Cybersecurity Analyst - Vulnerability Management

About The Position

Requirements

• Demonstrated understanding of cybersecurity threats and vulnerability management and related IT domains.
• 3+ years’ relevant experience as a Vulnerability Analyst required.
• A degree in Computer Science, IT, Systems Engineering, or a cybersecurity-related qualification is preferred.
• Experienced as a security analyst supporting product vulnerability management processes in a cloud environment, such as AWS, EKS, Docker, etc.
• Hands-on experience with vulnerability management tools such as AWS Inspector, SonarCube, etc.
• Knowledge of containerized web application architecture and related vulnerabilities and issues.
• Deep understanding of vulnerability management, including risk assessment and remediation planning.
• Knowledge of the latest trends and awareness of current hacking techniques and cybercrime.
• Understanding of secure cloud network architectures, including CloudFormation, Kubernetes, and MongoDB.
• Experience with software development and delivery for a SaaS company.
• Familiarity with cybersecurity frameworks, such as NIST CSF.
• Attention to detail, QA skills, the ability to “think forward,” adept at problem solving and addressing issues and complications before they expand.

Nice To Haves

• Professional certifications such as Certified Ethical Hacker (CEH), Certified Information System Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or Certified Cloud Security Professional (CCSP) are preferred.

Responsibilities

• Responsible primarily for day-to-day product vulnerability management services and supporting infrastructure.
• Ensure product vulnerabilities are identified, prioritized, and remediated, particularly by reducing the backlog of existing product vulnerabilities.
• Ensure that releases and product changes are reviewed and approved by the Security Team.
• Collaborate with engineering teams to understand product vulnerability management needs and assist with remediation and mitigation strategies.
• Build relationships with various teams and technology owners to decrease the likelihood of friction or roadblocks.
• Schedule and assist with remediation efforts from external and internal penetration tests and assessments.
• Perform analysis of scan results, assign risk ratings for product vulnerabilities, and help prioritize remediation efforts.
• Help establish and operationalize key performance indicators, reporting, and metrics to track the maturity of the product vulnerability program.
• Oversee and help execute manual code review of key product components for security improvements.
• Help drive the security and privacy product requirements process across RunBuggy’s product lines, implementing security early in the product roadmap.
• Execute on an agreed-upon risk prioritization framework in conjunction with engineering, product, development, operations, and the Sr. Director of Security and Audit who outlines the highest risk items for action to improve RunBuggy’s product security.
• Collaborate with product and sales engineering teams for hardening applications, APIs, and micro services with security built into the services.
• Help influence new deployment models, including containers, cloud platforms, SaaS, etc., with security built into the platform.
• Help drive identification of software security findings throughout the lifecycle and the reduction of risk, working with relevant stakeholders.
• Maintain current knowledge of the RunBuggy threat landscape, including attacker tactics, techniques, and procedures.
• Other duties as assigned.

Benefits

• Market-competitive pay based on education, experience, and location.
• Highly competitive medical, dental, vision, Life w/ AD&D, Short-Term Disability insurance, Long-Term Disability insurance, pet insurance, identity theft protection, and a 401(k) retirement savings plan.
• Employee wellness program.
• Employee rewards, discounts, and recognition programs.
• Generous company-paid holidays (12 per year), vacation, and sick time.
• Paid paternity/maternity leave.
• Monthly connectivity/home office stipend if working from home 5 days a week.
• A supportive and positive space for you to grow and expand your career.