Senior Security Specialist
Costa Rica
DeepSeas
Nearly 1,000 organizations trust DeepSeas to transform their cybersecurity program with 24x7 detection and response, pen testing, and vCISO services.Department: Professional Services
Employment Type: Full Time
Location: Costa Rica
Description
Company BackgroundWith 30 years of experience in cyber defense, DeepSeas is trusted by nearly 1,000 clients around the world, including Fortune 100 enterprises and mid-market organizations, higher education institutions, municipality and local governments, and federal agencies. Known for its programmatic approach to continuously transforming cyber defense programs, DeepSeas is recognized by Gartner as a top 40 provider of MDR and ranked as a top 5 MDR leader in the 2024 Frost Radar™: Global Managed Detection and Response (MDR) Market. In addition to its industry-leading MDR service, DeepSeas offers a full suite of advisory, compliance, and testing services to support clients on their cybersecurity transformation journeys, with an approach to cyber defense that prioritizes technical expertise, tradecraft, and continuous innovation to deliver unparalleled results.
Position Overview
The Senior Security Specialist is an experienced cybersecurity professional who has expert knowledge of information security concepts and functions. The individual has the capability to lead and implement a cybersecurtity program and understands key business processes including risk management and compliances. The Senior Security Specialist leads the delivery of client solutions and acts as a trusted advisor to help solve business-critical problems. This position is a critical member of a cybersecurity-focused business solution team, composed of capable and high-caliber cybersecurity professionals. The ideal candidate thrives, excels and easily adapts in a fast-paced work environment.
Key Responsibilities
• Perform Service Delivery:o Lead controls based gap assessments for frameworks such as NIST 800-53, NIST 800-171, NIST CSF, CIS, and HIPAA.
o Lead risk workshops to score probability and impact of various risks to client’s organization.
o Present risks and risk mitigation strategies to Executive and Senior leadership.
o Supports senior team members as they advise and support Clients in a wide range of compliance and security domains, including risk assessment, governance, data classification, policies, controls and procedures, vendor management, awareness, incident response, penetration testing and vulnerability assessment.
o Produce detailed findings and recommendations, and deliver those findings to senior management, board members and key stakeholders.
o Plan, Participate in, and lead security and compliance program development activities based on industry recognized standards (e.g. NIST 800-53, NIST 800-171, NIST CSF, CIS, HIPAA, PCI, ISO 27001, ISO 27017, ISO 27018, ISO 27701, ISO 22301).
o Participate in and lead Client conversations and interviews in a professional and meaningful way.
o Participate in risk management activities to support creation and adoption of a risk management strategy.
o Have a general knowledge of technical projects and their contributions to the cybersecurity lifecycle.
• Lead and contribute to:
o Process improvement.
o Product maintenance, development and management.
o Industry updates and knowledge share.
• Support department Managers as needed administratively and operationally, and serve as a PACE (Proactive, Alignment, Expected Results, Communication) role model for department and company-at-large.
• Training & Professional Development:
o Achieve industry certifications as needed to align with department and business objectives.
o Maintain proficiency and meet standards in:
Security services, industry trends, tactics, techniques, and processes.
Security tools, where applicable.
Internal business applications.
o Actively participate in our self-directed learning environment by:
Demonstrating growth in skill and knowledge development.
Identifying and prioritizing critical task training and professional growth initiatives.
o Partner with Professional Development and Department Managers to develop and deliver internal trainings.
o Participate in and complete required trainings, including 90-day onboarding, product and industry trainings and role certifications, assessments and testing.
Skills Knowledge and Expertise
• Bachelor’s Degree in Information Security or equivalent professional experience in cybersecurity industry.• 5+ years of experience in the cybersecurity industry working with business customers.
• Expert level in leading and supporting cybersecurity services, including but not limited to risk assessment, data classification, policy/standards procedure development, awareness, vendor risk management, incident response, vulnerability management and penetration testing.
• Ability leading delivery of cybersecurity services, including but not limited to:
o Risk assessment
o Data classification
o Policy/standards procedure development
o Awareness
o Vendor risk management
o Incident response
• Proven ability to support and/or lead services to meet industry accepted standards and compliance frameworks such as HIPAA, NIST, ISO, etc.
• Ability to clearly communicate and present to senior and board-level professionals.
• Ability to perform:
o Professional and engaging presentation skills.
o Critical thinking and problem-solving logic.
• Proficient with Microsoft programs and collaboration tools (e.g., Zoom, WebEx, Teams).
• CompTIA Security +, CEH, CISM, or other security-related certification.
Why DeepSeas?
At DeepSeas, we like to say that heart rates go down, careers take off, and security programs mature. Our values provide the ultimate guide for our daily behavior and decisions. Without these values, we aren’t DeepSeas. They preserve the essence of our organization, reflect the personalities of our Deeps (how we affectionately refer to our teammates), and enable us to exceed expectations. Our values are:· We are client obsessed.
· We stand in solidarity with our teammates.
· We prioritize personal health and well-being.
· We believe in the power of diversity.
· We solve hard problems at the speed of cyber.
This is your chance to join a supportive crew of teammates and an industry-leading organization that values opportunities for growth. If DeepSeas sounds like a good fit for you, send us your resume and let’s talk!
Information security is everyone’s responsibility:
• Understanding and following DeepSeas’s information security policies and procedures.
• Remaining vigilant and reporting any suspicious activity or possible weaknesses in DeepSeas’s information security.
• Actively participating in DeepSeas’s efforts to maintain and improve information
• security.
• DeepSeas considers this position is as Moderate Risk with a potential to
• view/access/download restricted/private client/internal data. This information must be treated with
• sensitivity and in the most secure manner. HR reserves the right to perform random background/drug
• screens to ensure the safety of client/DeepSeas data
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: CEH CISM Compliance CompTIA Cyber defense Governance HIPAA Incident response ISO 22301 ISO 27001 NIST NIST 800-53 Pentesting Risk assessment Risk management Strategy Vendor management Vulnerability management
Perks/benefits: Career development Startup environment
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.