Description
Senior Cybersecurity Analyst, London
Global Cyber Security Office - The Global CSO's mission is to mitigate cyber security risk by actively working with the CBRE business, Digital & Technology and other partner organizations (Compliance, Risk Mgmt., Audit, & Legal) to seamlessly integrate security processes, tools, and people into the business culture providing a holistic security ecosystem, driving continuous improvements and seamless protection / monitoring capabilities globally.
The Cybersecurity team is globally responsible for tracking security weaknesses and improvement as well as helping the company apply higher security standards. Presentation, interpretation and prioritization of the data are key for targeting improvement efforts.
Key Responsibilities
• Lead the review of security vulnerabilities across a variety of technologies and environments to determine high risk vulnerabilities related to business assets
• Help lead meetings with business partners to ensure remediation efforts adhere to corporate standards and policies
• Perform comprehensive vulnerability assessments and continuous monitoring across the organization
• Maintaining familiarity with industry trends and security best practices as well as contributing to the information security team's continuous improvement efforts
• Identify attack surface reduction opportunities via vulnerability data analysis, trends, and asset metadata review
• Work with other organizations such as Governance and Infrastructure to report on program status and coordinate risk tracking
• Produce visualizations of data to monitor developing trends/patterns and highlight areas of potential improvement
• Validates the vulnerabilities identified against the NIST Framework, National Vulnerability Database, MITRE ATT&CK and Security Best Practice standards such as CIS Benchmarks and vendor hardening standards
• Develop deliverable timelines and provide updates at regular cadence to the overall completeness of project efforts
• Manage the entire lifecycle of vulnerabilities from discovery, triage, advising, remediation, and validation
• Help identify and create metrics and KPIs (Key Performance Indicators) that could be tracked to measure the operational efficiency and engineer the respective remediation
• Create and maintain documentation of implemented solutions/systems including standard operating procedures
• Manage vulnerability related tickets to ensure issues are remediated within proper timelines
• Manage the onboarding of penetration tests, track to completion, and create metrics to demonstrate progress and maturity
• Experience preparing vulnerability data and reports for both technical and executive audiences
• Producing executive metrics and aging reports for managing an effective Vulnerability Management program
Required Knowledge and Skills:
• Advanced knowledge of the OSI model and security that is associated with each layer
• Experience in information security domain (vulnerability management and technical security standards compliance monitoring programs)
• Strong working knowledge of Linux/Unix and Windows operating systems
• Expert experience with vulnerability assessment solutions
• Strong technical understanding of CVSS, OWASP Top 10 and vulnerability exploitability ratings
• Thorough understanding of TCP, UDP, HTTP, IP, and other network protocols
• Understanding of how to triage vulnerabilities and validate tool findings before reporting them or taking action
• Advanced technical writing
• Proactive go getter attitude to solve challenging problems
• Stays up to date with current vulnerabilities and vulnerability related news
• High level IT security processes
• Extensive working experience with cloud technologies and tools such as AWS and Azure
• Think positively when faced with obstacles, build on other ideas, think logically and intuitively
• Ability to use manual tools to re-create and evaluate vulnerabilities
Qualifications and Education:
• One or more security related certifications, such as CISSP, OSCP, and GIAC is highly desired
• IT infrastructure experience or equivalent skills
• Recent operational security experience
• Experience working in AWS and Azure cloud environments
• Experience with external scorecard platforms (Bitsight, RiskRecon, etc.) is preferred
Educational Requirements
- Bachelors Degree