Cyber Security Third Party Continuous Monitoring Analyst

About The Position

Requirements

• Bachelor’s degree or equivalent education, training, and work-related experience.
• Minimum of 5 years of experience in security engineering or related cybersecurity roles.
• Advanced knowledge in cybersecurity principles, theories, and concepts.
• Proven experience in software development lifecycle security practices.
• Advanced knowledge of threat modeling, security testing, and penetration testing.
• Experience implementing and managing complex information security technologies.

Nice To Haves

• Advanced cybersecurity certifications (e.g., CISSP, CISM, CEH, GIAC).
• Experience with security automation, orchestration, and advanced threat detection tools.
• Familiarity with emerging cybersecurity technologies, industry trends, and strategic risk management.

Responsibilities

• Designs and implements cybersecurity solutions that protect critical assets within the job area, contributing to the technical design and implementation approach while following established strategies and patterns.
• Performs threat modeling, security testing, and penetration testing for the platforms and services in scope, using structured analysis to identify and remediate significant vulnerabilities.
• Integrates and configures information security technologies in production environments, implementing and refining configuration patterns, automation, and handoff steps for assigned systems or services.
• Serves as a technical escalation point within the team for challenging security issues, investigating root causes and developing practical, reusable fixes that improve team workflows.
• Evaluates relevant security threats, tools, and design options, and provides input that helps shape technical plans, priorities, and goals for the job area.
• Collaborates closely with product and engineering teammates to apply security architecture guidance, secure by design practices, and governance controls in day to day development activities.
• Develops and maintains security baselines, guardrails, and control implementations for systems and applications in the area of responsibility, helping support regulatory and policy compliance.
• Leads the technical execution of incident response and basic forensic activities for services in scope, following playbooks, coordinating tasks with teammates, and suggesting improvements to procedures and tooling.
• Provides guidance, coaching, and informal training to other security engineers and technical teammates, sharing best practices through design and code reviews and knowledge sharing sessions.
• Leads significant security engineering workstreams or end-to-end processes within the job area, coordinating contributions from lower level technical professionals and reviewing outputs for quality and alignment.
• Partner with SOC, Vendor Risk, Cloud Security, and Application Security teams to improve controls and response playbooks.
• Continuous monitoring of the external attack surface risks for monitored suppliers and engaging for remedial actions.
• Translate technical findings into business risk and remediation recommendations.
• Developing and tuning detection use cases to monitor vendor activity.
• Coordinate with third party risk management, incident response, and infrastructure teams to validate threats, contain incidents and recommend remediation steps.
• Perform threat modeling for SaaS applications, third-party integrations, and vendor-hosted systems.
• Identify and document abuse cases and attack paths involving external parties and publicly exposed assets.
• Proactively identify, monitor, and investigate security threats originating from or leverage of third-party connections (e.g. VPN access, SFTP integrations, vendor API's, could-to-cloud integrations).
• Design and enhance detection logic for anomalous activity across SaaS platforms and internet-facing systems.
• Monitor external threat intelligence and vendor security events to assess potential organizational impact.
• Partner with SOC, Vendor Risk, Threat Modeling, and Detection Engineering teams to translate risk scenarios into automation logic.
• Document integrations, workflows, and playbooks.
• Monitor performance and reliability of SOAR automations.

Benefits

• medical
• dental
• vision
• life insurance
• disability
• accidental death and dismemberment
• tax-preferred savings accounts
• 401k plan
• 10 days of vacation
• 10 sick days
• paid holidays