Sr. Staff Cybersecurity Analyst
Sr. Staff Cybersecurity Analyst
Reporting to the Director of Information Security & Compliance, the Senior Staff Cybersecurity Analyst will actively participate in cybersecurity programs strategic design as well as operational execution. Additional facets of participation include control design, implementation, and documentation and working with internal teams and external stakeholders on technical projects, sometimes as the single technical point of contact for one or more cybersecurity projects.
The Senior Staff Cybersecurity Analyst is responsible for performing various hands-on cybersecurity activities including controls analysis and implementation at every layer of the technology architecture (application, database, host, network) and conducting technical application & architecture design reviews and gap assessments to mitigate cyber risk. Additional responsibilities may include participating in cyber event/incident response, selection/implementation of appropriate security solutions, cybersecurity audit remediation follow ups, and other risk analysis activities as needed. The Senior Staff Cybersecurity Analyst promotes an efficient and secure technology environment in alignment with present and future cyber risks.
This is a unique opportunity to join a dynamic and growing team with a fantastic organization. In this role you will be exposed to various cutting-edge technologies, including various cloud platforms and the latest cybersecurity technologies to ensure their protection. Are you ready for the challenge?
- Bachelor's degree (Masters preferred) in computer science, information technology, management information systems, or a related study or equivalent experience.
- 8-10+ years Information/Cybersecurity experience with a minimum of 6 years of cybersecurity analyst, engineer, and/or architecture experience.
- Expert-level knowledge of cybersecurity, as well as industry trends.
- Expert-level knowledge and extensive experience working with various cybersecurity aspects of cloud environments including Microsoft Azure, O365, AWS or other similar relevant environments is highly desired.
- Expert-level knowledge and experience working with Microsoft Azure-ATP, Azure Information Protection (AIP), multi-factor authentication, CloudAppSec (MCAS), Defender-ATP, EOP-ATP, Sentinel SIEM, is highly desired.
- Strong knowledge and experience working as a cybersecurity analyst working with, securing, and extracting value from various technology systems including AV/EDR, DLP, Email filtering, Firewalls/IPS, MDM, SIEM, Vulnerability management, and Web content filtering systems.
- Expert-level knowledge and extensive experience in developing cybersecurity documentation and standards.
- Experience conducting cyber event and incident analysis and consistently identifying root cause, or leading teams to identify root causes, as part of a CSIRP.
- Having an innate process-orientation and/or extensive experience working within a mature process-oriented environment and being able to translate that skillset, is highly desired.
- Strong knowledge and experience with industry-standard risk/control frameworks: AICPA SOC 1 or 2, CIS Top 20, COSO, NIST, SOX, etc. is a plus.
- Familiarity with SDLC, DevOps, as well secure software development practices and maturity models is a plus.
- Knowledge of common authentication and cryptographic standards/tools and how to secure APIs is a plus.
- Experience evangelizing cybersecurity practices across multiple technical teams.
- Experience in working with geographically distributed and culturally diverse stakeholders.
- Ability to operate autonomously and create new, robust cyber risk analyses and results.
- Ability to communicate effectively regardless of the medium and initiate, lead and organize communications on significant milestones.
- Orchestrates paradigm-shifting conversations for the team, introduces team to new opportunities for external engagement as well as personal growth.
- May independently own the design of specific cybersecurity technology strategies, tactics, and processes and oversee their implementation to achieve established goals.
- Advanced task/time management, process & project management, and business acumen (e.g. negotiation, influence, understand key business drivers etc.).
- Mentorship of team in key cyber risk analysis & project work.
LICENSES AND CERTIFICATES:
- One or more cybersecurity certifications desired: CISSP, CCSP, CSSLP, CEH, GCSA, CCNA, SANS GIAC – GSEC, GWEB, or other relevant certifications a plus.
ESSENTIAL JOB FUNCTIONS/DUTIES:
- Participate in Information Security & Compliance team strategic design as well as day-to-day operational execution.
- Act as the single technical point of contact (sometimes as hands-on SME) for multiple Cybersecurity projects and work in coordination with management/project management to achieve cybersecurity OKRs.
- Act as incident lead to ensure relevant processes are being followed (e.g. CSIRP etc.) and that the incident response team is consistently and accurately identifying root cause of suspicious cyber activity.
- Oversee and participate in cybersecurity operations (event monitoring, incident response, threat & vulnerability management etc.).
- Follow established cybersecurity procedures and recommend improvements and/or develop new policies, processes, or procedures where necessary.
- Develop robust standard operating procedures for the team where gaps are identified.
- Stay abreast of new innovations and trends related to cybersecurity-focused technologies.
- Perform security architecture implementations and reviews as needed.
- Lead the evaluation and analysis of potential new security applications and systems and make recommendations to management.
- Communicate unresolved security exposures, misuse, or non-compliance situations to management.
- Other duties as assigned by supervisor.
Optional Job Functions/Duties (Based on Experience):
- Act as Information Security team liaison with Product Security team to include recommendations on secure development as well as various other shared initiatives.
- For example, perform application security reviews and/or develop strategies and/or procedures to improve product security-specific cyber event monitoring and response activities.
- Help to ensure smooth flow of work between Information & Product Security teams.
We want to help you do the best work of your life
We believe the most valuable investment we can make — and the greatest boost we can give your career — is an exceptional team of colleagues who are passionate about what we are doing.
We currently offer the following benefits and will continually evolve them with the goal of efficiently attracting, retaining and leveraging the very highest quality talent.
- Our passionate, capable team will always be our #1 benefit
- We are proud of the team we have built so far, and we are excited about the team we have yet to add
- Learn something new every day
- Get more done than you would anywhere else
- Competitive salaries and stock option grants
- Health, dental, and vision benefits for you and your family
- Flexible work hours
- Unlimited vacation policy
- A modern 401(k) plan
- Wellness benefits (Health FSA)
We believe in Equal Opportunity
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.