Apply now »
Date:  May 14, 2026
Location: 

San Juan, PR

Company:  Popular
Workplace Type:  Hybrid

Manager I - Vulnerability Assessment

Manager – Vulnerability Assessment Management 

 

 

General Description 

 

 

The Manager I – Vulnerability Assessment is a key leadership role within the Threat Intelligence and Analytics program. Popular’s Threat Intelligence and Analytics team reduces cyber risk by uncovering vulnerabilities and weaknesses across the enterprise technology ecosystem—including internally managed systems and third‑party environments—through full‑scope adversary simulation, vulnerability analysis, and development of mitigation strategies. 

 

The Manager I leads a team of offensive security professionals responsible for planning, coordinating, and overseeing sophisticated vulnerability assessment and adversary emulation initiatives. This role partners closely with information security, IT, cloud, and business stakeholders to ensure the timely identification, reporting, and remediation of security risks while maturing operational effectiveness, collaboration, and team capabilities. 

 

 

 

Essential Duties and Responsibilities 

 

 

  • Lead, supervise, and mentor a team of offensive security analysts conducting full‑scope adversary emulation operations against Popular and/or third‑party service providers. 
  • Define strategy, priorities, and roadmap for vulnerability assessment operations, aligning with enterprise cyber risk objectives. 
  • Oversee the research, development, and application of offensive procedures used to simulate common and emerging threat actor techniques. 
  • Ensure high-quality reporting, including identification of vulnerabilities, recommended remediation actions, and executive‑level summaries. 
  • Collaborate with cyber defense, remediation teams, and IT partners to facilitate effective vulnerability mitigation and ensure risk reduction. 
  • Manage the development, maintenance, and continuous improvement of offensive security infrastructure and toolsets. 
  • Apply relevant threat intelligence to operational planning to simulate realistic threat actors. 
  • Oversee periodic vulnerability scans of networks and platforms, ensuring assessments are completed on schedule and in alignment with corporate policies and industry best practices. 
  • Coordinate with vendors and third parties supporting penetration testing, cloud security assessments, or red/purple team engagements. 
  • Support governance and audit requirements, ensuring documentation, processes, and evidence meet compliance expectations. 

 

 

Knowledge and Skills 

 

 

  • Advanced expertise in application penetration testing methodologies (web, API, mobile, thick client) using commercial and custom toolsets. 
  • Strong knowledge of multiple programming or scripting languages (e.g., Python, PowerShell, JavaScript, Bash). 
  • Excellent communication skills with the ability to present complex technical findings to both technical and non‑technical audiences, including executives. 
  • Strong understanding of security principles, policies, and industry best practices. 
  • Working knowledge of security and compliance frameworks such as PCI DSS, NIST 800‑53, GLBA, and cloud security standards. 
  • Familiarity with OSSTMM, OWASP, SAMM, NIST SP publications, and PTES. 
  • Strong analytical and strategic thinking skills, including threat modeling and vulnerability analysis using frameworks such as CAPEC, MITRE ATT&CK, and STRIDE. 
  • Demonstrated leadership, team development, and stakeholder management capabilities. 

 

 

 

Education and Experience 

 

 

  • Bachelor’s degree in Computer Science, Information Assurance, MIS, or related field; or equivalent work experience. 
  • Seven or more years of experience in application security, offensive security, software development, or related fields. 
  • Five or more years of experience conducting application and infrastructure security testing in complex environments. 
  • Three or more years managing people, vendors, or cross‑functional security programs. 
  • Hands-on experience developing or modifying offensive security tools and scripts. 
  • Experience performing and managing penetration testing for mobile platforms (iOS and Android) and network/host-based environments. 
  • Experience conducting cloud penetration testing in hyperscale environments (AWS, Azure, GCP, Salesforce). 
  • Experience leading or participating in red/purple team operations. 
  • Preferred Certifications and Licenses 

 

 

Base Certifications (One required): 

 

 

OSCP, OSCE, GPEN, GXPN, CRTO (or equivalent offensive security certifications) 

 

 

 

Specialization Certifications (Preferred): 

 

 

CISSP, CISM, or equivalent senior-level cybersecurity certifications 

 

 

 

Important: The candidate must provide evidence of academic preparation or courses related to the job posting, if necessary.

Our hybrid work model benefit applies to certain positions and is subject to changes based on the organizational needs.

Applicants must be authorized to work for any employer in the United States.  This position is not open to applicants who need visa sponsorship or transfer of visa sponsorship at this time.

ABOUT US

Popular is Puerto Rico’s leading financial institution and have been evolving since it was founded over a century ago. From a small bank it has developed into a large corporation that offer a wide variety of services and financial solutions to our customers, with presence in the United States, the Caribbean and Latin America.

As employees, we are dedicated to making our customers dreams come true by offering financial solutions in each stage of their life. Our extensive trajectory demonstrates the resiliency and determination of our employees to innovate, reach for the right solutions and strongly support the communities we serve; therefore, we value their diverse skills, experiences and backgrounds.

We reaffirm our commitment to always offer essential financial services and solutions for our customers and communities, including during emergency situations and/or natural disasters. Popular’s employees are considered essential workers, whose role is critical in the continuity of these important services even under such circumstances. By applying to this position, you acknowledge that Popular may require your services during and immediately after any such events.

If you have a disability or need more information about requesting an accommodation, please contact us at asesorialaboral@popular.com. This email inbox is monitored for such types of requests only. All information you provide will be kept confidential and will be used only to the extent required to provide needed exemptions or reasonable accommodations. Any other correspondence will not receive a response.

 

Are you ready for a rewarding career?

 

Popular is an Equal Opportunity Employer, including Disability/Vets
Learn more about us at www.popular.com and keep updated with our latest job postings at www.jobs.popular.com.
Connect with us!
LinkedIn  |   Facebook   |   Twitter   |   Instagram

 

If you are a California resident, please click here to learn more about your privacy rights.

 


Job Segment: Manager, Management

Apply now »