JUNIOR APPLICATION SECURITY SPECIALIST

Description

Job Summary: Coordinate and manage intrusion testing (penetration testing) for applications, platforms, and services, identifying and remediating vulnerabilities to reduce information security risks. Key Highlights: 1. Manage and coordinate penetration testing for applications and platforms. 2. Analyze scanning results and prioritize security risks. 3. Collaborate with teams to strengthen the security posture. **Location:** MEXICO CITY, Ciudad de México, MX **Category:** Digital Business Development **Requisition ID:** 120846 **Junior Application Security Specialist** **(Tlalpan, CDMX)** At Banorte, we seek unique, strong, and extraordinary talent that drives the country’s transformation and innovation, positioning us as a key ally for robust growth alongside Mexico. We firmly believe that the combination of solidarity, innovation, respect, loyalty, and responsibility is the perfect formula to become the best team in the financial sector. **Job Objective:** Manage and coordinate intrusion testing (penetration testing) for applications, platforms, and services of the Financial Group, ensuring identification, analysis, prioritization, remediation, and certification of vulnerabilities, thereby contributing to reduction of information security risks through effective coordination with involved IT teams. Each day you will face **new and interesting challenges** in your role, where you will be responsible for: * Planning, coordinating, and executing penetration tests on web applications, mobile applications, and APIs. * Coordinating activities of external vendors for execution of intrusion testing. * Analyzing scanning results from Platform, SAST, SCA, and DAST tools, interpreting findings and prioritizing risks. * Generating technical and executive reports on identified vulnerabilities. * Tracking vulnerability remediation with development teams. * Defining and maintaining standards and procedures for security testing. * Collaborating with architecture, development, and operations teams to strengthen the security posture. * Certifying vulnerability remediation. * Evaluating consultants following completion of each intrusion testing project. **Requirements:** * Education: Bachelor’s degree or engineering degree in Information Systems, Information Security, or related fields. * Years of experience: 4 years. * Areas of expertise: + Vulnerability Management System + Information Security + Penetration Testing + Security Scanning and Report Interpretation * Required knowledge: + Foundational certifications - eWPT (eLearnSecurity Web Application Penetration Tester) - CEH (Certified Ethical Hacker) + Desired certifications - OSCP (Offensive Security Certified Professional) - GWAPT (GIAC Web Application Penetration Tester) - CISM – Certified Information Security Manager + Knowledge of server operating systems (Windows, Linux, Unix, etc.), workstations, and containerized environments (desirable) + Core cybersecurity concepts (vulnerabilities, malware, exploits, etc.) + Proficiency with tools such as Nessus Professional, Tenable Security Center, Kali Linux Suite, Metasploit, and Wireshark + Experience with ticketing tools + Dashboard and/or operational reporting generation + Agile methodologies * Languages: English (preferred, but not mandatory) * Willingness to travel: NA * Willingness to relocate: NA At Banorte, we operate under a principle of equal opportunity. Therefore, we do not discriminate based on age, ethnic origin, nationality, gender, sexual orientation, marital status, social condition, health status, religious beliefs, political doctrine, or disability.