Offensive Cyber Security Analyst
Franklin, Tennessee - United States of America
Nissan Motor CorporationNissan Motor Corporation Global Website: Visit the site for information about Nissan, sustainability, IR, and innovation. This site also provides various Nissan initiatives, including design, safety, quality, and community engagement.
With a focus on Mobility, Operational Excellence, Value to our Customers and the Electrification of vehicles, you can expect to be part of something exciting. From the sleek design of our vehicles to the unique opportunities we offer around the globe, Nissan exemplifies ingenuity in everything we do. Our people are what drive the business forward.
We’re currently looking for a a recent college graduate with an interest in Vulnerability Threat Management to join our team as Offensive Cyber Security Analyst at our Nissan Americas HQ in Franklin, TN (onsite).
A vulnerability threat management analyst is an advanced, hands-on practitioner and representative of the cybersecurity offensive team. The role is technical, and candidates must possess a solid understanding of information security. The role also requires an understanding of business and governance process. Vulnerability threat management analysts are responsible for the overall management lifecycle of the program. They must understand applications, operating systems, networking, cloud infrastructure and basic attacker tactics, techniques and procedures (TTPs). Additionally, analysts are expected to maintain a high level of rigor to stay up-to-date with advancements in technology, while also retaining knowledge of older systems and applications in use.
Vulnerability threat management analysts are expected to assist with strategic initiatives for short- as well as long-term plans to identify and reduce the attack surface across applications and systems. Use of automated tools to identify, assess and report is expected, with emphasis placed on effective communication to constituents relying on applications and systems that support their business. Vulnerability management analysts take an active lead to inform, advise and partner with business units to help better secure their operations. Also the role is responsible for conducting in-depth research, documenting threats, understanding the risk to the business, and sharing information with those who need to know. Among the research conducted, the analyst will seek to uncover patterns and trends and be forward-thinking as to how threats may evolve. Furthermore, the analyst will participate in simulation exercises designed to uncover weaknesses related to threats, with the goal of implementing defensive solutions prior to attacks and disrupting attacks in progress. The analyst will also distill threat intelligence so technical and non-technical contacts can understand it and make educated decisions about next-step action
- Job Description
- Work as a team to consistently learn and share advanced skills and foster team excellence.
- Manage vulnerabilities across applications, endpoints, databases, networking devices, and mobile, cloud and third-party assets.
- Conduct continuous discovery and vulnerability assessment of enterprise-wide assets.
- Document, prioritize and formally report asset and vulnerability state, along with remediation recommendations and validation.
- Communicate vulnerability results in a manner understood by technical and non-technical business units based on risk tolerance and threat to the business, and gain support through influential messaging.
- Procure and maintain tools and scripts used in asset discovery and vulnerability status.
- Leverage vulnerability database sources to understand each weakness, its probability and remediation options, including vendor-supplied fixes and workarounds.
- Support internal and external auditors in their duties that focus on compliance and risk reduction.
- Collaborate with security groups such as red teams, threat intelligence and risk management to form a holistic team dedicated to thwarting attackers and reducing attack surface.
- Work closely with infrastructure teams to advise and support remediation efforts to close vulnerability exposure to new threats in the wild and verify the organization’s security posture against them.
- Regularly research and learn new TTPs in public and closed forums, and work with colleagues to assess risk and implement/validate controls as necessary.
- Maintain an active database comprising third-party assets, their vulnerability state, remediation recommendations, overall security posture and potential threat to the business.
- Arrange and provide support to business units launching new technology applications and services to verify that new products/offerings are not at risk of misconfiguration, compromise or information leakage.
- Periodically attend and participate in change management policy discussions and meetings.
- Define key performance indicators (KPIs) and metrics across business units to illustrate effectiveness with vulnerability management.
- Understand breach and attack simulation solutions for known vulnerabilities and work with the team to validate controls effectiveness.
- Liaise with the security engineering team to improve tool usage and workflow, as well as with the advanced threats and assessment team to mature monitoring and response capabilities.
Additional Job Description
- Research current and emerging threats facing the business and industry sector.
- Track threat actor infrastructure and associated malware families.
- Centralize multiple threat sources (premium, industry-shared, open-source, dark web), correlate indicators and threats, and distill actionable intelligence.
- Use automation to efficiently streamline and de-duplicate threats for playbooks, but use human analysis for actionable decision-making.
- Actively hunt for exposures and identify incidents warranting action to disrupt and remediate threats.
- Use and assign indicator severity and impact ratings to determine appropriate plans of action.
- Document threats into contextual reports outlining severity, urgency and impact, and ensure they can be understood by both management and technical teams.
