Apply now »
Date:  Jun 29, 2026
Location: 

San Juan, PR

Company:  Popular
Workplace Type:  Hybrid

Cybersecurity Vulnerability Analyst

General Description

 

The Cybersecurity Vulnerability Analyst is a hands on technical role within Cyber Operations program. The Analyst supports the organization’s capability to reduce cyber risk by identifying, validating, and analyzing vulnerabilities across Popular’s enterprise technology ecosystem — including internally managed systems, cloud environments, and third party platforms.


The analyst performs vulnerability assessments, reviews the daily scan schedules and develops and maintains the solutions to recommend adjustments and create new schedules. Reviews the results of scans and assists the specialists and engineers with metrics and prioritization processes This role contributes to remediation planning, and supports the improvement of vulnerability management processes, tooling, and reporting. This role works closely with information security, IT operations, cloud teams, and business stakeholders to ensure accurate identification of security weaknesses and timely mitigation of risk.

 


Essential Duties and Responsibilities

 

Vulnerability Assessment & Analysis

  • Execute vulnerability assessments across networks, applications, cloud services, APIs, and platforms using approved tools and methodologies.
  • Perform validation and analysis of identified vulnerabilities to confirm exploitability, impact, and relevance to Popular’s environment.
  • Works with 3rd parties and stakeholders to educate and support the program
  • Ensure that tickets are open and works with the business units to document and exceptions or deviations to the vulnerability program

 

Tooling & Research

  • Maintain and operate offensive security tools, scanners, and testing environments to ensure accurate and efficient assessments.
  • Conduct continuous research on new vulnerabilities, exploitation trends, and industry security developments to strengthen assessment capabilities.

 

Reporting & Documentation

  • Produce clear, detailed technical reports that describe vulnerabilities, exploitation evidence, risk ratings, and recommended remediation steps.
  • Prepare summaries and risk narratives tailored to technical teams and non technical stakeholders.

Cross Team Collaboration

  • Work closely with cyber defense, IT, cloud, and application teams to communicate findings and assist in defining effective mitigation strategies.
  • Support periodic vulnerability scanning cycles by preparing scoping information, validating results, and escalating critical issues.

 


Vendor & Third Party Activity Support

  • Assist in coordinating penetration testing activities conducted by external vendors.
  • Validate vendor identified findings and ensure consistent methodology and accuracy.

 

Governance & Compliance Support

  • Ensure vulnerability assessment activities follow corporate policies, procedures, and regulatory frameworks (e.g., NIST 800 53, PCI DSS, GLBA).
  • Provide evidence and documentation for audit requests and compliance reviews.

 


Knowledge and Skills

 

  • Some experience with applications, network, mobile, and API penetration testing techniques.
  • Knowledge of and working skills in offensive security tools (e.g., Burp Suite, Nmap, Nessus, custom scripts, OSINT tools).
  • Strong understanding of security principles, common vulnerabilities, and exploitation techniques.
  • Familiarity with OSSTMM, OWASP, SAMM, NIST SP 800 53, PTES, and related testing frameworks.
  • Ability to communicate technical security issues clearly to technical and non technical audiences.
  • Strong analytical mindset and able to evaluate vulnerability severity, identify false positives, and understand systemic risks.

 

Education and Experience

 

  • Bachelor’s degree in Computer Science, Information Security, MIS, or equivalent experience or  1–3 years of experience in vulnerability assessment, offensive security, or related cybersecurity roles.
  • Experience conducting application or infrastructure security testing in complex enterprise environments.
  • Experience performing cloud-focused testing (AWS, Azure, GCP, or SaaS platforms) is preferred.
  • Experience developing or modifying offensive tools or scripts is a plus.

 


Preferred Certifications and Licenses

 

Base Certifications (One required):


Security +, Network +, OSCP, GPEN, GWAPT, eJPT, CRTO, or equivalent entry/intermediate offensive certifications

 

 

Important: The candidate must provide evidence of academic preparation or courses related to the job posting, if necessary.

Our hybrid work model benefit applies to certain positions and is subject to changes based on the organizational needs.

Applicants must be authorized to work for any employer in the United States.  This position is not open to applicants who need visa sponsorship or transfer of visa sponsorship at this time.

ABOUT US

Popular is Puerto Rico’s leading financial institution and have been evolving since it was founded over a century ago. From a small bank it has developed into a large corporation that offer a wide variety of services and financial solutions to our customers, with presence in the United States, the Caribbean and Latin America.

As employees, we are dedicated to making our customers dreams come true by offering financial solutions in each stage of their life. Our extensive trajectory demonstrates the resiliency and determination of our employees to innovate, reach for the right solutions and strongly support the communities we serve; therefore, we value their diverse skills, experiences and backgrounds.

We reaffirm our commitment to always offer essential financial services and solutions for our customers and communities, including during emergency situations and/or natural disasters. Popular’s employees are considered essential workers, whose role is critical in the continuity of these important services even under such circumstances. By applying to this position, you acknowledge that Popular may require your services during and immediately after any such events.

If you have a disability or need more information about requesting an accommodation, please contact us at asesorialaboral@popular.com. This email inbox is monitored for such types of requests only. All information you provide will be kept confidential and will be used only to the extent required to provide needed exemptions or reasonable accommodations. Any other correspondence will not receive a response.

 

Are you ready for a rewarding career?

 

Popular is an Equal Opportunity Employer, including Disability/Vets
Learn more about us at www.popular.com and keep updated with our latest job postings at www.jobs.popular.com.
Connect with us!
LinkedIn  |   Facebook   |   Twitter   |   Instagram

 

If you are a California resident, please click here to learn more about your privacy rights.

 


Job Segment: Compliance, Law, Legal

Apply now »