Crunchbase

Assurance Analyst Lead (Remote or Onsite)

Crunchbase$90K — $120K *
US-AnywhereRemote in Stamford, CT
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • Minimum 5 years of work experience in penetration testing & application security testing
  • Strong understanding of Linux and Windows administration
  • Experience using common offensive security tools like Metasploit, Nmap, and Burpsuite
  • Proficiency in programming languages for testing solutions, such as PowerShell, Python, and Ruby
  • Ability to work independently and in small teams
  • Excellent verbal and written communication skills
  • Desired: Technical professional security certification such as OSCP or GPEN

Responsibilities

  • Perform security reviews of systems and applications to ensure security controls are applied effectively
  • Evaluate systems to identify vulnerabilities and exploitation vectors
  • Support and participate in the vulnerability management process
  • Manage projects and hold teams accountable
  • Conduct safe exploitation of vulnerabilities to determine business impact
  • Plan and develop penetration testing methodologies and schedules
  • Create reports with findings and remediation recommendations

Benefits

  • Collaborative work environment with global security teams
  • Opportunity to impact the company’s security posture significantly
  • Engagement in both offensive operations and collaborative testing scenarios
  • Involvement in continuous learning and professional development
  • Exposure to cutting-edge security technologies and processes
Full Job Description
This role involves supporting the company's global information security program through exploitative testing for context-based risk analysis. The ideal candidate will possess proficiency in penetration testing methodologies and platforms, scripting and programming used for security testing, attacker tradecraft, and a strong understanding of system and network administration. Prior experience in offensive security is required.

In this role, the successful candidate will collaborate closely with other Global Information Security team members, both in offensive operations and collaborative purple-team scenarios involving the SOC. This collaboration will involve testing the company's defenses, assisting in planning exercises, and guiding the overall approach to mitigating risk and addressing security gaps.

Responsibilities and Duties:
  • Perform security reviews of enterprise systems, applications, and networks in coordination with local technology and security teams to ensure effective application of security controls
  • Evaluate systems and security processes to identify vulnerabilities, misconfigurations, and exploitation vectors
  • Participate in and support vulnerability management processes
  • Manage projects, holding teams and team members accountable
  • Conduct production-safe exploitation of suspected software and hardware vulnerabilities to demonstrate business impact
  • Perform periodic network traffic analysis
  • Plan and develop penetration test methodologies, automations, and schedules
  • Create reports and remediation recommendations based on findings
  • Present findings and risks to both technical and non-technical audiences
  • Provide business and data intelligence to support threat analysis
  • Consume and triage cyber threat intelligence to provide current industry-related risk context
  • Collaborate with business and technology managers to improve data protection processes and procedures
  • Engage with vendors and third parties in security testing development and execution
  • Manage and review attack surface, assigning and delegating remediation actions to the Business
  • Participate effectively in data governance and risk compliance planning
  • Raise incidents involving potential data loss or threats to data
  • Report and provide metrics to support program objectives


Qualifications and Competencies:
  • Minimum 5 years of work experience in penetration testing & application security testing
  • Strong understanding of Linux and Windows administration
  • Experience in performing security assessments using common offensive security tools such as: Metasploit, NetExec, Impacket, Nmap, Burpsuite, Pretender, etc.
  • Knowledge of command-and-control technologies and overlay networking
  • Experience in crafting spear-phishing playbooks and initial access packages
  • Proficiency in PowerShell, Perl, Ruby, Python, Go, Rust, Java, or other language(s) to create penetration testing solutions
  • Foundational knowledge of, and experience with, administering enterprise-level Information Technology systems including networks, virtualization, cloud, operating systems, Active Directory, etc.
  • Experience with Attack Surface Management tools and processes
  • Ability to work both independently and as part of a small, distributed team
  • Experience in Breach/Attack simulations and tabletop exercises
  • Flexibility to work outside regularly scheduled/normal business hours as required
  • Commitment to security training and earning corresponding certifications
  • Highly motivated and self-directed
  • Excellent verbal and written communication skills
  • Passion for solving complex problems and a drive for continuous learning
  • Ability to prioritize, schedule and track to deadlines
  • Required: Degree in a related field or at least 5 years relevant professional experience
  • Desired: Technical professional security certification such as OSCP, GPEN, or similar
  • US Person as defined under EAR PART 772 AND ITAR 120.15


This description has been designed to indicate the general nature and level of work being performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job.

About Crunchbase

Crunchbase is a company providing business information about private and public companies. Their content includes investment and funding information, founding members and individuals in leadership positions, mergers and acquisitions, news, and industry trends.
Learn more about Crunchbase
Industry
Founded
2007

Similar Jobs

More Jobs at Crunchbase

More Information Technology Jobs

Find similar Assurance Analyst Lead (Remote or Onsite) jobs: