- Evaluate Suppliers’ Security Posture with a Purple Team Mindset
- Identify different existing and non-existing threat intelligence sources within the organization and outside the organization to help identify the security posture of a critical supplier (e.g., threat intelligence feeds, SASE technology data, third party identity data, email reputation data, etc.).
- Work with cross-functional teams to aggregate the data into the third-party risk management platform
Threat Simulation:
- Develop realistic attack scenarios to feed the threat model for a supplier’s security posture.
- Identify vulnerabilities to the customer from the threat model with knowledge of ethical hacking and penetration testing techniques.
Continuous Improvement:
- Stay abreast of the latest cyber threats, vulnerabilities, and industry best practices.
- Propose and implement improvements to security controls based on findings from simulations and assessments.
Security Assessments:
- Conduct security assessments on various systems, applications, and infrastructure components that are related to third party suppliers within the customer’s environment.
Training and Knowledge Sharing:
- Provide training and knowledge sharing sessions to the wider security team.
- Mentor and guide junior team members in understanding advanced cyber threats and defensive strategies related to third party IT risk management.
Required Skills:
- Proven experience in cybersecurity, including penetration testing and ethical hacking.
- Red teaming techniques, tactics, and procedures.
- Third party risk management experience or exposure.
- Vulnerability assessment.
- Hands-on experience with security tools and frameworks.
- Strong understanding of cyber threats, attack vectors, and defensive strategies.
- Proficiency in scripting and programming languages (e.g., Python, PowerShell).
- Excellent communication and collaboration skills.
Preferred Skills:
- Proven experience in cybersecurity, including penetration testing and ethical hacking.
- Hands-on experience with security tools and frameworks.
Preferred Education:
- Bachelor's degree in Computer Science, Information Security, or a related field. Relevant certifications (e.g., CISSP, CEH, OSCP) are a plus.
About Us: Hybrid Pathways is a New England-based IT professional services company that assists mid-to-large enterprises with the implementation of secure IT environments that span on-premises and public cloud platforms. Be a part of a fast-paced, growing organization focused on doing great projects for great people.
EEO Statement: Hybrid Pathways is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, marital status, national origin, genetics, disability, age, or veteran status.