Threat and Exposure Management Analyst

About The Position

Requirements

• Good experience in threat and vulnerability management, risk assessment, secure configuration management and multi-discipline security principles.
• Basic understanding of cybersecurity frameworks such as NIST, ISO 27001, and CIS Controls.
• Proficiency with vulnerability management tools and platforms (e.g., Qualys, Tenable, Rapid7).
• 6+ years of progressive, broad-based Information Security (IS) experience participating in projects and playing a key role toward successful security operations
• Excellent analytical and problem-solving skills, with the ability to assess complex security issues and recommend effective solutions.
• Strong communication skills, with the ability to collaborate effectively with cross-functional teams and articulate technical concepts to non-technical stakeholders.
• Bachelor’s degree in Computer Science, Information Security, or a related field, or equivalent years of experience in the role.

Nice To Haves

• Certifications such as CISSP, CISM, CRISC, or similar are highly desirable.
• Experience with cloud security and enterprise risk management is a plus.
• Experience with the integration of security tools, disparate data types and systems automation is a plus.
• Experience with developing and implementing enterprise security policies.
• Knowledge of cybersecurity regulations and compliance requirements.
• Experience with threat modeling and attack surface management.
• Security incident response and coordination experience.
• Bachelor's degree in Cybersecurity, Information Technology, or a related field; advanced degree preferred.

Responsibilities

• Will be responsible for vulnerability management processes including scanning, assessment, and remediation tracking.
• Prioritize risks based on business impact and threat intelligence to guide remediation efforts.
• Collaborate with IT and business units to ensure timely resolution of identified vulnerabilities.
• Establish and maintain security governance frameworks and reporting mechanisms.
• Assist in the development of metrics and dashboards to communicate risk posture to stakeholders.
• Stay current with emerging threats, vulnerabilities, and industry best practices.
• Proposing and developing meaningful reporting to highlight key areas of risk, illustrate risk reduction, over time, and to provide actionable information for customers/stakeholders
• Leveraging scripting languages and API’s to facilitate automation, data collection and reporting
• Creating, maintaining, and driving domain-level standardized solution testing, evaluation, and operational procedures
• Creating and reviewing domain documentation to meet and exceed internal and regulatory requirements and ensure consistency across all security engineering teams
• Support incident response activities by providing context on vulnerabilities and exposures.

Benefits

• A work environment built on teamwork, flexibility, and respect.
• Professional growth and development programs to help advance your career, including tuition reimbursement.
• Team Member Vehicle Purchase Discount.
• Toyota Team Member Lease Vehicle Program (if applicable).
• Comprehensive health care and wellness plans for your entire family.
• Toyota 401(k) Savings Plan with a company match, plus an annual retirement contribution from Toyota regardless of your own contributions.
• Paid holidays and paid time off.
• Referral services for prenatal services, adoption, childcare, schools, and more.
• Tax advantaged Accounts (Health Savings Account, Health Care FSA, Dependent Care FSA).
• Relocation assistance (if applicable).