← back to jobs
> job detail
S
👽Other

Sr. Risk Analyst

SentinelOne · Costa Rica
// classified as
Other (Adjacent or hard to classify.)
posted
<1d ago
location
Costa Rica
languages
go
tools
aws, azure
> stack
goawsazure
> description
<div class="content-intro"><h3>Our Purpose<strong><br></strong></h3> <p>At SentinelOne, we are driven by a clear purpose: to give the advantage to those who secure our future. As AI reshapes how organizations build, operate, and innovate, the responsibility to protect them becomes more critical than ever. When you join SentinelOne, your work helps protect global enterprises, critical infrastructure, and the technologies shaping tomorrow. If you are motivated by meaningful challenges and want your impact to be real, measurable, and global, you will find purpose here.</p> <h3>About Us<strong><br></strong></h3> <p>SentinelOne is a company at the intersection of AI and security, pioneering a new operating model for cybersecurity. Our AI-native platform unifies protection across endpoint, cloud, identity, data, and AI systems to deliver autonomous detection and response with clarity and speed. By combining real-time analytics, intelligent automation, and a unified data foundation, we reduce noise, simplify complexity, and empower security teams to focus on what truly matters.</p> <p>Our teams are builders, problem-solvers, and innovators committed to shaping the future of security. If you are excited to solve hard problems alongside talented, mission-driven people, we invite you to help us build a safer future for humanity.</p> <h3><strong>What Are We Looking For?</strong></h3> <p>We’re looking for people who are relentlessly curious and committed to continuous learning. AI is reshaping every function across our business, and we enable every team member, regardless of role or level, to build fluency in AI tools and concepts. Those who thrive here actively seek out new solutions, experiment thoughtfully, and apply what they learn to drive better, faster, smarter outcomes.</p></div><p class="font-claude-response-body break-words whitespace-normal">As a Senior Risk Analyst, Vendor Risk Assessment, you will be tasked with bringing technically grounded expertise to SentinelOne's Information Security GRC team. You will go beyond compliance knowledge to understand how systems work, how threats materialize, and how to evaluate vendor security controls with a critical technical eye. You will operate independently on assigned workstreams and apply hands-on IT and cybersecurity knowledge to assess risk accurately and credibly across a diverse vendor portfolio.</p> <h3 class="font-claude-response-body break-words whitespace-normal">What Will You Do?</h3> <p class="font-claude-response-body break-words whitespace-normal">Primary responsibilities include:</p> <ul class="[li_&amp;]:mb-0 [li_&amp;]:mt-1 [li_&amp;]:gap-1 [&amp;:not(:last-child)_ul]:pb-1 [&amp;:not(:last-child)_ol]:pb-1 list-disc flex flex-col gap-1 pl-8 mb-3"> <li class="font-claude-response-body whitespace-normal break-words pl-2">Conduct end-to-end vendor assessments with the ability to go beyond questionnaire responses by evaluating SOC 2 reports, penetration test findings, vulnerability disclosures, network architecture diagrams, encryption practices, and access control configurations; identify technical control gaps and translate them into actionable, risk-prioritized remediation plans.</li> <li class="font-claude-response-body whitespace-normal break-words pl-2">Review and interpret vendor-provided technical documentation, including system architecture diagrams, data flow maps, hardening standards, patch management practices, and incident response capabilities; apply knowledge of common IT environments (cloud, SaaS, on-prem, hybrid) to contextualize vendor risk accurately.</li> <li class="font-claude-response-body whitespace-normal break-words pl-2">Map vendor technical controls to ISO 27001, SSAE 18/SOC 2, SOX ITGC, GDPR, NIST CSF/SP 800-53, and SentinelOne's internal security policies; identify gaps where technical implementation falls short of framework requirements and drive closure with vendors.</li> <li class="font-claude-response-body whitespace-normal break-words pl-2">Own Vendor Risk Assessment workstreams and short to mid-term project objectives independently; track remediation activities to completion, validate technical evidence of fixes, and escalate unresolved risk to management with clear business impact framing.