Listing Description
The Senior Cyber Attack Surface Analyst will work as part of our threat and vulnerability management operation to help the team identify, manage, and mitigate common vulnerabilities and weaknesses.
The Senior Cyber Attack Surface Analyst reports directly to the Chief Information Security Officer and will assist with the implementation and management of core vulnerability management.
Key Requirements:
· API and Cloud experience
· Veracode for SAAS testing and Nessus for scanning.
Job Requirements:
· 3-5 years' experience leveraging vulnerability assessment platforms and custom tools to perform internal vulnerability assessments, external vulnerability identification, and code reviews.
· Strong competency and working experience with Cloud and API security.
· Strong technical competency identifying and interpreting vulnerability assessments, static application security testing and dynamic application security testing findings.
· Perform routine security assessments and follow-up with appropriate stakeholders about vulnerability remediation.
· Consolidate and maintain a list of active vulnerability findings and recommend security improvements of Keyavi Data’s applications, infrastructure, systems, and end users' assets.
· Review, analyze and action third party internal and external security and technical assessment reports (audit, vulnerability, and penetration test results, etc.) to validate the effectiveness of operational controls.
· Work with patch management teams to prioritize, track and mitigate identified vulnerabilities.
· Translates security testing findings into actionable items for both technical and executive audiences and brief C-Suite on remediation plans.
· Provides input and makes security recommendations to aid in the defense of Keyavi against the evolving cyber threat landscape.
· Good interpersonal, negotiation, analytical, problem solving, influencing, and attention to detail when facilitating discussions around findings and bringing them to resolution.
· Ability to prepare detailed written reports, instructions, and other documentation and present technical findings to both technical and non-technical audiences.
· Eagerly assumes responsibility for things that need to be done, including following up with team members and leadership on outstanding items.
· Ability to take ownership of problems and work independently in a fast paced and dynamic team environment.
· Ability to work in an environment where priorities may shift daily.
Preferred Qualifications:
· Bachelor’s Degree in Cyber Security, Computer Science, Vulnerability Assessment, Penetration Testing, or related.
· Familiarity with the implementation and utilization of vulnerability assessment platforms such as Rapid7, Tenable, RiskIQ and Qualys.
· Experience with the implementation and utilization of static and dynamic assessment platforms such as Veracode, WhiteHat Security, Checkmarx, or similar.
· Industry professional certificates such as Certified Ethical Hacker (CEH), GIAC Penetration Tester (GPEN), Certified Information Systems Security Professional (CISSP), or other applicable.
· Familiarization with various frameworks to include OWASP, OSSTMM, PTES, ISSAF, STRIDE Threat Modeling, NIST, MITRE ATT&CK, MITRE Common Weakness Enumeration (CWE), OCTAVE, etc.
· Ability to gather and analyze facts, draw conclusions, define problems, and suggest solutions.
· Ability to plan and manage concurrent tasks, assignments, projects, and deadlines.
· Strong organizational, administrative and documentation skills.
Listing Details
- Salary: $125000 - $150000
- Citizenship: Us Citizen
- Incentives: Stock Options
- Education: Not Provided
- Travel: No Travel
- Telework: Full Telecommute