Attack Surface Reduction Lead - Costa Rica
Costa Rica
DeepSeas
Nearly 1,000 organizations trust DeepSeas to transform their cybersecurity program with 24x7 detection and response, pen testing, and vCISO services.
Attack Surface Reduction Lead - Costa Rica
With 30 years of experience in cyber defense, DeepSeas is trusted by nearly 1,000 clients around the world, including Fortune 100 enterprises and mid-market organizations, higher education institutions, municipality and local governments, and federal agencies. Known for its programmatic approach to continuously transforming cyber defense programs, DeepSeas is recognized by Gartner as a top 40 provider of MDR and ranked as a top 5 MDR leader in the 2024 Frost Radar™: Global Managed Detection and Response (MDR) Market. In addition to its industry-leading MDR service, DeepSeas offers a full suite of advisory, compliance, and testing services to support clients on their cybersecurity transformation journeys, with an approach to cyber defense that prioritizes technical expertise, tradecraft, and continuous innovation to deliver unparalleled results.
Position OverviewDeepSeas is a dynamic and growing organization that is seeking an Attack Surface Reduction Leader to support our growing client base. As an Attack Surface Reduction Lead Analyst, you will work full-time supporting clients' security operation center (SOC) threat and vulnerability management (TVM) teams, and support their cybersecurity strategy in alignment with their business goals and objectives.This role requires a great deal of initiative, the successful candidate will be a self-starter, will require to have a strong Vulnerability Management experience, with working knowledge of:
• Vulnerability Management Lifecycle (Identification, Prioritization, Resolution, Verification & Monitoring , Reporting)
• business best practices in the vulnerability management area,
• strong technical understanding of vulnerabilities and IT infrastructure (i.e. Firewalls, Servers, Workstations, Agents, Switches, Cloud environments, APIs, and other).
• Vulnerability Research - Conducting in-depth analysis and investigation to identify potential weaknesses and vulnerabilities in the system.
• Monitoring of Threat Intel - Continuously monitoring and staying updated with the latest threat intelligence information to proactively identify and respond to potential security threats.
• Calculate Residual Risk of Vulnerabilities to the Environment - Assessing the potential impact and risk posed by vulnerabilities to the overall environment and determining the level of residual risk.
• Prioritization of Vulnerabilities - Evaluating and ranking vulnerabilities based on their severity, potential impact, and likelihood of exploitation to prioritize remediation efforts.
• Vulnerability Management Activities - Process Execution - Implementing and executing the vulnerability management process, including vulnerability scanning, analysis, and remediation.
• Vulnerability Management Activities - Process Improvement - Continuously improving the vulnerability management process by implementing best practices, incorporating feedback, and leveraging new technologies.
• Vulnerability Management Activities - VM Recommendations - Providing recommendations and guidance on vulnerability management strategies, tools, and techniques to enhance the overall security posture.
• Vulnerability Management Activities - Apply VM Methodology - Applying a systematic and structured approach to vulnerability management, including identification, assessment, mitigation, and verification of vulnerabilities.
• Vulnerability Management Activities - Collaborate with Stakeholders - Collaborating and engaging with relevant stakeholders, such as IT teams, security professionals, and business units, to ensure effective communication and alignment in vulnerability management efforts.
• Experience: 5+ years of experience in cybersecurity vulnerability management or a related field.
• Expert level knowledge of vulnerability assessment/management tools such: Qualys, Tenable, Rapid7
• Strong project management skills, preferably in Agile methodologies
• Familiarity with OS, network architectures, and malware analysis tools.
• Understanding of MITRE ATT&CK frameworks
• Understanding of Risk Management
• Working knowledge of scripting languages as Python, PowerShell, and/or Bash
• Working experience of APIs
• Good understanding of Service Now ITSM module
• Team management skills
Certifications: CySA+, Pentest+, CEH, OSCP, or similar (Vendor related certifications for VM Products)
This is your chance to join a supportive crew of teammates and an industry-leading organization that values opportunities for growth. If DeepSeas sounds like a good fit for you, send us your resume and let’s talk!
