Cybersecurity Vulnerability Analyst Jobs

Create processes for IT employees to achieve security policy and cyber-risk management objectives.

Work across IT and business teams on identity and access management strategies.

Oversee security policy adherence, including the development and maintenance of security control documentation in support of audit and regulatory requirements.

Write reports on the current state of policies, incident responses, recovery capabilities, and security program trends.

Bachelor's degree in computer science, cybersecurity, or equivalent work experience.

Experience working with control frameworks, maturity models, and audit standards, including NIST, ISO, CMMI, SSAE18, etc.

Preferred skills include certifications, knowledge of cloud security tools, and familiarity with retail applications.

They will also participate in Incident Response and project management for cybersecurity implementations.

They report to the Cyber Security Manager and have no direct supervision but lead remediation efforts.

They should also be self-motivated, customer-oriented, and able to handle confidential information.

Manage and oversee the regular patch management process for third-party applications, ensuring timely updates to mitigate vulnerabilities.

Several years of hands-on experience in cybersecurity, including experience with cloud security (Azure, Office 365), SIEM, and patch management.

Lead the selection and deployment of appropriate security technologies, including SIEM solutions, endpoint protection, and vulnerability management tools.

Stay informed about emerging threats, vulnerabilities, and security technologies to adapt the company's security strategy as needed.

Bachelor’s degree in computer science, Information Security, or a related field (or equivalent experience).

Certifications such as Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), or equivalent.

Bachelor Degree with 4 years IT security experience OR 6 years’ experience.

Experience in the following: computer architecture, operating systems, inter-process communications, networking protocols and their related implementations.

Verbal communications skills and concise written communication skills.

Bachelor’s OR Master’s Degree in Computer Science, Information Systems, or other related field. Or equivalent work experience.

Come join us and be part of a purpose driven company who is invested in your future!

Higher education or schooling industry experience

Fully Remote - must work East Coast hours

5-10 years of experience as a Windows Administrator or Desktop Security

CompTIA cert is a plus!

2+ years as a Cybersecurity Analyst

Identity & Access Management: implement identity management tools and support process improvements in diverse client environments

Possess baseline experience with tools/bodies of knowledge in chosen pillar(s)

Have knowledge of and experience employing general cybersecurity best-practices

Complete program-specific onboarding and soft skill trainings to boost confidence in field and jump-start cyber career

No more than 1 year of experience in cybersecurity field

Excellent written, oral, and collaborative communication skills

Identity & Access Management:implement identity management tools and support process improvements in diverse client environments

Possess baseline experience with tools/bodies of knowledge in chosen pillar(s)

Have knowledge of and experience employing general cybersecurity best-practices

Serve in a support role within chosen cybersecurity pillar (listed above). Responsibilities may include:

Complete program-specific onboarding and soft skill trainings to boost confidence in field and jump-start cyber career

No more than 1 year of experience in cybersecurity field

Apply risk management concepts to mitigate vulnerabilities in system security architectures

Education and Work Experience Requirements:

Manage multiple system packages throughout the ATO process

Experience supporting various system configurations such as standalone, local area networks (LANs), and wide area networks (WANs)

Experience with planning, designing, executing, and assessing discussion-based exercises

Conduct research and reference reading in obtaining technical information

~ Experience with cybersecurity tools, processes and methodologies and framework including regulatory requirements.

~ Manage security awareness training/testing modules and related messaging.

~ Experience with security protectionary measures to meet privacy compliance and data governance.

~ Working knowledge of ISO27001 or ISO 27701 or NIST Cybersecurity Framework or CIS 18 controls.

~ Extensive knowledge in two or more of the following Security tools:

~ Excellent verbal and written communication skills to allow effective interaction with all levels of the organization.

Assist in conducting investigations of information systems security violations and incidents, reporting as necessary to management.

Qualifications: Degree in a related IT discipline. Experience may substitute for degree.

Professional growth opportunities including paid education and certifications

Ideal candidate will have Sec+/A+/Network+ certification or equivalent. Must be willing to get Sec+ certified within 6 months of hiring.

