Cyber Risk Analyst

Job Description

We are looking for a Cyber Risk Analyst to conduct vulnerability scanning on enterprise assets and report discovered vulnerabilities. The successful candidate will monitor and review vulnerability and compliance scan results, tracking remediation against service objectives. They will also assist senior-level team members in developing risk-based remediation plans with proposed solutions for identified vulnerabilities. The Cyber Risk Analyst will stay informed about the threat landscape to prioritize vulnerabilities and adapt security measures accordingly. This role requires continuous, self-driven learning to stay updated on trends, strategies, and technologies in the Vulnerability Management space, along with maintaining strong working relationships and credibility amongst groups within the Sophos Managed Services organization.

Qualifications

1. 1+ years of experience in conducting vulnerability assessments and attack surface management, preferably in both IT and OT (Operational Technology) environments. 2. Must be able to thrive within a team environment as well as independently. 3. Entry-level understanding of Vulnerability Management practices and risk analytics/modeling. 4. Proficient in utilizing vulnerability scanning tools, e.g., Nessus/Tenable. 5. Experience in tracking trends and configuring systems to minimize false positives and focus on true events. 6. Exceptional writing, documentation, and presentation skills to effectively communicate findings to customers/stakeholders. 7. Ability to prioritize impactful vulnerabilities and minimize noise often associated with vulnerability tools. 8. Understanding of network-based, system-level, cloud, and application-layer attacks and their mitigation methods. 9. Understanding of vulnerability classification and scoring methodologies (CVSS, CVE, CWE) and fundamental grasp of risk vs severity. 10. Willingness to work outside of standard business hours including weekends and holidays, as the Sophos Managed Risk service operates 24X7X365. 11. Skilled in managing time independently while juggling multiple projects concurrently in a fast-paced environment. 12. Excellent customer service skills. 13. A degree in one or more of the following fields: Cybersecurity, Information Technology, Computer Science, or related fields.

Benefits

- Sophos operates a remote-first working model. - Our people – we innovate and create, all of which are accompanied by a great sense of fun and team spirit. - Employee-led diversity and inclusion networks that build community and provide education and advocacy. - Annual charity and fundraising initiatives and volunteer days for employees to support local communities. - Global employee sustainability initiatives to reduce our environmental footprint. - Global fitness and trivia competitions to keep our bodies and minds sharp. - Global wellbeing days for employees to relax and recharge. - Monthly wellbeing webinars and training to support employee health and wellbeing.