Information security is everyone’s responsibility:
· Understanding and following DeepSeas’s information security policies and procedures.· Remaining vigilant and reporting any suspicious activity or possible weaknesses in DeepSeas’s information security.· Actively participating in DeepSeas’s efforts to maintain and improve information· security.· DeepSeas considers this position is as Moderate Risk with a potential to· view/access/download restricted/private client/internal data. This information must be treated with· sensitivity and in the most secure manner. HR reserves the right to perform random background/drug· screens to ensure the safety of client/DeepSeas data
Department: Security Operations
Employment Type: Full Time
Location: Costa Rica
Description
Company BackgroundWith 30 years of experience in cyber defense, DeepSeas is trusted by nearly 1,000 clients around the world, including Fortune 100 enterprises and mid-market organizations, higher education institutions, municipality and local governments, and federal agencies. Known for its programmatic approach to continuously transforming cyber defense programs, DeepSeas is recognized by Gartner as a top 40 provider of MDR and ranked as a top 5 MDR leader in the 2024 Frost Radar™: Global Managed Detection and Response (MDR) Market. In addition to its industry-leading MDR service, DeepSeas offers a full suite of advisory, compliance, and testing services to support clients on their cybersecurity transformation journeys, with an approach to cyber defense that prioritizes technical expertise, tradecraft, and continuous innovation to deliver unparalleled results.
Position OverviewDeepSeas is a dynamic and growing organization that is seeking an Attack Surface Reduction Leader to support our growing client base. As an Attack Surface Reduction Lead Analyst, you will work full-time supporting clients' security operation center (SOC) threat and vulnerability management (TVM) teams, and support their cybersecurity strategy in alignment with their business goals and objectives.This role requires a great deal of initiative, the successful candidate will be a self-starter, will require to have a strong Vulnerability Management experience, with working knowledge of:
• Vulnerability Management Lifecycle (Identification, Prioritization, Resolution, Verification & Monitoring , Reporting)
• business best practices in the vulnerability management area,
• strong technical understanding of vulnerabilities and IT infrastructure (i.e. Firewalls, Servers, Workstations, Agents, Switches, Cloud environments, APIs, and other).
Key Responsibilities
• Vulnerability Research - Conducting in-depth analysis and investigation to identify potential weaknesses and vulnerabilities in the system.
• Monitoring of Threat Intel - Continuously monitoring and staying updated with the latest threat intelligence information to proactively identify and respond to potential security threats.
• Calculate Residual Risk of Vulnerabilities to the Environment - Assessing the potential impact and risk posed by vulnerabilities to the overall environment and determining the level of residual risk.
• Prioritization of Vulnerabilities - Evaluating and ranking vulnerabilities based on their severity, potential impact, and likelihood of exploitation to prioritize remediation efforts.
• Vulnerability Management Activities - Process Execution - Implementing and executing the vulnerability management process, including vulnerability scanning, analysis, and remediation.
• Vulnerability Management Activities - Process Improvement - Continuously improving the vulnerability management process by implementing best practices, incorporating feedback, and leveraging new technologies.
• Vulnerability Management Activities - VM Recommendations - Providing recommendations and guidance on vulnerability management strategies, tools, and techniques to enhance the overall security posture.
• Vulnerability Management Activities - Apply VM Methodology - Applying a systematic and structured approach to vulnerability management, including identification, assessment, mitigation, and verification of vulnerabilities.
• Vulnerability Management Activities - Collaborate with Stakeholders - Collaborating and engaging with relevant stakeholders, such as IT teams, security professionals, and business units, to ensure effective communication and alignment in vulnerability management efforts.
Skills Knowledge and Expertise
• Education: Bachelor's degree in Cybersecurity, Computer Science, or related field.• Experience: 5+ years of experience in cybersecurity vulnerability management or a related field.
