Cyber Analyst

Come Build Your Career Under OUR Roof

Job Description:

The Cyber Analyst will report to the Director of Cybersecurity.

What Part Will You Play?

• This Cyber Analyst will be part of the Global Cyber Security Team tasked with supporting the Global Application Security and Vulnerability Program

• S/he will be developing Key Performance Indicators for Vulnerability Management, coordinating scanning schedules and reporting on remediation activities

What Will You Be Doing?

• This individual will ensure that vulnerabilities (infrastructure, network and endpoint) are properly identified and remediated in a timely manner in accordance with the established SLAs and with the goal of keeping GAF's application portfolio secure.

• Partnering with the Global Cyber Security Team and IT infrastructure professionals to assess potential impact and likelihood of application vulnerabilities and prioritize remediation activities

• Driving program maturity, reducing the time to vulnerability remediation by integrating technology platforms and automating processes

What Do We Require From You?

• Knowledge of industry standards relating to Vulnerability Management including:

• Common Vulnerabilities and Exposures (CVEs),

• Common Vulnerability Scoring System (CVSS),

• Open Web Application Security Project (OWASP)

• Strong written and verbal communication skills with the ability to collaborate through all parts of the business.

• Establish rapport and credibility with key stakeholders for effective oversight of remediation activities

Responsibilities:

The Cyber Analyst's job is composed of a variety of activities, centered primarily around improving overall vulnerability management security posture:

• Lead the execution of vulnerability detection capabilities for on-premise and cloud environments

• Partner with the Cybersecurity Operations team to deliver shared outcomes that improve effectiveness to detect and respond to vulnerabilities and threats

• Perform application security assessments (dynamic application security testing) for new and existing applications

• Work with the security architecture and engineering teams to develop and implement controls and configurations aligned with security policies and report key performance metrics.

• Provide metrics reporting the state of the vulnerability management program and the performance of stakeholders against requirements

LEVEL BASED COMPETENCIES:

• Good verbal, written and interpersonal communication skills

• Detailed knowledge of the Vulnerability Management life-cycle including vulnerability identification, false negative/positive identification, and elimination

• Experience developing and maintaining policies, procedures, standards and guidelines.

• Knowledge of:

• deployment in cloud environments: Azure, GCP (preferred), AWS, etc

• bonus points for containerization

• vulnerability management tools: Qualys, Nessus, Rapid7, etc

• OWASP Top 10 (Open Web Application Security Project)

• Cyber Security frameworks: MITRE ATT&CK, NIST, etc

• Excellent analytical and organizational skills

• Previous experience in an information security role, preferably vulnerability management.

• A bachelor's degree in information systems or equivalent work experience

Dimensions

No of direct reports: 0

No of indirect reports: n/a

Budget Responsibility: no

Travel Requirements: 10%

GAF is an equal opportunity employer.

We believe our employees are our greatest resource. We offer competitive salary, benefits, 401k, and vacation packages for all full time permanent positions. We are proud to be an equal opportunity workplace and GAF, Standard Logistics, SGI, and Siplast are proud to be affirmative action employers. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, or Veteran status. If you have a disability or special need that requires accommodation, please let us know. If applying for positions in the U.S., must be eligible to work in the U.S. without need for employer sponsored visa (work permit).