Cyber Threat Analyst

Technical Cyber Threat Analyst - Programming experience - Remote - Romania

We are seeking a detail-oriented professional with a strong computer science background to join our clients dynamic team in an Cyber Threat Analysis role. You will play a crucial part in ensuring the security and compliance of our clients systems by developing and implementing robust hardening solutions.

Role Overview:

In this role, you will be responsible for developing scripts to verify systems are in alignment with industry best practices and standards such as CIS (Center for Internet Security) Benchmarks and SecPod’s OVAL (Open Vulnerability and Assessment Language) specifications. Your primary focus will be developing CIS benchmark scripts, as well as verifying vulnerability mitigations related to CVE (Common Vulnerabilities and Exposures).

Key Responsibilities:

• OS Hardening Script Development: Develop and maintain scripts to automate OS hardening tasks based on the CIS Benchmarks for various platforms (e.g., Linux, Windows).
• OVAL Policy Package Verification: Validate pre-built OVAL policy packages that are used to assess system configurations and verify compliance with industry standards (e.g., CIS Benchmarks, DISA STIGs). Ensure definitions are accurate and properly check system settings and configurations for security compliance.
• Documentation and Reporting: Maintain clear, detailed documentation on the policies and definitions being validated, along with any issues or discrepancies found during the verification process. Provide regular status updates and reports to stakeholders on verification progress.
• Collaboration: Work closely with development teams to ensure comprehensive policy validation. Provide feedback to improve its accuracy and coverage.
• Continuous Improvement: Stay up to date with the latest CIS Benchmarks, OVAL specifications, and security best practices.
• Security Best Practices Compliance: Verify that policies adhere to established security standards, and identify areas where improvements can be made to increase system hardening and vulnerability mitigation.

Required Qualifications:

• Educational Background: Bachelor’s degree in Computer Science, Information Security, or a related field. Equivalent work experience will also be considered.
• Technical Skills: Proficiency in Python, PowerShell, Bash, and Windows Batch for testing and validation purposes.
• Strong understanding of Windows Registry and Linux/Windows OS hardening practices.
• Experience with CIS Benchmarks, DISA STIGs, OVAL, or other security configuration frameworks.
• Knowledge of CVE vulnerabilities and how they are tracked and mitigated.
• Experience: Past programming or development experience (coding or scripting) is required.
• Experience in OS hardening, system security, and configuration management is preferred.
• Familiarity with security compliance tools and automated testing frameworks is a plus.
• Additional Skills & Abilities: Strong analytical and problem-solving skills.
• Ability to test and validate automated security policies, and troubleshoot issues that arise.
• Excellent written and verbal communication skills for documenting issues and reporting to management and stakeholders.
• Ability to work both independently and in a collaborative team environment.