• Expert level knowledge of vulnerability assessment/management tools such: Qualys, Tenable, Rapid7
• Strong project management skills, preferably in Agile methodologies
• Familiarity with OS, network architectures, and malware analysis tools.
• Understanding of MITRE ATT&CK frameworks
• Understanding of Risk Management
• Working knowledge of scripting languages as Python, PowerShell, and/or Bash
• Working experience of APIs
• Good understanding of Service Now ITSM module
• Team management skills
Certifications: CySA+, Pentest+, CEH, OSCP, or similar (Vendor related certifications for VM Products)
Why DeepSeas?
Why DeepSeas? At DeepSeas, we like to say that heart rates go down, careers take off, and security programs mature. Our values provide the ultimate guide for our daily behavior and decisions. Without these values, we aren’t DeepSeas. They preserve the essence of our organization, reflect the personalities of our Deeps (how we affectionately refer to our teammates), and enable us to exceed expectations. Our values are: · We are client obsessed. · We stand in solidarity with our teammates.· We prioritize personal health and well-being.· We believe in the power of diversity.· We solve hard problems at the speed of cyber.This is your chance to join a supportive crew of teammates and an industry-leading organization that values opportunities for growth. If DeepSeas sounds like a good fit for you, send us your resume and let’s talk!
Information security is everyone’s responsibility:
· Understanding and following DeepSeas’s information security policies and procedures.· Remaining vigilant and reporting any suspicious activity or possible weaknesses in DeepSeas’s information security.· Actively participating in DeepSeas’s efforts to maintain and improve information· security.· DeepSeas considers this position is as Moderate Risk with a potential to· view/access/download restricted/private client/internal data. This information must be treated with· sensitivity and in the most secure manner. HR reserves the right to perform random background/drug· screens to ensure the safety of client/DeepSeas data
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Job stats:
8
3
0
Category:
Leadership Jobs
Tags: Agile APIs Bash CEH Cloud Compliance Computer Science Cyber defense Firewalls IT infrastructure Malware MITRE ATT&CK Monitoring OSCP PowerShell Python Qualys Risk management Scripting SOC Strategy Threat intelligence Vulnerabilities Vulnerability management
Perks/benefits: Career development
Region:
North America
Country:
Costa Rica
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.
Security Operations Engineer jobsPenetration Tester jobsSenior Cyber Security Engineer jobsSenior Cybersecurity Engineer jobsInformation Security Officer jobsInformation Systems Security Officer jobsPrincipal Security Engineer jobsCloud Security Architect jobsSenior Network Security Engineer jobsInformation System Security Officer jobsChief Information Security Officer jobsSenior Penetration Tester jobsStaff Security Engineer jobsSecurity Specialist jobsSecurity Consultant jobsCyber Security Specialist jobsIT Security Engineer jobsSenior Information Security Analyst jobsCyber Security Architect jobsSecurity Operations Analyst jobsSenior Product Security Engineer jobsCybersecurity Consultant jobsSenior Information Security Engineer jobsInformation System Security Officer (ISSO) jobsThreat Intelligence Analyst jobs
SaaS jobsSDLC jobsMalware jobsEncryption jobsRMF jobsForensics jobsSQL jobsGDPR jobsIPS jobsSplunk jobsIDS jobsTop Secret jobsEDR jobsFinance jobsDoDD 8570 jobsTerraform jobsBash jobsITIL jobsOWASP jobsCRISC jobsUNIX jobsGIAC jobsCompTIA jobsDocker jobsIntrusion detection jobs
TCP/IP jobsBanking jobsSANS jobsThreat detection jobsData Analytics jobsActive Directory jobsPolygraph jobsCCSP jobsOSCP jobsClearance Required jobsVPN jobsCyber defense jobsIT infrastructure jobsSOC 2 jobsAnsible jobsJavaScript jobsSOX jobsDNS jobsSOAR jobsJira jobsGCIH jobsSecurity strategy jobsOracle jobsNIST 800-53 jobsCryptography jobs