Senior Security Operations (SecOps) Engineer - Bitso

Working At Bitso

We are a diverse team that takes pride in understanding the perspectives of others. We fully embrace working remotely and we are eager to act, improve and accelerate progress inside and outside of our organization.

To drive revolutionary changes in society and make crypto useful, we delight our customers with world-class products, deep care, and intentional empathy.

Your Purpose

The Senior Security Engineer is a versatile member of the Security Operations team who brings deep expertise in vulnerability management while actively contributing across the full scope of security operations. You will own the vulnerability management function, but your involvement doesn’t stop there. You are expected to operate as a well-rounded security professional who supports the team across multiple disciplines, including:

• Vulnerability Management
• Cyber Incident Management
• Threat Intelligence and Threat Hunting
• Security Assessments and Tool Evaluations
• Regulatory Compliance and Audit Support

This is a hands-on, execution-focused role within the Security Operations team. The ideal candidate owns the vulnerability management function with discipline and rigor, while consistently contributing to incident response, threat analysis, compliance support, and other operational priorities as they arise. This role requires a senior security professional who operates with a generalist mindset, brings expertise in vulnerability management, and is capable of mentoring junior team members and driving strategic improvements to the security program.

Reports To

Security Operations Lead

Who You Are

• Experience: 5+ years of technical experience in security operations, with strong hands-on experience in vulnerability management. You’ve worked in a SOC, CSIRT, or similar operational security environment where you wore multiple hats and operated with a high degree of autonomy.
• Ops Mindset: You possess a strong sense of urgency and ownership. You don’t wait to be told what to do, you see gaps and fill them. You are willing to participate in a scheduled on-call rotation to effectively address and mitigate critical security incidents outside of business hours.

Technical Proficiency:

1. Hands-on experience with enterprise vulnerability scanning platforms (Qualys, Tenable, Rapid7, or equivalent).
2. Strong understanding of risk-based vulnerability prioritization beyond CVSS factoring in exploit availability, threat intelligence, asset exposure, and business context.
3. Experience investigating security alerts using EDRs and SIEM platforms.
4. Familiarity with endpoint security policies, secure email gateways, and DLP concepts.
5. Ability to produce clear, data-driven reporting for technical and executive audiences.
6. Experience working with Infrastructure as Code (IaC) tools such as Terraform, CloudFormation, or Ansible, including the ability to review and secure infrastructure configurations.

• Cloud Native: Experience working within cloud environments, preferably AWS, with an understanding of cloud-native vulnerability considerations including containers and serverless.
• Automation & Scripting: Experience with Python, Bash, or similar scripting languages to automate workflows, reporting, and integration with ticketing systems. Experience leveraging AI/ML tools to improve operational efficiency is a plus.
• Regulatory & Compliance: Experience supporting regulatory compliance audits and working within frameworks relevant to the Mexican financial regulatory landscape (CNBV, Ley Fintech). Ability to interface with auditors, prepare evidence, and ensure security controls meet local compliance requirements.
• Adaptability: You are comfortable operating outside your primary domain. When the team needs support on an incident, a compliance audit, a threat intel deep-dive, or a security assessment, you lean in without hesitation.
• Bilingual Communication: Required full professional fluency in English and Spanish. You must be able to translate technical findings into actionable guidance for engineering teams, auditors, and non-technical business partners.
• Certifications: Defensive security certifications (GCIH, GEVA) are a plus. Offensive security certifications (OSCP, GPEN, GXPN) are a strong plus.

What You Will Do

• Own and operate the end-to-end vulnerability management lifecycle: discovery, scanning, prioritization, remediation tracking, and verification.
• Prioritize vulnerabilities using a risk-based approach that accounts for exploitability, threat intelligence, asset criticality, and business impact.
• Produce recurring vulnerability posture reports and trend analysis for stakeholders.
• Serve as a technical investigator for complex security alerts and support the investigation, containment, and remediation of security incidents.
• Participate in the on-call rotation to ensure coverage for critical alerts.
• Consume threat intelligence feeds and proactively hunt for Indicators of Compromise (IOCs) in our environment.
• Develop and integrate detection use cases for business applications, ensuring we are logging the right data, not just more data.
• Support regulatory compliance audits, including preparation of evidence and documentation aligned with Mexican financial regulatory requirements.
• Mentor and support junior team members, contributing to knowledge sharing and the overall growth of the security team.

Research in Diversity, Equity, and Inclusion suggests that individuals may hesitate to apply for jobs if they do not meet all the listed criteria. At Bitso, we value diversity and your unique strengths could be just what we're looking for. If this role excites you but you don't match every point in the description, we still want to hear from you.

#LI-Remote

Who We Are

With over 9 million users, Bitso is the leading cryptocurrency platform in Latin America. We are developing the cryptocurrency ecosystem in the region and enabling financial inclusion. We believe crypto is the future of finance, and we’re committed to making it useful by providing equal access to safe and intuitive financial products.

When we hire people for our team, we specifically test for the following traits in addition to our cultural values:

• Mission-Driven: We seek individuals who are passionate about crypto and Bitso’s mission and resilient in facing industry challenges
• High Sense of Urgency: We prioritize candidates who demonstrate a high sense of urgency and responsibility.
• Exceptional Hard Skills: We seek individuals who possess exceptional skills in their respective fields, with no room for mediocrity.
• Self-Management: We look for individuals who can independently manage their work, career, and professional development.

Compensation & Benefits

At Bitso, you are taking the front seat on the edge of crypto innovation, creating the next generation of crypto-powered products.

So for those willing to commit, adapt and pioneer the most important change of the century we offer:

• Me Time program, including unlimited paid time off.
• Remote-first work environment.
• Employee Stock Option program.
• Zero trading fees through our Bitso Alpha app.
• Extended Family LeavePolicy: all birthing parents, non-birthing parents and adopting parents are eligible for a 4-months leave.
• Premium health, dental and life insurances in Mexico, Gibraltar, Colombia, USA, Brazil and Argentina.

Want to leave an undoubtedly legacy with us? Fasten your seatbelt and join this spaceship, where you will find exponential growth and the opportunity to thrive!

• These are the applicable requisites, although equivalent competencies in any of the above will also be considered.
• To see our Privacy Policy please click here.