Cyber Security Analyst - Offensive Vulnerability Mgmt
México City, Ciudad de Mexico - Mexico
Nissan Motor Corporation
Nissan Motor Corporation Global Website: Visit the site for information about Nissan, sustainability, IR, and innovation. This site also provides various Nissan initiatives, including design, safety, quality, and community engagement.With a focus on Mobility, Operational Excellence, Value to our Customers and the Electrification of vehicles, you can expect to be part of something exciting. From the sleek design of our vehicles to the unique opportunities we offer around the globe, Nissan exemplifies ingenuity in everything we do. Our people are what drive the business forward.
We’re currently looking for a Cyber Security Analyst (Remote) join our InfoSec Offensive Vulnerability Management, Threat Intelligence, Application Code Scanning, Penetration Testing team in Mexico City, MX. The Cyber Security Analyst is an advanced and highly trusted role supporting the enterprise cybersecurity program. Additionally, serves across all areas of threat intelligence to help inform and defend the business, and protect brand reputation. The analyst monitors application, host and network threats, including external threat actors and rogue insiders. The analyst understand that systems and applications may have weaknesses that can be exploited by external threat actors and potentially lead to a breach. Given that vulnerability management and risk exposure extend across all technical systems enterprise-wide, responsibilities of this position include identifying assets and vulnerabilities, reporting, remediation and continuous assessment.
As a trusted member of the cybersecurity team and industry community, the analyst works closely with internal technical teams, business units and external entities aligned with the business, including private intelligence-sharing groups, law enforcement, government agencies and public affiliation peers.
The Cyber Security Analyst is responsible for conducting in-depth research, documenting threats, understanding the risk to the business, and sharing information with those who need to know. Among the research conducted, the analyst will seek to uncover patterns and trends and be forward-thinking as to how threats may evolve. Furthermore, the analyst will participate in simulation exercises designed to uncover weaknesses related to threats, with the goal of implementing defensive solutions prior to attacks and disrupting attacks in progress. The analyst will also distill threat intelligence so technical and non-technical contacts can understand it and make educated decisions about next-step actions. The Cyber Security Analyst works in tandem with Manager and Sr. Manager to elevate the company’s security posture.
Job Duties:
· Manage vulnerabilities across applications, endpoints, databases, networking devices, and mobile, cloud and third-party assets.
· Conduct continuous discovery and vulnerability assessment of enterprise-wide assets.
· Document, prioritize and formally report asset and vulnerability state, along with remediation recommendations and validation.
· Communicate vulnerability results in a manner understood by technical and non-technical business units based on risk tolerance and threat to the business, and gain support through influential messaging.
· Procure and maintain tools and scripts used in asset discovery and vulnerability status.
· Leverage vulnerability database sources to understand each weakness, its probability and remediation options, including vendor-supplied fixes and workarounds.
· Document and formally report testing initiatives, along with remediation recommendations and validation.
· Conduct tactical assessments that require expertise in social engineering, application security (web and mobile), physical methods, lateral movement, threat analysis, internal and external network architecture and a wide array of commercial and bring-your-own (BYO) products.
· Develop and maintain tools and scripts used in penetration-testing and red team processes.
· Support purple team exercises designed to build strength across disparate teams.
· Work closely with the security operations center (SOC) to leverage intelligence sources, identify new threats in the wild and verify the organization’s security posture against them.
· Work closely with infrastructure teams to advise and support remediation efforts to close vulnerability exposure to new threats in the wild and verify the organization’s security posture against them.
· Regularly research and learn new TTPs in public and closed forums, and work with colleagues to assess risk and implement/validate controls as necessary.
· Maintain an active database comprising third-party assets, their vulnerability state, remediation recommendations, overall security posture and potential threat to the business.
Skills and Experience:
· At least 2-5+ years' experience in information security administration, offensive tactics, monitoring and IR.
· Proficient in scripting languages such as Python, PowerShell, Bash and Ruby.
· Competent with testing frameworks and tools such as Burp Suite, Cobalt Strike, Kali Linux, Nessus, and PowerShell Empire.
· Experience conducting penetration-testing/red team engagements as a consultant or within a previous role in a professional organization.
· Strong operating system knowledge across *nix, Windows and Mac; proficient with networking protocols.
· Proficient with vulnerability management solutions such as Qualys, Nessus, Kenna Security, Tanium and open source.
· Experience stabilizing systems to run minimal application requirements, least privilege and additional host hardening.
· Understanding of Windows and *nix operating systems, endpoint applications, networking protocols and devices.
· Preferably some experience with vulnerability management across Amazon Web Services (AWS), Microsoft Azure or Google Cloud Platform (GCP).
· Experience conducting organization-wide vulnerability scanning and remediation processes
· Ability to obtain and maintain persistence within corporate systems, while avoiding detection.
· Familiarity with defensive and monitoring technologies such intrusion prevention/detection systems (IPS/IDS), security information and event management systems (SIEMs), firewalls, endpoint protection (EPP) and endpoint detection/response (EDR) tools, as well as user and entity behavior analytics (UEBA).
· Understanding of OWASP, the MITRE ATT&CK framework and the software development lifecycle (SDLC).
Education
· Bachelor's degree in a related discipline or equivalent work experience.
Professional security certifications preferred
· Has one or more of security certifications including GCED, OSCP, OSCE, GCIH GPEN, GWAPT, or CISSP.
Frameworks
· Working knowledge/experience with network systems, security principles, applications and risk and compliance initiatives such as Gramm-Leach Bliley Act (GLBA), Payment Card Industry (PCI), Health Information Portability and Accountability Ace (HIPAA), Sarbanes-Oxley Act (SOX) and the General Data Protection Regulation (GDPR).
Welcome to an open lane of possibility. Drive your career forward and join the company leading the technology and business evolution of the automotive industry by applying today.
Nissan is committed to a drug-free workplace. All employment is contingent upon successful completion of a drug screen for roles based in the United States and background screening for all positions.
All of us at Nissan – regardless of functional area or expertise – share a passion to design, manufacture, and sell high-performance vehicles. It is Nissan’s policy to provide Equal Employment Opportunity (EEO) to all persons regardless of race, gender, military status, disability, or any other status protected by law. Candidates for this position must be legally authorized to work in the United States and will be required to provide proof of employment eligibility at the time of hire; Nissan uses E-Verify to validate employment eligibility. **Visa sponsorship for this position is not available at this time. **
Mexico City Mexico* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Analytics Application security AWS Azure Bash Burp Suite CISSP Cloud Cobalt Strike Compliance EDR Firewalls GCED GCIH GCP GDPR GLBA GPEN GWAPT HIPAA IDS Intrusion prevention IPS Kali Linux MITRE ATT&CK Monitoring Nessus Open Source OSCE OSCP OWASP Pentesting PowerShell Python Qualys Red team Ruby Scripting SDLC SIEM SOC SOX Threat intelligence TTPs Vulnerabilities Vulnerability management Windows
Perks/benefits: Career development Equity / stock options
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.