Senior Security Specialist

Senior Security Specialist

Department: Professional Services

Employment Type: Full Time

Location: Costa Rica

Description

Company Background

With 30 years of experience in cyber defense, DeepSeas is trusted by nearly 1,000 clients around the world, including Fortune 100 enterprises and mid-market organizations, higher education institutions, municipality and local governments, and federal agencies. Known for its programmatic approach to continuously transforming cyber defense programs, DeepSeas is recognized by Gartner as a top 40 provider of MDR and ranked as a top 5 MDR leader in the 2024 Frost Radar™: Global Managed Detection and Response (MDR) Market. In addition to its industry-leading MDR service, DeepSeas offers a full suite of advisory, compliance, and testing services to support clients on their cybersecurity transformation journeys, with an approach to cyber defense that prioritizes technical expertise, tradecraft, and continuous innovation to deliver unparalleled results.


Position Overview
The Senior Security Specialist is an experienced cybersecurity professional who has expert knowledge of information security concepts and functions. The individual has the capability to lead and implement a cybersecurity program and understands key business processes including risk management and compliances. The ideal candidate thrives, excels and easily adapts in a fast-paced work environment.

Key Responsibilities

Perform Service Delivery:

• Lead controls-based gap assessments for frameworks such as NIST 800-53, NIST 800-171, NIST CSF, CIS, and HIPAA.
• Lead risk workshops to score probability and impact of various risks to client’s organization.
•  Present risks and risk mitigation strategies to Executive and Senior leadership.
•  Produce detailed findings and recommendations, and deliver those findings to senior management, board members and key stakeholders.
•  Plan, participate in, and lead security and compliance program development activities based on industry recognized standards (e.g. NIST 800-53, NIST 800-171, NIST CSF, CIS, HIPAA, PCI, ISO 27001, ISO 27017, ISO 27018, ISO 27701, ISO 22301).
•  Participate in and lead Client conversations and interviews in a professional and meaningful way.
•  Have a general knowledge of technical projects and their contributions to the cybersecurity lifecycle.

Lead and contribute to:

• Process improvement.
•  Product maintenance, development and management.
•  Industry updates and knowledge share.
• Maintain proficiency and meet standards in:  
• Security services, industry trends, tactics, techniques, and processes.  
• Security tools, where applicable.  
• Internal business applications.  
• Partner with Professional Development and Department Managers to develop and deliver internal trainings. 
• Participate in and complete required trainings, including 90-day onboarding, product and industry trainings and role certifications, assessments and testing. 

Skills Knowledge and Expertise

• Bachelor’s Degree in Information Security or equivalent professional experience in cybersecurity industry.
• 5+ years of experience in the cybersecurity industry working with business customers.
• Expert level in leading and supporting cybersecurity services, including but not limited to risk assessment, data classification, policy/standards procedure development, awareness, vendor risk management, incident response, vulnerability management and penetration testing.
• Proven ability to support and/or lead services to meet industry accepted standards and compliance frameworks such as HIPAA, NIST, ISO, etc.
• Ability to clearly communicate and present to senior and board-level professionals. 
• Ability to perform:  
• Professional and engaging presentation skills.  
• Critical thinking and problem-solving logic.  
• Proficient with Microsoft programs and collaboration tools (e.g., Zoom, WebEx, Teams).

CompTIA Security +, CEH, CISM, or other security-related certification.  

Why DeepSeas?

At DeepSeas, we like to say that heart rates go down, careers take off, and security programs mature. Our values provide the ultimate guide for our daily behavior and decisions. Without these values, we aren’t DeepSeas. They preserve the essence of our organization, reflect the personalities of our Deeps (how we affectionately refer to our teammates), and enable us to exceed expectations. Our values are:·        We are client obsessed. ·        We stand in solidarity with our teammates.·        We prioritize personal health and well-being.·        We believe in the power of diversity.·        We solve hard problems at the speed of cyber. 
This is your chance to join a supportive crew of teammates and an industry-leading organization that values opportunities for growth. If DeepSeas sounds like a good fit for you, send us your resume and let’s talk!
Information security is everyone’s responsibility:

·        Understanding and following DeepSeas information security policies and procedures.·        Remaining vigilant and reporting any suspicious activity or possible weaknesses in DeepSeas information security.·        Actively participating in DeepSeas efforts to maintain and improve information security.·       DeepSeas considers this position is as Moderate Risk with a potential to view/access/download restricted/private client/internal data. This information must be treated with sensitivity and in the most secure manner. HR reserves the right to perform random background/drug screens to ensure the safety of client/DeepSeas data.