Security Operations Analyst - Latin America

The Company
Capital Markets Gateway LLC (CMG) is a financial technology firm, uniquely focused on the equity capital markets (ECM), connecting investors and underwriters via a neutral platform. CMG delivers integrated ECM data and analytics, unrivalled transparency into deal flow, and workflow efficiencies for an otherwise fragmented and inefficient process. Providing a digital system of record for firm-wide deal activity, CMG helps clients make more timely, better-informed decisions. Launched in 2017 by a team of ECM practitioners, CMG has completed two successful fundraising rounds and is backed by a group of the world’s most prestigious financial institutions. The CMG platform is currently relied upon by nearly 150 buy-side firms representing $40 trillion in AUM and 20 global investment banks. For more information, please visit www.cmgx.io.
The Role 
As a Security Operations Analyst at CMG, you will play a pivotal role in protecting our technology stack, data, and users. You will work closely with Security, IT, and Engineering teams to ensure the security, resilience, and compliance of our cloud-first, distributed environment. This is a remote position with an expectation of high autonomy, initiative, and the ability to drive improvements across security operations and IT security.  
Our Engineering Team 
The CMG engineering team consists of domain experts who work collaboratively within a culture of cross-domain knowledge sharing. We value engineers who are passionate about modern technologies and best practices.Our engineers are willing to challenge the status quo and are constantly seeking improvement and efficiency in our code-base and platform. CMG engineers are empowered to explore solutions and bring recommendations to the table. We are in a period of making impactful engineering decisions. As part of our process, we believe in taking the time for research and prototyping - this is critical in making the right decisions.Given the experience of our team, we have naturally adopted best practices from local development, through code review and into production rollouts. Besides the standard pull requests, test automation, code coverage tracking, containerization, and one-click deployments we are constantly reviewing these foundational components to develop new best practices

Security Operations & Incident Response

• Monitor, triage, and respond to security alerts and incidents across endpoints, cloud, and SaaS environments. 
• Conduct root cause analysis, document incidents, and assist with post-incident reviews. 
• Develop and maintain incident response playbooks; participate in tabletop exercises.

Endpoint & IT Security

• Administer and enhance endpoint security for macOS and Windows, supporting company-owned devices. 
• Develop and manage endpoint hardening baselines, configurations, and compliance reporting. 
• Support automation and scripting efforts (e.g., PowerShell, Bash, Python) to improve monitoring and response. 

Cloud & SaaS Security

• Support security and compliance controls in Azure AD, Office 365, and key SaaS platforms. 
• Implement and monitor access controls, DLP policies, and secure configurations for cloud and SaaS solutions. 
• Collaborate with IT and Engineering on secure deployment and integration of new applications. 

Risk Management & Security Governance

• Participate in third-party and vendor risk reviews; contribute to risk assessments and audits. 
• Support the development and maintenance of security policies, procedures, and runbooks. 
• Track vulnerabilities (OWASP, CVSS), prioritize remediation with risk-based approaches, and maintain an up-to-date inventory of assets. 

Collaboration & Communication

• Engage proactively with peers and stakeholders across security, engineering, and business teams. 
• Deliver clear, actionable communication on risks, incidents, and security posture—tailored to both technical and non-technical audiences. 

Required Qualifications

• Bachelor’s degree in Computer Science, Cybersecurity, or related field—or equivalent work experience. 
• 3+ years in security operations, IT security, or similar roles (fintech/regulated industry experience preferred). 
• Strong proficiency in macOS and Windows 11 operating systems. 
• Hands-on experience with MDM/endpoint management tools (e.g., Intune) 
• Working knowledge of BYOD security, scripting/automation, and cloud (Azure, O365) administration. 
• Familiarity with SaaS security, DLP, CASB, and vulnerability management tools. 
• Understanding of security frameworks (NIST CSF, ISO 27001) and regulatory requirements. 
• Strong analytical, investigative, and problem-solving skills. 
• Excellent written and verbal communication; ability to work independently and collaboratively. 

Preferred Qualifications

• Experience with scripting (PowerShell, Bash, Python). 
• Experience with SIEM (Microsoft Sentinel) 
• Certifications: CompTIA Security+, Microsoft Certified: Security Operations Analyst Associate, or similar. 
• Exposure to security governance, risk management, and vendor risk processes. 
• Knowledge of security operations in a distributed, remote-first environment. 

Our Tech Stack

• Latest .NET version for our backend services
• Entity Framework for our ORM
• MassTransit and RabbitMQ for messaging
• xUnit.net + Moq + FluentAssertions for testing
• Hangfire for our background processing
• Federated GraphQL .NET server running in Hot Chocolate
• Docker + Kubernetes for microservice orchestration
• PostgreSQL for relational db
• Redis Cache for distributed caching and real-time messaging
• Istio for our cluster service mesh
• Swashbuckle for swagger generation
• Microsoft Azure services for hosting and operations, soon to be cross-cloud
• DataDog, Grafana and OpenTelemetry
• GitHub for our Version Control
• React with TypeScript on our front-end
• React Native for Mobile App Development

Our Values

• We innovate with purpose
• We focus on outcomes vs. output
• We believe diverse and inclusive teams fuel innovation
• We are humble yet candid
• We do right by the customer

What We Offer

• 2 year+ contract
• 15 business days of vacation
• Tech courses and conferences
• Top-of-the-line MacBook
• Fully remote working environment
• Flexible working hours

At CMG, we accept nothing less than equity, inclusion and belonging for all. We are deeply committed to listening, learning and constantly improving for the betterment of our teams, clients and communities. CMG is proud to be an Equal Opportunity Employer.