Apply now »
Date:  Jun 26, 2026
Location: 

San Juan, PR

Company:  Popular
Workplace Type:  Hybrid

Vulnerability Assessment Specialist

Cyber Operations

 

Specialist – Vulnerability Assessment Management

 


General Description

 

The Cybersecurity Vulnerability Specialist is a hands on technical role within the Threat Intelligence and Analytics program. The specialist supports the organization’s capability to reduce cyber risk by identifying, validating, and analyzing vulnerabilities across Popular’s enterprise technology ecosystem — including internally managed systems, cloud environments, and third party platforms.


The specialist performs vulnerability assessments, assists with adversary simulation activities, conducts research on emerging threats, contributes to remediation planning, and supports the improvement of vulnerability management processes, tooling, and reporting. This role works closely with information security, IT operations, cloud teams, and business stakeholders to ensure accurate identification of security weaknesses and timely mitigation of risk.

 


Essential Duties and Responsibilities

 

 

Vulnerability Assessment & Analysis

  • Execute vulnerability assessments across networks, applications, cloud services, APIs, and platforms using approved tools and methodologies.
  • Perform detailed validation and analysis of identified vulnerabilities to confirm exploitability, impact, and relevance to Popular’s environment.
  • Utilize threat modeling frameworks (e.g., STRIDE, ATT&CK, CAPEC) to analyze potential attack paths and identify high risk exposures,

 

Adversary Simulation Support

  • Assist in red/purple team exercises by developing or modifying offensive testing scripts, payloads, or tools as needed.
  • Help simulate attacker behaviors based on current threat intelligence, emerging techniques, and known threat actor TTPs. 

 

Tooling & Research

  • Maintain and operate offensive security tools, scanners, and testing environments to ensure accurate and efficient assessments.
  • Conduct continuous research on new vulnerabilities, exploitation trends, and industry security developments to strengthen assessment capabilities.

 

Reporting & Documentation

  • Produce clear, detailed technical reports that describe vulnerabilities, exploitation evidence, risk ratings, and recommended remediation steps.
  • Prepare summaries and risk narratives tailored to technical teams and non technical stakeholders.

 


Cross Team Collaboration

  • Work closely with cyber defense, IT, cloud, and application teams to communicate findings and assist in defining effective mitigation strategies.
  • Support periodic vulnerability scanning cycles by preparing scoping information, validating results, and escalating critical issues.

 

Vendor & Third Party Activity Support

  • Assist in coordinating penetration testing activities conducted by external vendors.
  • Validate vendor identified findings and ensure consistent methodology and accuracy.

 

Governance & Compliance Support

  • Ensure vulnerability assessment activities follow corporate policies, procedures, and regulatory frameworks (e.g., NIST 800 53, PCI DSS, GLBA).
  • Provide evidence and documentation for audit requests and compliance reviews.

 

Knowledge and Skills

  • Hands on experience with application, network, mobile, and API penetration testing techniques.
  • Proficiency with offensive security tools (e.g., Burp Suite, Nmap, Nessus, custom scripts, OSINT tools).
  • Knowledge of scripting languages such as Python, PowerShell, Bash, or JavaScript.
  • Strong understanding of security principles, common vulnerabilities, and exploitation techniques.
  • Familiarity with OSSTMM, OWASP, SAMM, NIST SP 800 53, PTES, and related testing frameworks.
  • Ability to communicate technical security issues clearly to technical and non technical audiences.
  • Strong analytical mindset and able to evaluate vulnerability severity, identify false positives, and understand systemic risks.

 

Education and Experience

  • Bachelor’s degree in Computer Science, Information Assurance, MIS, or related field; or equivalent work experience.
  • Seven or more years of experience in application security, offensive security, software development, or related fields.Bachelor’s degree in Computer Science, Information Security, MIS, or equivalent experience.
  • 3–5 years of experience in vulnerability assessment, offensive security, or related cybersecurity roles.
  • Experience conducting application or infrastructure security testing in complex enterprise environments.
  • Experience performing cloud-focused testing (AWS, Azure, GCP, or SaaS platforms) is preferred.
  • Experience developing or modifying offensive tools or scripts is a plus.

 

Preferred Certifications and Licenses


Base Certifications (One required):

OSCP, GPEN, GWAPT, eJPT, CRTO, or equivalent entry/intermediate offensive certifications

 

Advanced Certifications (nice-to-have):

OSCE, GXPN, CISSP, CISM, or similar senior level certifications

 

 

Important: The candidate must provide evidence of academic preparation or courses related to the job posting, if necessary.

Our hybrid work model benefit applies to certain positions and is subject to changes based on the organizational needs.

Applicants must be authorized to work for any employer in the United States.  This position is not open to applicants who need visa sponsorship or transfer of visa sponsorship at this time.

ABOUT US

Popular is Puerto Rico’s leading financial institution and have been evolving since it was founded over a century ago. From a small bank it has developed into a large corporation that offer a wide variety of services and financial solutions to our customers, with presence in the United States, the Caribbean and Latin America.

As employees, we are dedicated to making our customers dreams come true by offering financial solutions in each stage of their life. Our extensive trajectory demonstrates the resiliency and determination of our employees to innovate, reach for the right solutions and strongly support the communities we serve; therefore, we value their diverse skills, experiences and backgrounds.

We reaffirm our commitment to always offer essential financial services and solutions for our customers and communities, including during emergency situations and/or natural disasters. Popular’s employees are considered essential workers, whose role is critical in the continuity of these important services even under such circumstances. By applying to this position, you acknowledge that Popular may require your services during and immediately after any such events.

If you have a disability or need more information about requesting an accommodation, please contact us at asesorialaboral@popular.com. This email inbox is monitored for such types of requests only. All information you provide will be kept confidential and will be used only to the extent required to provide needed exemptions or reasonable accommodations. Any other correspondence will not receive a response.

 

Are you ready for a rewarding career?

 

Popular is an Equal Opportunity Employer, including Disability/Vets
Learn more about us at www.popular.com and keep updated with our latest job postings at www.jobs.popular.com.
Connect with us!
LinkedIn  |   Facebook   |   Twitter   |   Instagram

 

If you are a California resident, please click here to learn more about your privacy rights.

 


Job Segment: Compliance, Law, Legal

Apply now »