Security Analyst – Risk, Applications & Infrastructure

Experian Employer Services, Verifications, and Housing (EVH) is seeking a motivated professional to join its product information security team as a Security Analyst focused on managing risks and vulnerabilities for both applications and infrastructure within a cloud-first environment. The Security Analyst will play a critical role in safeguarding the integrity, resilience, and compliance of Experian’s IT systems, ensuring alignment with regulatory and security frameworks.

This role will integrate security practices across product, infrastructure and application layers, assessing vulnerabilities and implementing best practices to mitigate risks. Additionally, this position will support security audits and compliance efforts by evaluating systems against established control frameworks, identifying deficiencies, and driving remediation efforts.

You will collaborate closely with our partner teams as well as product, applications, and platform teams to implement security controls, audit compliance, and enhance security governance. The ideal candidate has experience in security controls, IT audits, risk management, vulnerability management, and cloud security, with the ability to work collaboratively across multiple teams.

Key Responsibilities

• Risk Management & Governance:
  • Identify, assess, and mitigate security risks related to IT applications and infrastructure.
  • Develop and implement risk management frameworks to ensure continuous monitoring and improvement of security postures.
  • Work with stakeholders to define and implement security policies and guidelines aligned with risk tolerance.
  • Facilitate risk assessments and security reviews across business units and IT environments.
• Compliance & Audit Functions:
  • Evaluate IT applications and infrastructure against security control frameworks (e.g., NIST, ISO 27001, CIS, SOC 2).
  • Conduct internal security audits to assess compliance with corporate security policies and regulatory requirements.
  • Identify gaps in security controls, document findings, and support remediation planning.
  • Maintain documentation and evidence for security audits and regulatory assessments.
• Vulnerability Management:
  • Collaborate with teams to analyze, categorize, and prioritize vulnerabilities based on severity, potential impact, and likelihood of exploitation.
  • Track vulnerability remediation efforts and ensure timely patching and risk mitigation.
  • Conduct regular security assessments of applications, APIs, cloud infrastructure.
• Security Operations & Monitoring:
  • Monitor security tools and analyze logs for signs of suspicious activity, vulnerabilities, or policy violations.
  • Assist with security incident response, forensic analysis, and remediation plans.
  • Engage with internal and external stakeholders, including Experian’s Cyber Fusion team, to enhance security posture.
• Security Best Practices & Governance:
  • Act as a Security Champion, training and mentoring teams on security best practices, secure coding, and compliance.
  • Assist in tracking and improving security control effectiveness across business units.
  • Promote a culture of security awareness through training and engagement programs.
• Security Technology & Automation:
  • Support the integration of security tools into CI/CD pipelines to enable automated security testing.
  • Utilize security tooling (SAST/SCA/DAST/CSPM/DSPM) to evaluate and improve security posture.
  • Enhance API security practices and application security testing methodologies.
• Collaboration & Reporting:
  • Work cross-functionally to drive security improvements.
  • Generate reports for management on vulnerability status, security incidents, and audit findings.
  • Ensure alignment of security initiatives with business objectives and risk tolerance.

Experian is the world's leading global information services company, unlocking the power of data to create more opportunities for consumers, businesses and society. We are thrilled to share that FORTUNE has named Experian one of the 100 Best Companies to work for. Also, for the last five years we've been named in the 100 "World's Most Innovative Companies" by Forbes Magazine. With a focus on our employees, we have been certified for the third time as Great Place To Work (GPTW). Experian Consumer Information Services is redefining the way our clients do business within the customer credit lifecycle. Fueled by the best data and technology we help businesses make smarter decisions, identify consumers, make decisions on loans, market to prospects and collect.

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or related field (or equivalent experience).
• Industry certifications such as CISSP, CISM, CEH, CCSP, or CISA are a plus.
• Understanding of cloud platforms (AWS, Azure) and cloud security best practices.
• Experience with vulnerability scanning and assessment tools for applications and infrastructure.
• Familiarity with security frameworks and compliance standards (NIST, ISO 27001, SOC 2, CIS Benchmarks).
• Proficiency in security testing, penetration testing, and vulnerability analysis.
• Knowledge of security monitoring tools, intrusion detection systems, and SIEM solutions.
• Ability to assess security risks, prioritize vulnerabilities, and recommend remediations.
• Experience conducting security audits and control evaluations.
• Strong problem-solving skills and ability to work collaboratively in cross-functional teams.
• Effective written and verbal communication skills for both technical and non-technical audiences.

This is a permanent remote home-based role in Costa Rica. No relocation available.

Our benefits include: Medical, life and dental insurance, Asociacion Solidarista, International Share Save Plan, Flex Work/Work from home, Paid time off, Annual Performance Bonus, Education Reimbursement, Family Bonding, Bereavement Leave, Referral Program, and more.

Experian is proud to be an Equal Opportunity and Affirmative Action employer. Innovation is a critical part of Experian's DNA and practices, and our diverse workforce drives our success. Everyone can succeed at Experian and bring their whole self to work, irrespective of their gender, ethnicity, religion, colour, sexuality, physical ability or age. If you have a disability or special need that requires accommodation, please let us know at the earliest opportunity.

#LI-ML2 #LI-Remote