Senior Information Security Analyst (ASM/VM)

About the position

Cirrus Logic is seeking a highly motivated, seasoned security professional to join Information Security as a Senior Attack Surface Management / Vulnerability Management Information Security Analyst. You will be responsible for managing the scanning architecture, as well as the program to identify, analyze, prioritize, and mitigate security vulnerabilities in our digital assets to enhance cybersecurity and protect sensitive data. This role supports business strategy in a dynamic environment.

Responsibilities

• Conduct regular vulnerability assessments to identify security weaknesses in our systems, applications, and network infrastructure.
• Analyze and prioritize vulnerabilities based on risk level and potential impact on the organization.
• Develop and implement effective mitigation strategies to address identified vulnerabilities and reduce attack surfaces.
• Collaborate with the incident response team to investigate and respond to security incidents, ensuring swift resolution and minimizing damage.
• Manage and maintain security tools and technologies used for vulnerability management, including scanning tools.
• Develop and enforce security policies, standards, and best practices to ensure compliance with industry regulations and internal security requirements.
• Prepare detailed reports on vulnerability assessment findings, mitigation efforts, and overall security posture for senior management.
• Engage in the design and support of all aspects of an information security program, including Governance Risk & Compliance, Security Operations, and Security Engineering.

Requirements

• Demonstrable experience across multiple cybersecurity domains including vulnerability management, risk management, network security, Splunk engineering, and incident response.
• Experience analyzing impact of vulnerabilities and designing solutions across Windows, Mac, Linux, Cloud, Network, Labs, and OT.
• Technical experience designing solutions across Linux, Mac, and Windows platforms.
• Strong knowledge of common vulnerabilities and attack vectors, as well as security best practices.
• One or more of the following certifications is preferred: Certified Information Systems Security Professional (CISSP); Systems Security Certified Practitioner (SSCP); GIAC Certified Intrusion Analyst (GCIA).
• Bachelor's degree in cybersecurity or have demonstrated ability as a security professional in a globally dispersed enterprise.
• Experience working in high-tech, engineering, or semiconductor industry is beneficial.
• Effective working with a globally dispersed team across multiple time zones to deliver solutions on time.
• Experience with security industry frameworks, such as NIST CSF, ISO 27000 series, FAIR risk analysis, and privacy regulations.
• Proficiency with security tools such as Qualys, Crowdstrike, and Splunk.
• Experience with incident response and threat hunting.
• Excellent analytical and problem-solving skills.
• Effective communication and interpersonal skills, with the ability to effectively convey technical information to both technical and non-technical stakeholders.
• Executive presence and comfortable engaging with leaders across the company to facilitate balanced risk discussions and decision making.

Nice-to-haves

• Experience working in high-tech, engineering, or semiconductor industry.