Lead Consultant - Cybersecurity Remediation Engineer

Job Title: Lead Consultant - Cybersecurity Remediation Engineer

Location: Guadalajara, Jalisco

Work Scheme: Hybrid

Introduction to the Role

We are seeking a detail-oriented and analytical Risk Remediation Engineer to join our growing team. In this critical role, you will analyze findings from penetration tests and other security assessments, conduct thorough root cause analyses, and drive the remediation process. Collaborating closely with subject matter experts (SMEs) across various technology teams, you will identify and implement effective steps to address technical risks. Furthermore, you will contribute to the ongoing enhancement of our risk management program by tracking metrics, key performance indicators (KPIs), and reporting on remediation progress.

Accountabilities

• Findings Analysis & Root Cause Analysis: Review penetration test findings, dissect vulnerabilities, and conduct root cause analyses to comprehend underlying issues. Identify the most effective remediation steps for each vulnerability.

• Collaboration with SMEs: Partner with SMEs from IT teams (e.g., network, development, infrastructure, applications, cloud, SaaS, security) to develop and implement remediation solutions addressing identified risks.

• Remediation Solutioning & Deployment: Architect, design, and deploy risk remediation solutions based on analysis, ensuring alignment with organizational security requirements and best practices.

• Risk Mitigation & Trade-off Analysis: Assess and evaluate alternative solutions, considering trade-offs related to risk, cost, implementation time, and business impact.

• Continuous Program Improvement: Aid in evolving the risk remediation program by tracking key metrics and KPIs. Document and report on remediation efforts to ensure program improvement.

• Compliance & Reporting: Ensure remediation activities comply with industry standards, regulations, and best practices (e.g., NIST, ISO). Produce detailed stakeholder reports on remediation progress and outcomes.

• Stakeholder Communication: Communicate risk findings, remediation strategies, and status updates effectively to technical and non-technical stakeholders across the organization.

Essential Skills/Experience

• Technical depth to understand findings, identify root causes, and design remediations.

• Proven experience in risk analysis, vulnerability management, and/or IT security.

• Strong experience in penetration test result analysis and root cause identification.

• Familiarity with common penetration testing tools and techniques.

• Ability to work cross-functionally with IT teams to design and implement remediation solutions.

• Strong problem-solving skills with the ability to develop actionable remediation strategies.

• Experience in risk assessment, mitigation, and management, with knowledge of risk management frameworks and best practices.

• Proficiency in documenting metrics, KPIs, and remediation progress for continuous program improvement.

• Knowledge of security standards and frameworks (e.g., NIST, ISO, SOC 2).

• Strong communication skills, both written and verbal, to explain technical issues to non-technical stakeholders.

Desirable Skills/Experience

• Experience with attack chains and ability to quantify risk based on other security controls.

• Experience with security tools and technologies.

• Familiarity with cloud environments and security practices (AWS, Azure, GCP).

• Experience in automation and scripting.

• Expertise in data analytics or reporting tools (e.g., Power BI, Tableau, Excel).

When we put unexpected teams in the same room, we spark ambitious thinking with the power to inspire life-changing medicines. In-person working gives us the platform we need to connect, work at pace and challenge perceptions. That's why we work, on average, a minimum of three days per week from the office. But that doesn't mean we're not flexible. We balance the expectation of being in the office while respecting individual flexibility. Join us in our unique and high-reaching world.

Play your part in supplying to a business truly dedicated to its purpose and patients. United by a shared connection and commitment, we can see how everything we do adds up to a bigger impact on patients and society. Working for an enterprise at the forefront of science brings a huge sense of pride in our potential to transform lives.