Internal Security Specialist

BitSight

BitSight

United States · Remote
Posted on Aug 3, 2023

Bitsight is a cyber risk management leader transforming how companies manage exposure, performance, and risk for themselves and their third parties. Companies rely on Bitsight to prioritize their cybersecurity investments, build greater trust within their ecosystem, and reduce their chances of financial loss.
Built on over a decade of technological innovation, its integrated solutions deliver value across enterprise security performance, digital supply chains, cyber insurance, and data analysis.

  • We invented the cyber ratings industry in 2011
  • Over 3000 customers trust Bitsight
  • Over 750 teammates are dispersed throughout Boston, Raleigh, New York, Lisbon, Singapore, Argentina, and remote

Bitsight is looking for a highly experienced Security Specialist to join our growing Internal Security team. We pride ourselves in building exceptional career opportunities and offering outstanding benefits to our team. We have the enthusiasm of a start-up but the structure and solidity of a mature industry leader.

We are seeking a talented practitioner to help scale the organization's rapidly growing security capabilities and continue to evolve our protections. This role belongs to a team with many interdisciplinary skills from penetration testing to Incident response and threat hunting. You will have the flexibility to help drive the overall security strategy and be a subject matter expert with class leading security platforms. You would help define proactive and preventative security measures to keep BitSight and its employees' data safe.

Required Skills/Experience:

  • Minimum 7+ years in dedicated information security roles

  • 2+ years Enterprise Penetration Testing in Cloud and Zero Trust style environments

  • General Internet architecture and common network protocols

  • TLS/SSL and PKI cryptography

  • Multi-Cloud environments, architectures, and related security technologies/vendors

  • Strong understanding of Security Incident Handling or Response (SOC, DFIR, or Threat hunting)

  • Strong understanding of least access principles

  • Strong understanding of defense-in-depth methodology

  • Strong understanding of TCP/IP networking
    Strong understanding of common authentication protocols and procedures

  • Excellent verbal and written communication skills for multiple audiences (technical, non-technical, and senior executive leadership)

  • Comfortable both in team settings and as a strong autonomous individual contributor

  • has desire to learn, teach, and mentor

Desired Skills/Experience:

  • Detection Engineering (Suricata, Yara, Sigma, etc.)

  • Familiarity with threat hunting, common adversarial tools, tactics, and procedures (TTPs)

  • Container security technologies

  • Infrastructure-as-code

  • Common revision control and CI/CD pipeline tools and procedures

  • Experience with a broad array of security assessments:

    • red teaming

    • web application testing and fuzzing

    • Physical security testing

    • Wireless security and signal testing

    • source code analysis

    • Social engineering lure and payload development

  • Experience with peta-scale data sets

  • Common Audit Standards and Controls Frameworks (SOC2, CIS, NIST 800 series, ISO 27001, NIST CSF)

  • Moderate understanding of web application or RESTful API development

  • Moderate understanding of Operating System Design, Hardening, and Exploit mitigation features

  • Python and an eye for the automation of tedious repetitive tasks

Preferred Certifications:

  • AWS/Google/Azure Cloud Security Certifications

  • SANS GCIA/GCIH/GCFA/GCTI, GPEN/GXPN, GWAPT

  • Offensive Security OSCP/OSCE

  • CSA: CCSK

  • ISC2: CCSP, CISSP, CISA

Diversity. Bitsight is proud to be an equal opportunity employer. This means we do not tolerate discrimination of any kind and are committed to providing equal employment opportunities regardless of your gender identity, race, nationality, religion, sexual orientation, status as a protected veteran, or status as an individual with a disability.

Culture. We put our people first. Bitsight offers best in class benefits. We devote the same energy to nurturing our company's inclusive culture as we apply to serving our customers' needs. Working at Bitsight will give you the opportunity to fulfill your professional goals and expand your skills.

Open-minded. If you got to this point, we hope you’re feeling excited about the job description you just read. Even if you don’t feel that you meet every single requirement, we still encourage you to apply. We’re eager to meet people that believe in Bitsight’s mission and can contribute to our team in a variety of ways.

Additional Information for United States of America Applicants:

Bitsight also provides reasonable accommodations to qualified individuals with disabilities or based on a sincerely held religious belief in accordance with applicable laws. If you need to inquire about a reasonable accommodation, or need assistance with completing the application process, please email . This contact information is for accommodation requests only, and cannot be used to inquire about the status of applications.

Qualified applicants with criminal histories will be considered for employment consistent with applicable law.

This position may be considered a promotional opportunity pursuant to the Colorado Equal Pay for Equal Work Act.