Job Description
This individual with be joining the Continuous Monitoring program within the Third-Party Cyber Security team (risk management). The Continuous Monitoring team monitors and manages the security posture of third-party suppliers (vendors) between periodic cyber security audits. This individual will monitor, assess, and analyze third party cyber security related data from various third-party sources to both identify and action investigative opportunities and/or third-party cyber security incidents. This individual will require strong analytical skills and working well both independently and with dedicated team members. Additionally, this individual must have knowledge on cyber security risks and their potential impacts in order to correctly prioritize any potential third-party cyber security incidents, investigations, and/or vulnerabilities. This individual will coordinate with both internal stakeholders and third-party suppliers, manage ongoing investigations and vulnerabilities, and write concise investigative reports in regard to ongoing performance, risk monitoring, and third-party cyber security investigations. The ideal candidate has experience with third party risk management or investigating cyber security threats (threat intel, vulnerability management, SOC experience, etc.). This individual will also contribute to program improvements such as event and assisting in automation efforts, alert trigger modifications, and ongoing reconciliation relating to third party supplier monitoring.
Required Skills & Experience
* 2-5+ years of experience within Cyber Security -- can be out of school
* Third Park Risk Management knowledge - understanding of frameworks + exposure or experience conducting assessments
* Strong analytical experience
* Experience working with open-source intelligence (OSINT) for reconnaissance
* Experience with tools such as BitSight, Risk Recon, Security Scorecard, Recorded Future, Threat Connect, Flashpoint, RSA Archer, Nessus, or Shodan
* Familiarity with vulnerability management, penetration testing and reports, and OWASP
* Strong proficiency in Microsoft Excel, Word, and Outlook
* Excellent communication skills for reporting and presenting investigations to senior leaders
* Scripting experience - preferably with PowerShell or Python
Benefit packages for this role will start on the 31st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.