Position Description
Established in 2005 and based in Charlotte, North Carolina, Snap One is a manufacturer and exclusive source of A/V, security, control, networking, and remote management products for professional integrators. An industry leader in the pro-install channel, Snap One helps integrators build their businesses by providing a wide range of high-quality products, easily accessible through an intuitive website and backed by award-winning service and support. With a vast catalogue of today’s most popular brands, Snap One is the premier choice for professional installers across the globe. With 28 pro stores in the US, Snap One blends the benefits of ecommerce with the convenience of local stores. Additional information about Snap One and its products can be found at www.snapone.com.
We are looking for an effective problem solver and an integrator of people, processes and technology serving as a Cyber Security Analyst. In this role, you will be responsible for improving the corporate and product security risk posture through active engagement with IT, engineering, and application owners. The successful candidate will be responsible for cybersecurity reviews, vulnerability management, security awareness, IT and product security assessments, and incident response handling.
Specific Responsibilities
- Organize and maintain the cybersecurity risk portfolio within Snap One’s risk management system
- Identify, classify and categorize assets from a Cybersecurity perspective and actively work on security controls implementation Work directly with the application, product, and data owners to drive mitigation of known risk
- Implement risk ratings, models, and hierarchies to identify the impact, severity, and overall risk of vulnerabilities
- Review red teaming results with key stakeholders providing scoring to prioritize remediation efforts.
- Conduct security awareness training, tabletop exercises and focused training sessions.
- Maintains Information Security policies, standards, procedures, technical security baselines as applicable
- Regularly contribute to management reports covering information security risk treatment, mitigation, and risk metrics.
- Evaluate third-party risks resulting from the company’s engagement or use of partners, vendors, suppliers, and technology or data-related products.
- Advise and consult with team and stakeholders in the following control areas is required: authentication, authorization, access controls (network and user), secure transmission and storage, encryption/key management, segmentation and network zoning, data flows, third party access, and connectivity and functional purpose
- Familiarity with classes of vulnerabilities and appropriate remediation of industry-standard classification schemes (CVE, CVSS, CPE)
- In-depth and up-to-date understanding of the threat landscape and the techniques to defend against them – including tactics, techniques, and procedures.
Required Qualifications
- Qualified candidates possess a Bachelor’s Degree in Computer Science, Information Security, or equivalent work experience
- Minimum 2 years of work experience in technical security architecture and design
- Strong understanding of industry frameworks and best practices (ex. NIST, ISO, OWASP, CIS, etc.)
- Working knowledge of cloud security concepts and professional hands-on experience documenting and implementing security controls of the same
- A functional understanding of network, application, and platform security tools and concepts
- Understanding of application, system, and security threats, attack techniques, and mitigating controls
- Experience with assessment, implementation, optimization, and documentation of a broad set of security technologies and processes such as data protection, cryptography, key management, identity and access management, systems security, network security within IaaS, PaaS and SaaS environments, and CI/CD pipeline tooling and deployments
- Detailed understanding of network design, security protocols, and cloud integration security, with excellent analytical and problem-solving skills.
- Understanding of project management skills, including design review, threat modeling, and risk profiling while working across a large, distributed organization. Must apply the knowledge to a diverse IT community to include policy, regulations, and compliance requirements.
- Must be team-oriented with proven skills in influencing people without direct management authority and motivating them to mitigate risk within required timelines successfully.
- Excellent communication skills, including both verbal and written
- Consistently demonstrates quality and effectiveness in work documentation and organization
- The ideal candidate must be able to convey complex security issues and risks while maintaining a positive relationship with key stakeholders
- Cyber Security certification (CompTIA Security+, CEH..ETC) will be considered as an asset
- Experience driving measurable improvement in monitoring and response capabilities at scale.