Position: Analyst, Cybersecurity
Reports to: Head of Information Technology
Wafra Inc. (“Wafra”) is a leading global investment firm currently managing approximately $28 billion in assets and commitments across a variety of asset strategies. Behind our investment strategies are talented professionals, principally in New York and other financial centers, who bring expertise and experience to deliver strategic, reward-focused solutions. Wafra seeks to provide long-term investment return solutions that span not just years, but generations.
Wafra pursues excellence in all areas of its operations and activities; the IT Department is no exception. The mission statement of the IT Department is “To provide secure, high quality, simple, reliable and cost-effective technology solutions and services that align with business objectives.” The Cybersecurity Analyst is a hands-on and deeply technical position responsible for managing the entire IT stack. The position will report to the Head of Information Security. This is a hands-on position and will have responsibility for improving and maintaining the cybersecurity program at Wafra with the goal to protect the confidentiality, integrity, and availability of Wafra systems and data. The Cybersecurity Analyst is responsible for identifying, tracking and mitigating risks to the Wafra technology infrastructure and operationally running the cybersecurity program. This is a very technical role focused on monitoring, responding to incidents and creating cybersecurity controls. The Cybersecurity Analyst will be expected to identify and implement technical controls within the Wafra infrastructure environment themselves without relying on others. A key attribute for someone in this role is the ability to “change hats” when needed.
The Cybersecurity Analyst will be responsible for responding to incidents, reporting the status of the cybersecurity program and performing constant threat hunting within the environment. Understanding of cloud security will be a key element in this role.
This role will be constantly testing Wafra controls with purple/red team exercises and controls testing.
Duties and Responsibilities
- Continuously test internal controls by performing constant penetration testing, red/blue/purple teaming
- Leverage the Microsoft Azure security stack to prevent, detect and respond to threats
- Work with the SIEM to ensure appropriate alerting is in place and create SOAR automation
- Provide regular reporting on the status of the information security program to the Head of Information Security
- Lead incident response
- Work with the SOC on alerting, triaging and responding to potential incidents
- Perform risk assessments and threat modeling on all new IT changes and projects
- Develop and enhance an up-to-date information security management framework
- Lead cybersecurity projects focused on mitigating probable and impactful risks
- Remain on top of current threats and provide detailed reporting on adversaries
- Lead periodic permission reviews on all applications and data sources
- White hat hacker/penetration tester
- Hands-on experience in cloud infrastructure with Microsoft Azure preferred
- Proven capability to work alone in implementing security changes
- Strong knowledge of information security best practices, standards and frameworks, such as CIS, NIST, ISO, etc.
- Hybrid infrastructure experience required
- Bachelor’s degree
- Demonstrated hacking capabilities
- Ability to work well in evolving teams
- Adaptable to all organizational structures
- Ability to change roles to perform duties outside of comfort zone
- High degree of self-awareness with the ability to learn from mistakes
- Complex problem solver
- Fast-paced thinker and mover
- Strong written and verbal communication and presentation skills
- Exceptional soft and interpersonal skills, including teamwork, facilitation and negotiation
- Excellent planning and organizational skills
Please send your resume to [email protected] with the subject line “Cyber Security Analyst”
This description reflects management’s assignment of essential functions; it does not proscribe or restrict the tasks that may be assigned. Wafra Inc. is an equal opportunity employer.Apply for a job