Location: Monterrey, NLE | Hybrid Type: Full-time Level: Mid-Senior About the Role We are seeking a Cloud Security Analyst specializing in Cloud Security Posture Management (CSPM) to lead cloud infrastructure security assessment and risk management across multi-cloud environments. This role is not about hands-on remediation. Instead, you will be the strategic bridge between security findings and cloud operations teams—analyzing exposures, contextualizing business risk, and coordinating remediation efforts to strengthen overall cloud posture. Key Responsibilities Cloud Posture Assessment & Analysis Continuously assess cloud infrastructure security posture using CSPM/CNAPP tools Consolidate and analyze security findings from multi-cloud environments Identify misconfigurations, compliance gaps, and security exposures Evaluate attack paths and potential exploitation vectors Risk Prioritization & Contextualization Prioritize vulnerabilities and exposures based on business impact, asset criticality, and risk context , not just severity scores Translate technical findings into business risk language for stakeholders Identify and highlight critical exposures that could directly impact operations Develop risk-based remediation roadmaps aligned with business priorities Cross-Team Collaboration & Coordination Work closely with cloud infrastructure, application, and DevOps teams to understand remediation feasibility and timelines Track remediation progress and SLA compliance Facilitate communication between security findings and execution teams Validate closure of remediated findings and prevent regression Reporting & Metrics Generate monthly executive and technical reports on cloud security posture Establish and track key risk indicators (critical exposures, identity risks, attack paths, remediation velocity) Present findings and trends to leadership and stakeholders Identify patterns and continuous improvement opportunities Business-Aligned Security Understand client business operations and how security risks impact revenue, compliance, and reputation Recommend security improvements that balance risk reduction with operational feasibility Contribute to security roadmap discussions and strategic planning What We're Looking For Essential Experience 3+ years in cloud security or security operations roles 2+ years hands-on experience with CSPM/CNAPP tools Solid understanding of AWS and Azure security (IAM, networking, storage, logging, compliance frameworks) Proven ability to **prioritize security findings in business context** —not just by CVSS score Experience coordinating with technical teams (infrastructure, cloud, DevOps) on remediation efforts Strong analytical and communication skills ; ability to translate technical details for non-technical audiences Technical Skills Vulnerability and exposure management methodologies (CVSS + business impact scoring) Understanding of cloud compliance frameworks (CIS Benchmarks, PCI-DSS, SOC2, etc.) Familiarity with ticketing systems and security incident management platforms Basic knowledge of attack paths and lateral movement in cloud environments Experience with reporting and dashboarding tools (Excel, Tableau, Power BI, or similar) Nice to Have Certifications: AWS Security Specialty, Azure Security Engineer, CCSK, or equivalent Experience with threat modeling or attack path analysis tools Familiarity with MITRE ATT&CK framework in cloud context Background in security compliance or GRC roles Bilingual (Spanish/English) What This Role Is NOT ( x ) Not a hands-on remediation role. You will not be executing security fixes or patching systems. ( x ) Not a penetration tester. This is defensive, not offensive security. ( x ) Not a cloud engineer. You're not provisioning or managing infrastructure. ( x ) Not isolated security analysis. You're embedded in the organization, understanding business impact alongside risk.