Senior Security Analyst - Vulnerability Management
Cradlepoint

Job Info

---

Overview

~This is a remote opportunity~

Cradlepoint was born in Boise and built for wireless. We are a team of authentic, hard-working, and innovative people driven by a shared vision toConnect Beyond the limits of wired networks. We help customers - big and small, across industries and around the world - utilize LTE and 5G cellular technology to connect people, places, and things, anywhere.We're at the forefront of the Wireless WAN and 5G - the next big waves in networking - and we remain as hungry and humble as the day we started. If you're hungry to be part of something big, come join us.
Responsibilities

How Will You Contribute to the Company?

Cradlepoint has an immediate opening for a lead analyst on the Attack Surface Management team to support our Global Information Security function. Organizations often see security as collections of identified vulnerabilities in silos. This role will be forward thinking and assist with developing unique solutions that are at the forefront of technology. You will primarily assist with the identification and notification of vendor patches which will be accomplished by tracking internal and external vulnerabilities, and then applying the appropriate risk ratings to prioritize remediation to ensure Cradlepoint is appropriately protected. This role will be expected to work with various teams and their managers, supervisors and/or professional staff and may lead project teams to achieve milestones or objectives, plus coordinate with IT Operations & Engineering. You will engage business personnel to ensure remediation solutions are identified, tested and made available to all groups responsible for vulnerability remediation. You will be expected to be a proactive worker and generate security solutions that enhance the business they support. You must be able to take your experience and knowledge of security to the next level and work with a world class team to deliver on the Attack Surface Management goal of developing the complete perspective for operational and management visibility of Cradlepoint's overall Attack Surface. Are you up for the challenge?

What Will You Do?

• Implement the enterprise-wide strategy and key initiatives/projects focused on the reduction of technology risk within Cradlepoint under the direction of the Director of Attack Surface Management
• Operate as a Subject Matter Expert (SME) for Vulnerability Management
• Assist in the development of solutions and solving complex/unique problems with regards to Cradlepoint's Attack Surface
• Assist in the execution of departmental plans, including business, production and/or organizational priorities and contribute to the Attack Surface Management functional strategy
• Work with IT and business teams to develop solutions that address root causes
• Utilize existing vulnerability management, security configuration management, and web application scanning tools and processes to extend coverage, increase effectiveness and expand capabilities
• Work with diverse IT and business teams to assist in developing solutions to remediate identified vulnerabilities and misconfigurations in a risk prioritized, effective and efficient fashion
• Provide support to Audit, Legal, Human Resources, Corporate Security and Executives
• Possess the ability to effectively identify, evaluate and communicate new and ongoing security threats

Qualifications

• Bachelor's degree in Information Systems, Cybersecurity, or a related field and minimum 7-10 years of relevant experience in the Information Security field. Additional years of relevant experience will be considered in lieu of a degree
• Minimum 4-6 years of experience in Information Security with experience in vulnerability management, security configurations management, or other security scanning
• Possess strong technical security skills and comprehension of security and risk
• Ability to work on complex projects and with diverse teams
• Experience with Vulnerability Management tools such as Qualys QualysGuard, Rapid7, Tenable Nessus, etc.
• Experience with Policy Compliance tools such as Qualys, Symantec CCS, Microsoft SCCM, etc.
• Experience with Web Application Scanning tools such as WhiteHat, Appscan, WebInspect, etc.
• Experience with vulnerability management tool integrations such as GRC, ticketing systems, SIEM, etc.
• Experience with SAST/DAST tools such as Synopsis, SonarQube, Veracode, Checkmarx etc.
• Experience with FOSS Scanning/SCA tools such as Blackduck, Phylum, Snyk, etc.
• Familiar with Security Single Pane of Glass implementations or frameworks such as ServiceNow, RSA Archer, Kenna, RSAM, etc.
• Knowledge and experience with diverse IT architectures and enterprise IT data centers, large-scale transaction processing environments, external hosted services and cloud computing environments. Extensive knowledge and experience with physical and virtual server configurations and implementations as well
• Experience working with security management tools (e.g., vulnerability scanners, file integrity monitoring, configuration monitoring, etc.) and perimeter technologies (e.g., router, firewalls, web proxies and intrusion prevention, etc.)
• Knowledge of configuration management, change control/problem management integration, risk assessment and acceptance, exception management and security baselines (e.g. CIS Baselines, NIST, vendor security technical implementation guides, etc.)
• Knowledge of and experience with applying Common Weakness Enumeration (CWE), Common Vulnerability Scoring System (CVSS), Common Vulnerabilities and Exposures (CVE and Open Web Application Security Project (OWASP) processes and remediation recommendations
• Strong technical understanding and experience assessing threats to and identifying weaknesses in multiple operating system platforms, database and application servers, and custom and off-the-shelf applications, etc.
• Must be both a self-starter and team player with the ability to work independently with limited supervision
• Excellent writing and verbal communication skills, interpersonal and presentation skills and the proven ability to influence and communicate effectively
• Must be extremely flexible and able to manage multiple tasks and priorities on very tight deadlines
• Security-related certifications a plus - CRISC, CISSP, CISM, CEH, etc.

Note: Did you know that women and other marginalized groups often hold back on applying to jobs if they don't meet 100% of all listed requirements? We don't want you to hold back! If you don't check every single box above but still feel like you could successfully do the work, we encourage you to apply! We'd love to connect and see how you could add to our team.

Why Cradlepoint?

At Cradlepoint, we're one team - all in on inclusion. Celebrating the uniqueness of our individual team members across the globe helps us build diverse teams where we all can thrive. Our connected, community-focused culture enables each one of us to perform at our best and fully be ourselves.

Our Cradlepoint values drive everything we do:

• Stay humble and hungry: Be a curious learner, resilient, and competitive.
• Don't point a finger; lend a hand: We are one team! Communicate, provide support, and lift others.
• Make a difference: Prioritize, innovate, differentiate, and think big for customer success. Make a difference in work and in our communities.
• Keep it simple: Eliminate complexity. Reduce time to value.
• Enjoy the ride: Celebrate - appreciate - grow.
• Trust, Respect, and transparency: Be ethical, data-driven, respectful, and straight shooters who share openly.

We are creating the future of global connectivity & community. Come join us. You belong here.

Benefits & Perks:

• Competitive salary with a focus on a global market; Annual and Incremental Incentive plans; employee retirement plans (where available)
• Flexible Time Off with Global Holiday Schedules to promote work-life balance
• Wellness initiatives focused on the health and mental well-being of our team members and their families, including free membership to Headspace (a mindfulness and well-being app), an International Employee Assistance Program, and dedicated quarterly Well-being Days and No Internal Meeting Fridays.
• Ongoing training and development opportunities
• Eligible to participate in customary health and other benefit plans and programs based on location
• Work from home opportunities across our global locations with a culture rooted in inclusion and teamwork

#LI-MM1

#LI-Remote

Cradlepoint's Diversity, Equity, Inclusion, and Belonging mission is to create an inclusive work environment where all employees' differences are celebrated, their thoughts matter, and everyone feels safe to bring their authentic selves to work. We're proud to be an equal opportunity employer and aim to attract, develop, and engage top talent from a diverse candidate pool. It is our policy and commitment to provide equal opportunity employment for all persons and not discriminate in employment decisions by placing the most qualified person in each job, without regard to any other classification protected by federal, state, or local law.

This job has expired.