Cyber Defense Group (“CDG”) is a group of passionate information security experts working together to solve complex problems in the modern cyber age. Our clients range in size, industry and complexity, but all look to CDG to provide top-notch consultancy services. We are entrepreneurial in spirit and curious about the evolution of our industry and advancement in technology.
If you’re an A-player with a great work ethic and passion for all things security, please send your resume/CV to email@example.com.
Cybersecurity Risk AnalystOverview: With a home base in our Downtown Los Angeles office, the Cybersecurity Risk Analyst will be responsible for monitoring, detecting, and responding to security events, incidents and threats for clients throughout Southern California. This role ensures that security risks are analyzed and triaged using a wide range of information security technologies. This role will also help improve the risk posture for clients by implementing controls to prevent or mitigate security risks and exposures. In addition, this role is responsible for overseeing security assurance programs, reporting on compliance levels, identifying non-compliance issues and security vulnerabilities, and managing remediation activities.
- Review, validate, and categorize security events using a variety of information security technologies.
- Analyze a variety of network and host-based logs to assist with security investigations.
- Thoroughly document security investigations for various stakeholders across the client companies.
- Make recommendations and/or implement security controls and countermeasures to prevent or mitigate various security risks.
- Act as an ongoing consultant to both small and large organizations, often with complex corporate structures and outdated technologies.
- Oversee the maintenance and continual improvement of vulnerability management infrastructure, initiatives, integration, processes, and technical assessment support.
- Administer routine compliance and audit functions to ensure requirements are satisfied.
- Maintain dashboards and collect metrics and reports on vulnerability findings and remediation compliance.
- Facilitate proactive remediation of new vulnerabilities by collecting information from threat and vulnerability feeds, analyzing the impact/applicability to client environments and communicating applicable vulnerabilities and recommended remediation actions to the impacted teams.
- Work closely with both business-oriented executives as well as technology-oriented personnel to ensure adequate processes are in place and actions are being taken to mitigate identified risks proactively.
- Provide technical support and leadership to system owners to propose mitigation and remediation solutions to identified issues.
- Other duties as required.
- Bachelor’s degree is required. Master’s is a plus.
- At least 5 years of experience in information security, and a true passion for the work.
- An entrepreneurial spirit and a desire to work with much autonomy and often with little direction.
- Exceptional communication and advocacy skills, both verbal and written, with the ability to express complex technical issues in an easily understood manner. The incumbent will be interfacing directly with C-level executives of client companies, and must have exceptional presentation and report-writing skills.
- In-depth experience with vulnerability assessment tools as well as manual techniques.
- Hands-on experience in tools and processes used in security event and incident detection and protection
- Thorough understanding of well-known protocols
- In-depth network analysis, core forensic familiarity, and incident response skills.
- Ability to multi-task and work in fast-paced environment.
- Knowledge of information security industry and regulatory obligations (PCI DSS, SOX404, SOC1/2, ISO 27000-series, NIST Framework, etc.).
- Applicants selected for this position will require background screening and the ability to maintain a government security clearance. Applicants selected for a security clearance will be subject to a security investigation and must meet eligibility requirements for access to classified information.
- Must be available to work on an as needed basis during critical times.
- Ability to protect all forms of highly confidential and proprietary business information and ability to maintain the highest standards of privacy and security.
- Ability to follow and abide by all information and security policies and practices.
- Ability to travel to client locations by car, train, plane etc., sometimes on little notice.
- One or more information security certifications (i.e. CISSP, GSEC, GCIA, GCIH, GCFA, OSCP, etc.).
- Demonstrated proficiency in one or more coding languages (i.e. Python, Ruby, Perl, Bash etc.).
Please send your resume/CV to firstname.lastname@example.org to apply for this role.