Join the Popular Team!
Founded in 1893, Popular Inc. has been built upon strong institutional values while providing broad financial services within the United States, Puerto Rico, and the Caribbean.
We strive to create an extraordinary legacy with a passion for customer service, tremendous dedication to our employees, and strong partnerships in the communities where we reside. Come explore Popular – Our bottom line is you.
ISO Threat Intel & Analytics
The Analyst – Vulnerability Assessment role is part of the Threat Intelligence and Analytics program. Popular’s Threat Intelligence and Analytics team reduces cyber risk by uncovering vulnerabilities and weaknesses against a broad range of cyber threats in the enterprise technology environment (in-house and hosted by third parties) by conducting full-scope adversary simulation and developing strategies most effectively address the threats.
The Analyst – Vulnerability Assessment role works closely with information security team members to plan, coordinate, execute, and report sophisticated Threat Intelligence and Analytics data, collaborates to identify access and collection gaps that can be satisfied through the cyber collection and/or preparation activities, and leverages all authorized resources and analytic techniques to penetrate targeted networks.
In this position, you will:
- Conduct sophisticated full-scope adversary emulation operations against Popular and/or third-party service providers to identify and mitigate identified vulnerabilities
- Research, develop, and apply offensive procedures to simulate capabilities of common threat actors
- Provide subject matter expertise in offensive security for cyber defenders, remediation teams, and ITD teams
- Build, maintain, and continually improve attacking Infrastructure to support operations
- Apply applicable threat intelligence to simulate relevant threat actors
- Perform periodic vulnerability scans of networks to identify security vulnerabilities, provide remediation alternatives, and conduct security risk assessments to ensure compliance with corporate security policies and adherence to best practices
To be considered, you will need:
- Bachelor’s Degree in computer science, information assurance, MIS or related field, or equivalent work experience
- At least five years of experience in application security, software development, and related fields
- At least five years of experience with application security testing in a complex technology environment
- Two plus years of experience in offensive security tool development, including experience with scripting
- Experience managing teams, vendors and performing mobile platform penetration testing across widely used platforms (iOS and Android)
- Experience performing and managing network/host-based penetration testing
- Cloud Service penetration testing hands-on experience against hyperscale IAAS and PAAS cloud service providers (e.g., AWS, Azure, GCP, Salesforce)
- Red/Purple team operations
- Direct hands-on experience with threat modeling frameworks, attack vectors, and vulnerability analysis: CAPEC, ATT&CK, STRIDE
- Minimum: one (1) Base Certification, such as basic cloud certifications from OSCP, OSCE, GPEN, GXPN, and CRTO
- Preferred: Specialization Certifications, such as CISSP and CISM
Knowledge and Skills
- Advanced skillsets for application penetration testing and assessment tradecraft, and methodologies (including browser-based, API, thick client, and Mobile) utilizing COTS and/or custom toolsets
- Strong working knowledge of at least two programming or scripting languages
- Excellent verbal and written communication skills, including technical writing of assessment reports, presentations, and operating procedures
- Strong understanding of security principles, policies, and industry best practices
- Good understanding of various security and compliance frameworks (PCI DSS, NIST 800-53, GLBA, etc.)
- Knowledge with Open Source Security Testing Methodology Manual (OSSTMM), Open Web Application Security Project (OWASP), Software Assurance Maturity Model (SAMM), National Institute of Standards and Technology (NIST) Special Publications, and PTES (Penetration Testing Execution Standard)
Please consider joining our DYNAMIC, friendly team! It takes only a few minutes to check-out this great opportunity and apply!
We are proud to be an EEO/AA employer M/F/D/V. We maintain a drug-free workplace and perform pre-employment substance abuse testing.
To learn more about Popular, visit our website at www.popularbank.com.
Connect with us!
We reaffirm our commitment to offer essential financial services and solutions for our customers at all times, including during emergency situations and/or natural disasters. Popular’s employees are considered essential workers, whose role is critical in the continuity of these important services even under such circumstances. By applying to this position, you acknowledge that Popular may require your services during and immediately after any such events.