Apply on Employer Site

NetSuite · 2 months ago

Principal Security Analyst, Threat and Vulnerability Management

Nashville, TN, United States

Full-time

Onsite

Lead/Staff

8+ years exp

NetSuite is looking for a senior Security Analyst for Oracle Threat and Vulnerability Management. This role involves leveraging analytical platforms to collect and analyze security signals, uncovering insights to identify and mitigate threats across the enterprise.

Cloud ComputingComputerCRMiOSSaaSSoftware

No H1B

Responsibilities

Collect, normalize, and analyze diverse security signals from endpoints, infrastructure, applications, and external intelligence sources to assess potential risks

Lead and perform security risk assessments across critical systems, applications, and processes using data-driven methodologies

Use advanced analytics tools such as Jupyter and Spark to sift through large datasets, uncover patterns, and quantify risk profiles and threat trends

Translate analytical outcomes into prioritized, actionable mitigation strategies, collaborating with engineering and operations teams to ensure timely remediation

Help drive enhancements to the vulnerability management lifecycle, including detection, validation, risk scoring, and reporting

Develop visualizations and reports to effectively communicate findings, risks, and recommendations to technical and executive stakeholders

Identify opportunities to automate repetitive tasks related to data collection, analysis, and reporting; partner with development/engineering for tool integeration

Work cross-functionally with threat intelligence, incident response, and risk management teams to ensure alignment and comprehensive coverage

Qualification

Threat/Vulnerability ManagementData AnalysisPythonJupyter NotebooksApache SparkVulnerability Assessment ToolsRisk Scoring MethodologiesMITRE ATT&CKCloud SecuritySecurity CertificationsCommunication SkillsCollaboration SkillsProblem Solving

Required

8+ years of professional experience in security operations, threat/vulnerability management, or a similar cybersecurity discipline

Strong hands-on experience with analytical and scripting tools such as Python, Jupyter Notebooks, and Apache Spark

Proven ability to process and analyze large-scale security data sets to drive actionable threat/risk insights

Deep knowledge of vulnerability assessment tools, threat modeling, risk scoring methodologies, and common attack techniques (e.g., MITRE ATT&CK)

Familiarity with enterprise networking, system administration, and major OS security concepts (Windows, Linux, cloud platforms)

Excellent written and verbal communication skills; able to clearly articulate complex technical issues to technical and non-technical audiences

Preferred

Hands-on experience developing or securing services on a public cloud platform (e.g., AWS, Azure, GCP, OCI)

Industry certifications such as CISSP, OSCP, GIAC, or equivalents

Proven ability to drive culture and behavioral change within engineering organizations

Ability to effectively communicate and influence secure product and network design in a collaborative environment

Experience with security operations and security alert triage processes

Knowledge of compliance program security controls, like ISO/IEC 27001, SOC 2, PCI-DSS, HITRUST, FedRAMP, and UK Cyber Essentials

Knowledge of risk assessment frameworks, like ISO/IEC 27005, ISO 31000, FAIR, and NIST 800-30

Knowledge of incident response frameworks and methodologies, including frameworks like NIST 800-61 and MITRE ATT&CK

Experience building continuous integration/deployment pipelines with robust testing and deployment schedules

Experience and understanding of cryptographic algorithms, standards, implementation and application

Experience and understanding of threat modeling, penetration testing, reverse engineering and attacks on software

Experience working in large, complex global enterprise environments

Benefits

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform crucial job functions, and to receive other benefits and privileges of employment.