloudFormation, or Ansible
- Experience working within cloud environments, preferably AWS, including containers and serverless
- Experience with Python, Bash, or similar scripting languages to automate workflows and reporting
- Experience supporting regulatory compliance audits and working within frameworks relevant to Mexican financial regulations (CNBV, Ley Fintech)
- Full professional fluency in English and Spanish
- Defensive security certifications (GCIH, GEVA) are a plus
- Offensive security certifications (OSCP, GPEN, GXPN) are a strong plus
Responsibilities
- Own and operate the end-to-end vulnerability management lifecycle: discovery, scanning, prioritization, remediation tracking, and verification
- Prioritize vulnerabilities using a risk-based approach that accounts for exploitability, threat intelligence, asset criticality, and business impact
- Produce recurring vulnerability posture reports and trend analysis for stakeholders
- Serve as a technical investigator for complex security alerts and support the investigation, containment, and remediation of security incidents
- Participate in the on-call rotation to ensure coverage for critical alerts
- Consume threat intelligence feeds and proactively hunt for Indicators of Compromise (IOCs) in the environment
- Develop and integrate detection use cases for business applications, ensuring the right data is logged
- Support regulatory compliance audits, including preparation of evidence and documentation aligned with Mexican financial regulatory requirements
- Mentor and support junior team members, contributing to knowledge sharing and growth of the security team
Benefits
- Me Time program, including unlimited paid time off
- Remote-first work environment
- Employee Stock Option program
- Zero trading fees through Bitso Alpha app
- Extended Family Leave Policy with 4-months leave for birthing, non-birthing and adopting parents
- Premium health, dental and life insurance
