Senior Security Analyst

Remote

Flashpoint

Flashpoint is a data and intelligence company that empowers our customers to take rapid, decisive action to stop threats and reduce risk

View company page

Company Description:

Trusted by governments and the Fortune 500, Flashpoint helps organizations protect their most critical assets, infrastructure, and stakeholders from security risks such as cyber threats, ransomware, fraud, physical threats, and more. Leading security practitioners—including cyber threat intelligence (CTI), vulnerability management, DevSecOps and vendor risk management teams—rely on Flashpoint's intelligence platform to proactively identify and mitigate risk and stay ahead of the evolving threat landscape. To learn more about Flashpoint, visit https://www.flashpoint.io or follow us on Twitter at @FlashpointIntel.

What we are looking for:

This role is for a resourceful senior level security analyst to perform vulnerability assessments and penetration testing activities, leveraging internal and external tools, automating tasks and analysis with scripting, and assessing and communicating risks of findings via written analysis.

What you will do:

  • Assess infrastructure for vulnerabilities and provide findings at direction of clients
  • Work with internal and customer teams to develop and implement red team exercise plans within legal and policy frameworks
  • Obtain malicious tools or software provided by threat actors intending to target customer networks or users, and collaborate with customers to test and document TTPs 
  • Develop and maintain tools and techniques for vulnerability research, exploit development, red teaming, and adversarial simulation.
  • Track and report on malware campaigns, threat actor groups, and TTPs by identifying malicious infrastructure
  • Work with our internal teams and tools to analyze the latest malware and vulnerabilities, and identify links between them
  • Produce concise, written analysis and/or visual presentation of findings to communicate potential risks and impact
  • Quickly understand and deliver on company and customer requirements
  • Write high quality tactical and strategic assessments to inform risk intelligence decision making process 
  • Mentor junior team members and contribute to their development

What you will bring:

  • 3+ years experience in penetration testing, red teaming, vulnerability analysis, or exploit development
  • Experience with OWASP Top 10
  • Experience analyzing vulnerabilities, exploit code, and malware
  • Strong scripting and task automation skills in Python or similar scripting languages
  • Familiarity with PHP, C, .Net, Go, and other similar languages.
  • Familiarity with Indicators of Compromise (IOCs) and mitigation strategies to protect client networks from them
  • Proficient utilizing open source command line tools, internally built tools, or external industry standard tools to find relevant data or risks
  • Strong analytical and writing skills, with ability to rapidly and accurately break down technical topics and effectively assess and communicate risks and potential impacts to a wide variety of audiences

What else would be great:

  • Experience as part of a red team or purple team in a corporate environment, or performing red team exercises on behalf of corporate clients
  • Experience with incident response or reverse engineering
  • OSCP, OSCE, OSEP, GREM, GPEN, GXPN, GWAPT, CEPT, or equivalent advanced security certification a plus
  • Proficiency in Russian, Chinese, Spanish, or other languages highly desirable
  • Familiarity with the deep and dark web or illicit communities

Why Flashpoint is a Great Place to Work:

  • Diversity.  Flashpoint is committed to fostering, cultivating and preserving a culture of diversity, inclusion, belonging, and equity. We recognize that diversity is key to achieving our vision. We believe that every person and their experiences contribute to building a work environment and products and services that will change the world.
  • Culture and Belonging.  Our company’s culture isn’t something you join, it’s something you build and shape, and each person's unique backgrounds and experiences contribute to who Flashpoint is and will become.  You will have ample opportunities to connect with coworkers through various communication channels and company-funded virtual events: book clubs, happy hours, committees, DIBE discussion group, Donut mixers, local team member meetups and much more. 
  • Perks. Flashpoint understands that personal wellness is one of the keys to a happy, healthy and productive work environment.  That’s why we also prioritize health and wellness perks like gym reimbursements, expensed lunches, cool cultural initiatives and inclusive employee events.
  • Career Growth. Flashpoint is invested in the growth of our team members and understands that frequent, two-way feedback is critical to that growth. We encourage regular one-on-ones with your manager, a regular schedule of performance reviews, learning and development opportunities, and guidance through formalized career paths; whether that be towards being a great manager, being a great individual contributor, or a lateral move to gain breadth of knowledge and experience.
  • A Great Place to Work. Literally. According to the 99% of employees surveyed, Flashpoint earned designation as a Great Place to Work-Certified™ Company for 2021. 100% of employees agree that new hires are made to feel welcome and appreciated. If you are interested in learning more, please check out our Certified Profile.

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Tags: Automation C DevSecOps Exploit GPEN GREM GWAPT GXPN Incident response Malware Open Source OSCE OSCP OWASP Pentesting PHP Python Red team Reverse engineering Risk management Scripting Threat intelligence TTPs Vulnerabilities Vulnerability management

Perks/benefits: Career development Startup environment Team events Wellness

Region: Remote/Anywhere
Job stats:  31  10  0
Category: Analyst Jobs

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.