Stratascale Associate Security Analyst - Attack Surface

The Security Analyst – Attack Surface is a critical role within Stratascale’s Attack Surface Control (ASC) team who will assist in leading and supporting the development and delivery of a diverse range of attack surface management consulting, threat profiling, and operational service programs to a portfolio of our clients. This role will work with Stratascale’s offensive security team closely to develop attack path’s that will be performed against client’s environment as well as advise the offensive security team of any new findings discovered within the Attack Surface Control (ASC) team. 

This position will report to Charlotte, NC on a hybrid work schedule as determined by Stratascale management.

Stratascale, an SHI company, brings together the benefits of 31 years' experience delivering the very best technologies with a fresh consultative approach to designing, delivering and supporting the technology our customers need to transform their business. We call it Digital Agility.

 To learn more about Stratascale visit our website: https://stratascale.com/ 

Includes, but not limited to: 

• Consult and document attack surface, threats, and vulnerability improvements based on team’s overall assessment of client’s data. 
• Assist in performing full assessment and threat modeling against industry best practices to identify control weaknesses and assess the effectiveness of existing controls. 
• Assist performing root cause analysis on identified vulnerabilities and attack surface weaknesses to determine technical solutions to be presented to client along with recommendations for remediations. 
• Collaborate with client’s security teams to understand mitigation or resolutions for findings discovered by the analyst. 
• Review Threat Intelligence for specific threat vectors that align with client's industry or potentially impacted by to utilize in attack path modeling. 
• Engage with Stratascale Offensive Team to develop attack paths for clients. 
• Assist in defining, measuring, and quantifying business risk and vulnerability impacts to clients their stakeholders. 
• Provide mentorship and guidance to junior team members while assisting them in learning the overall processes. 

• 1+ years' experience of vulnerability management, offensive security processes, and cybersecurity operations. 
• 1+ years' experience working with offensive security tools including Nessus, BURP, Kali, Wireshark, NMap, etc. 
• 1+ years' experience with databases and CSV files to query, analyze, and identify ways to improve various management related functions and processes 
• 1+ years' experience of general Cybersecurity concepts and methods, including vulnerability management, application security, incident response, governance, risk or compliance, or security architecture 

• Demonstrate a real passion for team technology solutions design and delivery 
• Outstanding written and verbal communication and strong ability to build relationships with customers, partners and staff members 
• Proactive and self-motivated mindset  
• Ability to work effectively, add value as a team member  
• Ability to train and disseminate information within an area or operation and work effectively within all levels of an organization, both internally and externally 
• Entrepreneurial mindset with ability to identify value in unstructured situations 
• Attention to detail, organization, and follow up skills are critical 
• Ability and Initiative to research and resolve problems with a positive attitude Excellent presentation skills and comfortable leading meetings and discussions 
• Ability to develop and manage mentoring relationship by building trust, setting goals, respecting employees, promoting confidence and keeping the mentoring relationship on track 
• Ability to clearly define roles and responsibilities, establish short-and long- term goals, use open and supportive communication, and collaboratively solving problems  

Certifications below are preferred but not required 

• Industry certifications: 
  • CIAM  
  • CISM / CISA / CRISC 
  • GIAC (GSEC) 
  • TCSM / OSPC 
• Vendor Solutions and product specific certifications or experience (or equivalent):  
  • Splunk/Securonix/Sumo Logic/Exabeam/Sentinel/QRadar 
  • Crowdstrike/Sentinel One/Carbon Black/Tanium 
  • XSOAR (PAN)/Phantom(Splunk)/Swimlane/Torq 
  • MDR/MSSP security engineering experience 

• Attend virtual customer meetings when appropriate 
• Travel to customer sites, partner sites, conferences and SHI offices up to 20% annually 
• Candidate will need to have access to an international airport  

• The estimated annual pay range for this position is $60,000 - $90,000 which includes a base salary and bonus. The compensation for this position is dependent on job-related knowledge, skills, experience, and market location and, therefore, will vary from individual to individual. Benefits may include, but are not limited to, medical, vision, dental, 401K, and flexible spending.
• Equal Employment Opportunity – M/F/Disability/Protected Veteran Status