As a Cybersecurity Analyst for Victory Live, you will play a critical role in safeguarding the organization s cloud and on-premises infrastructure. You will be responsible for monitoring, detecting, analyzing, and responding to cybersecurity threats and vulnerabilities using advanced security tools and platforms such as Proofpoint, CrowdStrike, AWS, Azure Cloud, Uptycs, Obsidian, and other security technologies. This role requires expertise in vulnerability management, threat detection, security incident response, and cloud security. You will work closely with IT teams, threat hunters, and other stakeholders to ensure the organizations security posture remains resilient against evolving cyber threats.
THE PLAN
1. Threat Detection & Response:
o Monitor security tools (e.g., CrowdStrike, Uptycs) for potential threats, malware, and other malicious activities.
o Investigate security incidents and respond to detected threats using endpoint detection and response (EDR) tools such as CrowdStrike.
o Collaborate with incident response teams to mitigate threats and vulnerabilities promptly
o Participation in on-call rotation
Cloud Security:
o Manage and monitor cloud infrastructure security in AWS and Azure environments.
o Implement and maintain security controls across cloud platforms, ensuring compliance with organizational policies.
o Monitor cloud environments for anomalies, misconfigurations, and threats using tools like Obsidian for SaaS security.
Email Security:
o Manage and optimize email security systems, specifically Proofpoint, to detect and block phishing, spam, and email-based threats.
o Respond to email security alerts and perform in-depth investigations on suspicious email activities.
Vulnerability Management & Scanning:
o Perform vulnerability scanning using appropriate tools, identify security vulnerabilities in systems, and assist in remediation efforts.
o Track and report on vulnerability management processes and ensure that vulnerabilities are mitigated or patched according to the organization s security policies.
o Conduct regular penetration testing to assess the security of applications and networks.
Security Monitoring & Analysis:
o Use SIEM (Security Information and Event Management) systems to analyze security events, logs, and alerts.
o Correlating threat intelligence feeds internal data to detect advanced threats.
o Perform regular analysis and reporting on security incidents, including root cause analysis.
Compliance & Risk Management:
o Ensure compliance with industry standards and frameworks such as ISO 27001, NIST, SOC 2, and other applicable regulations.
o Assist in audits and ensure that security policies and procedures are followed.
o Conduct risk assessments to evaluate the organization s exposure to cybersecurity risks.
Security Best Practices & Training:
o Assist in developing and maintaining security policies, procedures, and best practices.
o Provide security awareness training to employees, focusing on phishing, malware detection, and cloud security practices.
Requirements
Experience & Education:
o Bachelor s degree in computer science, Information Security, or a related field (or equivalent work experience).
o Relevant security certifications such as CISSP, CEH, CISM, CompTIA Security+, or equivalent are preferred.
o 5+ years of experience in cybersecurity or security operations.
o Proven experience in working with security tools (Proofpoint, CrowdStrike, AWS/Azure security tools, Uptycs, etc.).
o Strong knowledge of cloud security frameworks, vulnerability management, and incident response.
o Experience with regulatory compliance and security frameworks (e.g., NIST, SOC 2, ISO 27001).
o Strong analytical skills to detect and investigate security incidents.
o Knowledge of networking, operating systems (Linux, Windows), and security protocols.
o Experience in cloud infrastructure security for AWS and Azure environments.
o Familiarity with scripting languages (e.g., Python, PowerShell) is a plus.
o Excellent communication skills, with the ability to work across teams and explain security issues to non-technical stakeholders.
