Cyber Security Analyst - Ciudad de México - Nissan

Nissan

Empresa verificada

Ciudad de México

hace 1 semana

Publicado por:

Rodrigo Fernández

Reclutador de talento para beBee

Descripción

With a focus on Mobility, Operational Excellence, Value to our Customers and the Electrification of vehicles, you can expect to be part of something exciting.

From the sleek design of our vehicles to the unique opportunities we offer around the globe, Nissan exemplifies ingenuity in everything we do.

Our people are what drive the business forward.

Summary:

As a trusted member of the cybersecurity team and industry community, the analyst works closely with internal technical teams, business units and external entities aligned with the business, including private intelligence-sharing groups, law enforcement, government agencies and public affiliation peers.

The Cyber Security Analyst is responsible for conducting in-depth research, documenting threats, understanding the risk to the business, and sharing information with those who need to know.

Among the research conducted, the analyst will seek to uncover patterns and trends and be forward-thinking as to how threats may evolve.

Furthermore, the analyst will participate in simulation exercises designed to uncover weaknesses related to threats, with the goal of implementing defensive solutions prior to attacks and disrupting attacks in progress.

The analyst will also distill threat intelligence so technical and non-technical contacts can understand it and make educated decisions about next-step actions.

The Cyber Security Analyst works in tandem with Manager and Sr. Manager to elevate the company's security posture.

Job Duties:

Conduct continuous discovery and vulnerability assessment of enterprisewide assets.
Document, prioritize and formally report asset and vulnerability state, along with remediation recommendations and validation.
Communicate vulnerability results in a manner understood by technical and nontechnical business units based on risk tolerance and threat to the business, and gain support through influential messaging.
Procure and maintain tools and scripts used in asset discovery and vulnerability status.
Leverage vulnerability database sources to understand each weakness, its probability and remediation options, including vendorsupplied fixes and workarounds.
Document and formally report testing initiatives, along with remediation recommendations and validation.
Develop and maintain tools and scripts used in penetrationtesting and red team processes.
Support purple team exercises designed to build strength across disparate teams.
Work closely with the security operations center (SOC) to leverage intelligence sources, identify new threats in the wild and verify the organization's security posture against them.
Work closely with infrastructure teams to advise and support remediation efforts to close vulnerability exposure to new threats in the wild and verify the organization's security posture against them.
Regularly research and learn new TTPs in public and closed forums, and work with colleagues to assess risk and implement/validate controls as necessary.
Maintain an active database comprising thirdparty assets, their vulnerability state, remediation recommendations, overall security posture and potential threat to the business.

Skills and Experience:

At least 25+ years' experience in information security administration, offensive tactics, monitoring and IR.
Proficient in scripting languages such as Python, PowerShell, Bash and Ruby.
Competent with testing frameworks and tools such as Burp Suite, Cobalt Strike, Kali Linux, Nessus, and PowerShell Empire.
Experience conducting penetrationtesting/red team engagements as a consultant or within a previous role in a professional organization.
Strong operating system knowledge across *nix, Windows and Mac; proficient with networking protocols.
Proficient with vulnerability management solutions such as Qualys, Nessus, Kenna Security, Tanium and open source.
Preferably some experience with vulnerability management across Amazon Web Services (AWS), Microsoft Azure or Google Cloud Platform (GCP).
Experience conducting organizationwide vulnerability scanning and remediation processes
Ability to obtain and maintain persistence within corporate systems, while avoiding detection.
Familiarity with defensive and monitoring technologies such intrusion prevention/detection systems (IPS/IDS), security information and event management systems (SIEMs), firewalls, endpoint protection (EPP) and endpoint detection/response (EDR) tools, as well as user and entity behavior analytics (UEBA).
Understanding of OWASP, the MITRE ATT&CK framework and the software development lifecycle (SDLC).

Education

Bachelor's degree in a related discipline or equivalent work experience.
Professional security certifications preferred
Has one or more of security certifications including GCED, OSCP, OSCE, GCIH GPEN, GWAPT, or CISSP.

Frameworks
**Nissan (NMEX,NEdM, NRFS, NRFM y ANZEN) realiza contrataciones con base al cumplimiento del perfil de puesto en