Remote - Cyber Security Analyst

Must-haves:

• 4+ years of experience within Cyber Security, Third Party Risk Management, and/or Incident Response

• Strong analytical experience – must be able to review technical artifacts to determine if they satisfy industry standard framework requirements

• Experience working with open-source intelligence (OSINT) for reconnaissance

• Experience with tools such as BitSight, Risk Recon, Security Scorecard, Recorded Future, Threat Connect, Flashpoint, RSA Archer, Nessus, or Shodan

• Familiarity with vulnerability management, penetration testing and reports, and OWASP

• Strong proficiency in Microsoft Excel, Word, and Outlook

• Excellent communication skills for reporting and presenting investigations to senior leaders

• Scripting experience - preferably with PowerShell or Python

Plusses:

• Threat Intel or incident response experience

• Experience scripting, using APIs to aggregate information

• Coursework or Certification: Ethical Hacker, CompTIA Security +, GOSI, SANS, etc.

Day-to-Day:

This individual with be joining the Continuous Monitoring program within the Third-Party Cyber Security team (risk management). The Continuous Monitoring team monitors and manages the security posture of third-party suppliers (vendors) between periodic cyber security audits. This individual will monitor, assess, and analyze third party cyber security related data from various third-party sources to both identify and action investigative opportunities and/or third-party cyber security incidents. This individual will require strong analytical skills and working well both independently and with dedicated team members. Additionally, this individual must have knowledge on cyber security risks and their potential impacts in order to correctly prioritize any potential third-party cyber security incidents, investigations, and/or vulnerabilities. This individual will coordinate with both internal stakeholders and third-party suppliers, manage ongoing investigations and vulnerabilities, and write concise investigative reports in regard to ongoing performance, risk monitoring, and third-party cyber security investigations. The ideal candidate has experience with third party risk management or investigating cyber security threats (threat intel, vulnerability management, SOC experience, etc.). This individual will also contribute to program improvements such as event and assisting in automation efforts, alert trigger modifications, and ongoing reconciliation relating to third party supplier monitoring.