We're looking for someone with information security education, at least limited experience working on information security issues (6 months to 3 years), and a demonstrated passion for the security discipline. Other requirements:
- Ability to apply a risk management lens to complicated technical issues, and make recommendations about how to reduce risk.
- Intellectual curiosity about cyber security issues. You read cyber and technical blogs and websites to stay current on industry trends and emerging risks.
- Flexibility. The duties of this role will likely evolve based on the interests and capacity of the individual hired.
- Understanding of a broad range of security technologies and how they work, but not necessarily all of the details.
- Strong written and verbal communication skills. Ability to communicate technical topics to non-technical audiences.
- Problem solving skills. You don't give up. You find a way.
Experience in one or some of the following areas is preferred but not required:
- Log collection and analysis.
- Investigating cyber incidents.
- Operating and trouble-shooting security tools (SIEM, endpoint agents, CASB, etc.).
- Conducting third-party risk assessments.
- Vulnerability and patch management.
- Threat intelligence and risk assessment.
- Functional knowledge of at least one scripting language.