Vacancy expired!
Description: What will I be doing?We seek a candidate who has the technical expertise and communication skills to work closely with other teams at Client, such as infrastructure, cloud, external contractors, field-level IT resources, and risk management teams, as well as unaffiliated security researchers who participate in the Client Bug Bounty Program (BBP).As a Senior Cyber Security Analyst on the SecPEN team, your primary responsibilities will include assisting developers with remediating vulnerabilities discovered from security testing, triaging findings that are submitted to the Client BBP, as well as developing Client BBP KPI reports for senior management.
What are we looking for?Responsibilities:Track the lifecycle of bug bounty reports submitted through the Client Bug Bounty Program (BBP) assuring that program SLAs are met.Triage security vulnerabilities that are disclosed through the Client BBP.Facilitate communications as needed between the BBP and Client's various engineering teams, development teams, and finders.Collaborate with Client's Risk and Incident Response teams as needed to facilitate the management of reported security vulnerabilities.Schedule and assist with penetration and remediation testing for a wide variety of Client assets.Process and track all bug bounty payments to researchers and provide monthly expenditures.Analyze the data produced by Client's Bug Bounty Program using to surface trends and other insights which can be utilized to positively affect Client's security.Assist with the development of internal tooling to benefit the penetration testing and BBP programs.We believe that success in this role will demonstrate itself through the following attributes and skills:Experience in Bug Bounty Management and experience working with shifting timelines and priorities is preferred.Strong oral and written communication skills with demonstrated experience presenting to various internal and external groups.Work effectively in situations involving uncertainty or lack of information, respond favorably to change, and react decisively in an unstructured environment.Demonstrated hands-on experience with penetration testing tools, such as Burp Suite or MetasploitDeep understanding of common application security issues, such as Cross-Site Scripting (XSS) and Server-Side Request Forgery (SSRF)To fulfill this role successfully, you should demonstrate the following minimum qualifications:At least three (3) years of experience in Technology or a related fieldAt least one (1) year of experience in a Cybersecurity-related roleIt would be helpful in this position for you to demonstrate the following capabilities and distinctions:Bachelor's Degree, or Associate's Degree plus five (5+) years of Technology related experience, or High School Degree/GED plus ten (10+) years of Technology related experienceExperience programming in one or more of the following languages: Python, C#, JavaScript, TypeScriptFamiliarity with one or more of the following technologies: Node.js, React, Express, GraphQL, IIS, Flask, ASP.NET, Active Directory (AD)Understanding of fundamental networking related concepts, such as the OSI model, subnetting, etc.Relevant cybersecurity certifications (e.g., OSCP, CEH)Prior security experience in a Fortune 500 or Hospitality environment Equal Opportunity Employer: Eclaro values diversity and does not discriminate based on Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other legally protected group status.