Cyber Security Third Party SOC and Threat Hunting Analyst

Truist•Atlanta, GA

About The Position

This role will focus on security risks introduced by third-party vendors, SaaS platforms, and publicly exposed assets. The analyst will develop threat models, detection strategies, and monitoring capabilities to identify and reduce external and supply-chain related threats impacting the organization. The position involves designing and implementing cybersecurity solutions, performing threat modeling, security testing, and penetration testing, integrating and configuring information security technologies, serving as a technical escalation point, evaluating security threats and design options, collaborating with product and engineering teams on secure by design practices, developing security baselines and guardrails, leading incident response and forensic activities, providing guidance and training to other security engineers, and leading security engineering workstreams. Specific duties include partnering with SOC, Vendor Risk, Cloud Security, and Application Security teams, translating technical findings into business risk, developing and tuning detection use cases for vendor activity, performing threat hunting across logs and telemetry from third-party integrations, coordinating with risk management and incident response teams, performing threat modeling for SaaS applications and vendor systems, identifying abuse cases and attack paths, monitoring security threats from third-party connections, designing detection logic for anomalous activity, monitoring external threat intelligence, translating risk scenarios into automation logic, documenting integrations and workflows, and monitoring SOAR automation performance.

Requirements

Bachelor’s degree or equivalent education, training, and work-related experience.
Minimum of 5 years of experience in security engineering or related cybersecurity roles.
Advanced knowledge in cybersecurity principles, theories, and concepts.
Proven experience in software development lifecycle security practices.
Advanced knowledge of threat modeling, security testing, and penetration testing.
Experience implementing and managing complex information security technologies.

Nice To Haves

Advanced cybersecurity certifications (e.g., CISSP, CISM, CEH, GIAC).
Experience with security automation, orchestration, and advanced threat detection tools.
Familiarity with emerging cybersecurity technologies, industry trends, and strategic risk management.

Responsibilities

Designs and implements cybersecurity solutions that protect critical assets within the job area, contributing to the technical design and implementation approach while following established strategies and patterns.
Performs threat modeling, security testing, and penetration testing for the platforms and services in scope, using structured analysis to identify and remediate significant vulnerabilities.
Integrates and configures information security technologies in production environments, implementing and refining configuration patterns, automation, and handoff steps for assigned systems or services.
Serves as a technical escalation point within the team for challenging security issues, investigating root causes and developing practical, reusable fixes that improve team workflows.
Evaluates relevant security threats, tools, and design options, and provides input that helps shape technical plans, priorities, and goals for the job area.
Collaborates closely with product and engineering teammates to apply security architecture guidance, secure by design practices, and governance controls in day to day development activities.
Develops and maintains security baselines, guardrails, and control implementations for systems and applications in the area of responsibility, helping support regulatory and policy compliance.
Leads the technical execution of incident response and basic forensic activities for services in scope, following playbooks, coordinating tasks with teammates, and suggesting improvements to procedures and tooling.
Provides guidance, coaching, and informal training to other security engineers and technical teammates, sharing best practices through design and code reviews and knowledge sharing sessions.
Leads significant security engineering workstreams or end to end processes within the job area, coordinating contributions from lower level technical professionals and reviewing outputs for quality and alignment.
Partner with SOC, Vendor Risk, Cloud Security, and Application Security teams to improve controls and response playbooks.
Translate technical findings into business risk and remediation recommendations.
Develop and tune detection use cases to monitor vendor activity.
Perform threat hunting across logs, and telemetry from third-party integrations, and investigating suspicious events tied to supplier accounts, credentials, or network access.
Coordinate with third party risk management, incident response, and infrastructure teams to validate threats, contain incidents and recommend remediation steps.
Perform threat modeling for SaaS applications, third-party integrations, and vendor-hosted systems.
Identify and document abuse cases and attack paths involving external parties and publicly exposed assets.
Proactively identify, monitor, and investigate security threats originating from or leverage of third-party connections (e.g. VPN access, SFTP integrations, vendor API's, could-to-cloud integrations).
Design and enhance detection logic for anomalous activity across SaaS platforms and internet-facing systems.
Monitor external threat intelligence and vendor security events to assess potential organizational impact.
Partner with SOC, Vendor Risk, Threat Modeling, and Detection Engineering teams to translate risk scenarios into automation logic.
Document integrations, workflows, and playbooks.
Monitor performance and reliability of SOAR automations.