</li> <li class="font-claude-response-body whitespace-normal break-words pl-2">Partner with IT, Engineering, Legal, and Procurement teams to gather technical context and align on risk tolerance; communicate findings clearly to both technical teams and non-technical stakeholders by translating risk into business impact.</li> <li class="font-claude-response-body whitespace-normal break-words pl-2">Stay current on the evolving threat landscape, including cloud misconfigurations, supply chain attacks, and third-party data exposure risks, and apply this awareness to refine assessment criteria; begin mentoring junior analysts on technical evaluation methods and VRA tooling.</li> <li class="font-claude-response-body whitespace-normal break-words pl-2">Actively apply AI tools to automate repetitive VRA workflows, accelerate vendor assessments, generate reporting, and surface risk insights faster; be prepared to share concrete examples of how you have used AI to automate tasks, improve reporting, or solve real problems in your work.</li> </ul> <h3 class="font-claude-response-body break-words whitespace-normal">What Skills and Knowledge Will You Bring?</h3> <p class="font-claude-response-body break-words whitespace-normal">Ideal candidates will have:</p> <ul class="[li_&amp;]:mb-0 [li_&amp;]:mt-1 [li_&amp;]:gap-1 [&amp;:not(:last-child)_ul]:pb-1 [&amp;:not(:last-child)_ol]:pb-1 list-disc flex flex-col gap-1 pl-8 mb-3"> <li class="font-claude-response-body whitespace-normal break-words pl-2">6 or more years of experience in information security, IT risk, vendor/third-party risk management, or GRC, with hands-on experience assessing vendors across a range of technical environments and approximately 75 to 150 vendor assessments completed; prior experience in an IT, systems, or security engineering role is a strong plus.</li> <li class="font-claude-response-body whitespace-normal break-words pl-2">Solid understanding of core IT and security domains including network security (firewalls, segmentation, VPNs, DNS), cloud platforms and shared responsibility models (AWS, Azure, GCP), Identity and Access Management (SSO, MFA, privileged access), endpoint security, patch management and vulnerability management, data protection and encryption (at rest and in transit) and DLP, logging, monitoring and SIEM concepts, and secure SDLC and application security fundamentals.</li> <li class="font-claude-response-body whitespace-normal break-words pl-2">Working knowledge of ISO 27001, SOC 2 (SSAE 18), NIST CSF/SP 800-53, SOX ITGC, GDPR, and CCPA.</li> <li class="font-claude-response-body whitespace-normal break-words pl-2">Bachelor's degree in Computer Science, Information Technology, Information Security, Cybersecurity, or a related technical field, or equivalent demonstrated experience.</li> <li class="font-claude-response-body whitespace-normal break-words pl-2">Preferred certifications include CISA, CISM, CISSP, CompTIA Security+, ISO 27001 Lead Auditor/Implementer, CCSK, AWS/Azure Security Specialty, or equivalent.</li> </ul> <h3>Why SentinelOne?</h3> <p>AI is redefining how the world operates and rewriting the rules of security in real time, and SentinelOne was built for this moment. From day one, we architected an AI-native platform designed to operate at machine speed, not as an add-on to legacy systems but as the foundation itself. If you want to build where innovation and impact move together, this is that place.</p> <p>We invest in our Sentinels with comprehensive, competitive benefits designed to support you and your family:</p> <p><strong>Equity &amp; Rewards</strong></p> <ul> <li>Restricted Stock Units (RSUs)</li> <li>Employee Stock Purchase Plan (ESPP)</li> </ul> <p><strong>Time Off &amp; Wellbeing</strong></p> <ul> <li>Competitive leave benefits</li> <li>Gender-neutral parental leave</li> </ul> <p><strong>Insurance &amp; Financial Security</strong></p> <ul> <li>Private medical, dental, and vision insurance</li> </ul> <p><strong>Work Perks &amp; Flexibility</strong></p> <ul> <li>Global home office allowance</li> <li>Internet or mobile phone allowance</li> <li>Hybrid work model with flexible hours</li> </ul> <p><strong>Wellness &amp; Lifestyle</strong></p> <ul> <li>Wellness programs</li> </ul> <p><strong>Growth &amp; Community</strong></p> <ul> <li>In-office lunch program</li> </ul><div class="content-conclusion"><p><span style="font-weight: 400;">SentinelOne is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics.</span></p> <p><span style="font-weight: 400;">SentinelOne participates in the E-Verify Program for all U.S. based roles.&nbsp;</span></p></div>