Monitor and analyze Intrusion Detection Systems (IDS) and Security Information and Event Monitoring systems (SIEM) to identify security issues for remediation.

Recognize suspicious/malicious intrusion attempts and compromises through reviews and analyses of relevant event detail and summary information.

Experience with cybersecurity management tools

3+ years of experience with complex cybersecurity projects and integrated systems

Experience with deploying, implementing, maintaining, and integrating cybersecurity tools and applications

Experience with the DOD or Navy cybersecurity

Experience with the DoD or Navy acquisition processes

Experience with security tools and devices, such as network firewalls, web proxy, intrusion prevention systems, vulnerability scanners, or penetration tools

Assists in administering vulnerability management program by conducting in-depth research and analysis on current threats and network vulnerabilities.

Administers, monitors, and reports on security information and event management and other log event sources.

1+ year hands-on experience performing SIEM event analysis.

Understanding of vulnerabilities to systems and software.

Experience with investigating common types of attacks; network packet analysis; log analysis and reviewing security events.

Excellent written and verbal communication skills

2 years of Project Management experience.

Bachelor’s Degree with 4+ years of hands-on technical experience.

CISSP and/or Network certifications are highly desirable.

Knowledge of Network Security tools, Azure & AWS Cloud Security enhancements.

Maintain IR tabletop and Risk Register documentation.

Monitor threats and remediate alerts.

2 years of Project Management experience.

Bachelor’s Degree with 4+ years of hands-on technical experience.

CISSP and/or Network certifications are highly desirable.

Knowledge of Network Security tools, Azure & AWS Cloud Security enhancements.

Maintain IR tabletop and Risk Register documentation.

Monitor threats and remediate alerts.

In-depth knowledge of common security software and hardware vulnerabilities and attack vectors. Deep familiarity with OWASP top 20.

You have writing skills and affinity for writing research papers and summarizing complex subjects into short entries.

You have some experience with vulnerability exploit development and familiarity with security assessment tools and techniques.

In-depth knowledge of security and network fundamentals, such as cryptography, authentication, access control, and network protocols (TCP/IP, UDP, DNS, HTTP, etc.)

Some programming experience with scripted languages (preferably Python3) and compiled languages (preferably C).

You possess high reading comprehension, attention to detail, and deductive reasoning.

Reviewing log management systems and security information and event management (SIEM)

Participate in threat intelligence activities by monitoring and analyzing emerging threats and vulnerabilities.

Assist with security analysis of existing systems for compliance with security requirements.

Prior experience, boot camps, or internships in cybersecurity is a bonus.

Basic knowledge of at least one scripting language (Python, PowerShell, etc.).

Basic knowledge of incident response life cycle and steps.

Work with the Security Engineering team to perform tests and uncover network vulnerabilities

Experience with Endpoint Detection systems including Antivirus, Intrusion Protection: Sophos, McAfee, Crowdstrike, Palo Alto Firewalls

Experience in DLP to protect and secure Data

5-8 years experience in CyberSecurity

Must be local to Houston, TX*

Develop company-wide best practices for IT security

Professional cyber-security experience in large-scale Windows environments 5 years minimum.

Professional oral and written communication skills.

Excellent soft skills such as listening, presenting, and negotiating.

Ability to work remotely/and locally when required.

Applicant must have 5 years of relevant experience with the following:

Understanding of current threats and trends in information security.

Experience with risk management processes such as methods for assessing and mitigating risk.

Build world class communications, governance and awareness campaigns for global vulnerability management that inspire action and compliance from Technology teams.

Create and maintain vulnerability management policy, procedures, and training.

Develop reporting for Starbucks Technology leadership which provides visibility into compliance against vulnerability management security standards.

Partner with Starbucks Technology support teams to confirm that vulnerabilities are remediated within the timeframes stated by information security standards.

Working knowledge of NIST, NVD, CVSS algorithms.

• Issue Management, Audit Liaison and Support Operational Risk Assessment

• Log Analysis, Security, Vulnerabilities and Compliance

• Strong decision-making skills: problem solving, coupled with attention to detail.

• Minimum 6+ years of experience in IT

• Demonstrable experience with AWS Platform

• Excellent verbal and written communication skills.