- Serve as a trusted advisor to establish credibility with business unit leadership and technical teams.
- Share relevant information with stakeholders and make recommendations for next steps when facing threats.
- Actively participate in threat hunting tabletop exercises to hone and strengthen skills across the team.
- Evaluate and implement deception techniques designed to thwart adversaries.
- Work closely with security leadership to instill cybersecurity policies and practices throughout business units to address security operations, incident response, application security and infrastructure.
- Actively inform and engage in security projects across the business to disrupt active or potential threats.
- Be readily available to participate in collaborative threat analysis meetings with internal and external trusted entities.
- Maintain an up-to-date level of knowledge related to security threats, vulnerabilities and mitigations to reduce attack surface, and circulate it through business units.
- Motivate business units to adopt cybersecurity controls to reduce attack surface.
- Openly support the CISO, management team and executive leadership, even during tumultuous times.
- Perform other duties as assigned.
Four-year bachelor's degree in cyber security or a related field such as information technology or Information security or computer science along with min 1 year of experience is required.
Key skills: Cyber Defense; Cyber Operations; Cyber Threat Analysis; Cyber Threat Hunting; Extensive knowledge of cybersecurity principles; Use accepted cybersecurity practices; Very knowledgeable about cybersecurity threats and vulnerabilities
All of us at Nissan – regardless of functional area or expertise – share a passion to design, manufacture, and sell high-performance vehicles. It is Nissan’s policy to provide Equal Employment Opportunity (EEO) to all persons regardless of race, gender, military status, disability, or any other status protected by law. Candidates for this position must be legally authorized to work in the United States and will be required to provide proof of employment eligibility at the time of hire. Visa sponsorship for this position is not available at this time.
NISSAN FOR EVERYONE
People are our most valuable assets, and diversity and inclusion are the key to maximizing the power of each individual member of our team. When everyone belongs, the power of NISSAN is undeniable. Our Corporate Diversity Initiative aims to improve business results by ensuring that our workplace and core businesses meet the unique needs of our employees and customer base.
Nissan is committed to creating a culture where everyone belongs and employees, customers, and partners feel respected, valued, and heard. We have over 10 Business Synergy Teams (BSTs) across the U.S. and Canada that connect employees – with shared characteristics or interests – build allies, and foster a company culture where all employees feel supported and included.
Nissan also values inclusion in all areas of our business as we strive to mirror the diversity of our customer base and the communities where we do business. We are committed to procuring innovative goods and services, retailing our products and communicating from a diverse perspective which will help us continue to offer our customers competitively designed, market-driven products.
Join us as we carry our commitment to diversity and inclusion into the future.Franklin Tennessee United States of America
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Application security Automation Cloud Compliance Computer Science Cyber defense Governance Incident response KPIs Malware Monitoring Risk management Threat intelligence TTPs Vulnerabilities Vulnerability management
More jobs like this
Remote - Texas Remote - Texas Full TimeSenior Senior-levelUSD 150K - 190K USD 150K+
Sr Director Analyst, Technical Expert - SOC, SIEM, Network Security, Remote - USNetwork security Privacy SIEM SOC Strategy ZTNA
401(k) matching Career development Conferences Salary bonus Startup environment +1
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open IT Security Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Information Security Officer jobs
- Open Security Operations Engineer jobs
- Open Analyste CERT / Incident Responder junior (H/F) jobs
- Open Ingénieur DevSecops H/F jobs
- Open Staff Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Security Architect jobs
- Open Chief Information Security Officer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Analyste CERT / Incident Responder senior (H/F) jobs
- Open o365 Security Architect jobs
- Open Senior Security Analyst jobs
- Open Principal Security Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Staff Product Security Engineer jobs
- Open Electronic Warfare Advanced Tactical Trainer jobs
- Open Product Security Engineer jobs
- Open Security Researcher jobs
- Open Cyber Security Architect jobs
- Open GCP-related jobs
- Open SOC-related jobs
- Open Risk assessment-related jobs
- Open Network security-related jobs
- Open Governance-related jobs
- Open Pentesting-related jobs
- Open ISO 27001-related jobs
- Open Analytics-related jobs
- Open CISM-related jobs
- Open SaaS-related jobs
- Open Threat intelligence-related jobs
- Open IAM-related jobs
- Open Malware-related jobs
- Open Java-related jobs
- Open Security Clearance-related jobs
- Open Vulnerability management-related jobs
- Open CISA-related jobs
- Open DevOps-related jobs
- Open Kubernetes-related jobs
- Open Security assessment-related jobs
- Open Forensics-related jobs
- Open APIs-related jobs
- Open SQL-related jobs
- Open CI/CD-related jobs
- Open EDR-related jobs