Exposure Management Analyst

Position Overview:

Our Client is seeking a passionate and experienced Exposure Management Analyst to join our Cybersecurity organization. This is a technical, hands-on role that requires the ability to assess exposures, analyze risks, and advise strategies to mitigate exposure. This role will support day-to-day continuous threat and exposure management operations focused on identifying and escalating exposed risks. Work outputs will support implementation of security technologies and controls to improve defensive posture, implementation of processes in support of investigations, and development of detection capabilities.

Qualifications:

· Bachelor’s degree in computer science, technology, engineering or security-related field or equivalent experience

· Minimum 5 years IT or security experience

· Demonstrated expertise in supporting vulnerability and patch management programs, enhancing application security, and conducting thorough analyses of potential exposures

· Experience working with vulnerability scanning, attack surface management, and cloud security posture management tools

· Understanding of OWASP common vulnerabilities and testing methodologies

· Understanding of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, code injection, race conditions, covert channel, replay, return-oriented attacks)

· Understanding and familiarity with different operating systems (e.g., Windows and LINUX/UNIX systems)

· Knowledge of IT security / hardening best practices; including but not limited to operating systems, web applications, and network devices.

· Experience building interactive dashboards and reports in PowerBI to visualize security metrics and exposure management data, including remediation progress, risk exposure, etc.

· Proficient in Microsoft Excel, including advanced functions such as PivotTables, VLOOKUP, and data analysis tools to organize, summarize, and interpret complex datasets.

· Experience using a SIEM to run search queries, perform log analysis, and build dashboards to monitor potential exposures

· Ability to effectively organize tasks, manage multiple priorities/details, meet schedules, and deliver on commitments

· Ability to thrive in a fast-paced environment, demonstrating adaptability and flexibility in response to changing priorities and emerging threats.

· Experience driving discussions and consensus across a broad group of stakeholders and cross functional teams regarding patching, security recommendations, and mitigations strategies

· Strong verbal and written communication skills, with the ability to work independently and collaboratively within a team. Proven experience interacting with both technical and non-technical stakeholders.

Job Responsibilities:

· Support day-to-day operations of the exposure management program, including data review, report processing, and trend analysis. Track remediation of identified risks and mitigation strategies and escalate findings to key stakeholders.

· Ability to analyze potential security risks and determine applicability to our environment

· Execute emergency vulnerability workflows and procedures

· Stay informed about publicly disclosed vulnerabilities (CVEs) and potential vulnerabilities (rumors, blogs, partial public analysis).

· Map vulnerability assessment results to asset inventory and key stakeholders. Calculate prioritization based on risk assessment.

· Identify and recommend appropriate compensating controls to manage and remediate vulnerability risk with the focus on reducing potential impacts

· Support development of vulnerability metrics and remediation-related dashboards and reports

· Understand enterprise policies and advise policies and technical standards with specific regard to vulnerability management, scanning procedures and secure configuration

· Coordinate with key business partners to understand, prioritize, and coordinate vulnerability remediation activities

· Collaborate with peers from across the organization and maintain excellent working relationships with key partners across Technology Organization functions and business partners

· Understand business requirements and work with business partners to define appropriate solutions, meeting both security mandates and business needs

· Demonstrates strong critical thinking and curiosity, essential for effectively analyzing and addressing security threats and vulnerabilities.

· Demonstrate company values of Safety First, Unquestionable Trust, Superior Performance, and Total Commitment

Job Requirements:

· Required to submit to a thorough background examination

· Ability to understand business requirements and present appropriate solutions

· Ability to work independently or within a team

· Ability to effectively organize tasks, manage multiple priorities/details, meet schedules, and deliver on commitments

· Solid verbal and written communication skills

· Demonstrated critical, independent thinking; demonstrated ability to conceive and present creative solutions

· Must pass NERC CIP & Insider Threat Protection background checks

· One or more relevant industry certifications (i.e., GSEC, CISSP, CISA)

· Occasional travel to local and regional locations in pursuit of job duties and requirements