Vacancy expired!
- Manage vulnerability risk reduction process to elevate system Cybersecurity posture, including tracking, monitoring, following-up, and driving conversations within the organization to mitigate identified vulnerabilities.
- Effectively communicate findings and strategy to business stakeholders, including technical and executive leadership
- Utilize attacker tools, tactics, and procedures used to perform analysis and validate vulnerabilities
- Develop scripts, tools, or methodologies to enhance processes
- Utilize vulnerability testing tools, scheduling and creating scans, working with teams to remediate issues
- Document, prioritize and report asset and vulnerability state, along with remediation recommendations and validation
- Identifying, reporting, and prioritizing cyber threats using threat intelligence gathering methodology
- Collect and aggregate information from a wide variety of sources and formats including OSINT, Deep/Dark web, etc., and monitor on threat level of vulnerabilities impacting our organization.
- Provide actionable intelligence to a diverse audience, including business partners, senior leaders, and security analysts in the Office and the teams
- Regularly research and learn new TTPs in public and closed forums, and work with colleagues to assess risk and implement/validate controls as necessary
- Support Cyber detection and Incident Response team with context and analysis
- Manage triaging of security alerts with speed, collaboration, and accuracy, partnering with a global and broad set of stakeholders for fast resolution
- Maintain up-to-date key performance indicators (KPIs) for the Vulnerability Management and Cyber Threat Intelligence Program
- Other Cybersecurity operational and project initiatives responsibilities to be assigned
- Basic level of familiarity with cloud security concepts and technologies (AWS & Azure services), as well as typical corporate security controls (e.g., NIDS/NIPS, HIDS/HIPS, WAF, Network Firewalls, VPN, SIEM, DLP, etc.)
- Familiarity with vulnerability assessment tools and manual testing practices
- A solid grasp of the current threat landscape including the latest emerging advanced persistent threats (APTs), tactics, tools, and procedures, common malware variants, and other security developments and effective techniques for detecting assets vulnerable to such threats is required
- Familiarity with all-source intelligence collection and processing - OSINT, Client Feeds, Tools, Vendor, Partner, Deep/Dark web, etc.
- Strong analytical and problem-solving, critical-thinking skills and ability to convey complex information in a clear, concise manner
- Experience with scripting using Perl, Python, bash, or other programming languages for automation
- Ability to document and explain technical details in a concise, understandable manner
- Ability to manage and balance own time among multiple tasks
- Must be eligible to work in the US without sponsorship
- A four year bachelor’s degree or the international equivalent in the Science, Technology, Engineering, and Mathematics (STEM) Disciplines
- Minimum one of the following certifications is required: CompTIA Security+, GIAC Security Essentials (GSEC), GIAC Information Security Fundamentals (GISF), GIAC Cyber Threat Intelligence (GCTI), GIAC Open Source Intelligence (GOSI), GIAC Certified Enterprise Defender (GCED), GIAC Critical Controls Certification (GCCC), GIAC Enterprise Vulnerability Assessor (GEVA), or equivalent certification
Vacancy expired!