Information Security Assurance Analyst Lead
Company: Crane Co.
Posted on: November 23, 2022
Position : Lead Global Information Security Assurance Analyst
Date: June, 2022
Location: US Required, Remote Department: Global Information
Reports To : Manager , Global Information Security
Do you have a passion for leading, developing and growing others?
Do you enjoy the challenges of doing effective vulnerability
management at scale? Do you enjoy testing, breaking, validating
security solutions, configurations and tooling? Have you always
wanted to make a real impact on securing an organization and seeing
your efforts result in effective delivery of security operations at
scale? We have an exciting opportunity leading in our Security
We are looking for Information Security Assurance Analyst
professionals like you to join our Team. The ideal candidate will
have a solid proficiency in penetration testing methodologies and
platforms, scripting and programming used for security testing, and
have had broad exposure to application and systems testing and
vulnerability assessments programs. You know how to be an effective
purple-teamer, and have worked to improve defensive capabilities,
detections and processes with great success.
In this role, the successful candidate will work closely with other
Global Information Security team members, both in operations and in
incident response to test our defenses, assist with planning
exercises, and guide the overall approach to mitigating risk and
closing security gaps.
You will be providing key contextual value to the business through
identifying risks and threats in a diverse and interesting
technology ecosystem. You will have exposure to best-of-breed
security solutions and work closely within the broader Global
Information Security team. You will help bring context and
criticality to drive action to shore up defenses and help define
future vision for providing holistic security to a global
You will maintain, improve and deploy solutions supporting the
assurance function, and partner with our SOC and incident
responders to "up everyone's game", from detective controls, to
process enhancements. You will work closely with our vendors to
drive the best outcomes and help ensure our needs our met.
You will help to prioritize the work of others on the assurance
team and mentor those individuals, teaching and developing them
into top-notch assurance analysts.
In this role, you will help define what secure looks like for a
global organization. Providing a critical feedback loop into
security strategy and vision, you are helping to shape the future
of technology, securely.
Responsibilities and Duties:
* Lead and advance all aspects of the Security Assurance
* Perform network and security reviews on various enterprise
systems and applications and work with security and technology
teams to ensure effective controls over security of data in various
* Evaluate the security posture of systems and security processes
to uncover vulnerabilities and potential exploitation vectors.
* Scope, lead, and participate and support sustaining vulnerability
* Ensure vulnerability operations and the timely escalation and
remediation of emerging threats.
* Document and facilitate simulations and tabletop exercises for
current and emerging threats.
* Support external penetration tests and other compliance
* Exploit suspected software and hardware vulnerabilities and
networks supporting internal testing.
* Plan and develop penetration methods, scripts and tests.
* Define testing scenarios and run tests in coordination with SOC
and IR team members.
* Decipher and implement common attack frameworks like Mitre into a
program of continuous improvement.
* Create reports and remediation recommendation from findings.
* Presenting findings and risks to both technical and non-technical
* Provide business and data Intelligence supporting threat
* Work closely with business and technology managers to fix
processes/procedures to protect systems.
* Engage with vendors and 3rd parties in the development and
execution of security testing.
* Effectively participate in data governance and risk compliance
* Raise incidents involving the potential for data loss or threats
operations or other important business areas.
* Develop and maintain reporting and metrics to support program
Qualifications and Competencies:
* Proven results performing enterprise penetration testing &
application security testing.
* Demonstratable proficiencies performing security assessments
using common open-source solutions.
* Adept in using PowerShell, Perl, Ruby and other similar languages
to support penetration testing activities.
* Strong experience in navigating vulnerability management, both
from and risk and a compliance perspective.
* Vulnerability operations, including scoping, integrating,
scheduling and delivering remediation guidance.
* Foundational level of knowledge and experience with administering
enterprise-level Information Technology systems
including networks, virtualization, cloud, operating systems,
email, storage, databases, etc.
* Ability to work both independently and as part of a small,
* Flexibility to work outside regularly scheduled/normal business
hours as required.
* Commitment to security training and earning corresponding
* Disciplined, highly motivated and self-directed, with a focus on
* Excellent verbal and written communication skills .
* Passion for solving complex problems.
* Ability to prioritize, schedule and track to deadlines.
* Required: At least 5 years relevant professional experience.
* Desired: Degree in a related field.
* Desired: Technical professional security certification such as
GEVA, GPEN, GXPN, GPYC, GDAT or similar
* Crane Co. is an Equal Opportunity Employer. Qualified applicants
will receive consideration for employment without regard to race,
color, religion, sex, age, disability, military status, or national
origin or any other characteristic protected under applicable
federal, state, or local law.
Keywords: Crane Co., Stamford , Information Security Assurance Analyst Lead, Professions , Stamford, Connecticut
Didn't find what you're looking for? Search again!