Internal Security Specialist
Bitsight is a cyber risk management leader transforming how companies manage exposure, performance, and risk for themselves and their third parties. Companies rely on Bitsight to prioritize their cybersecurity investments, build greater trust within their ecosystem, and reduce their chances of financial loss.
Built on over a decade of technological innovation, its integrated solutions deliver value across enterprise security performance, digital supply chains, cyber insurance, and data analysis.
- We invented the cyber ratings industry in 2011
- Over 3000 customers trust Bitsight
- Over 750 teammates are dispersed throughout Boston, Raleigh, New York, Lisbon, Singapore, Argentina, and remote
Bitsight is looking for a highly experienced Security Specialist to join our growing Internal Security team. We pride ourselves in building exceptional career opportunities and offering outstanding benefits to our team. We have the enthusiasm of a start-up but the structure and solidity of a mature industry leader.
We are seeking a talented practitioner to help scale the organization's rapidly growing security capabilities and continue to evolve our protections. This role belongs to a team with many interdisciplinary skills from penetration testing to Incident response and threat hunting. You will have the flexibility to help drive the overall security strategy and be a subject matter expert with class leading security platforms. You would help define proactive and preventative security measures to keep BitSight and its employees' data safe.
Minimum 7+ years in dedicated information security roles
2+ years Enterprise Penetration Testing in Cloud and Zero Trust style environments
General Internet architecture and common network protocols
TLS/SSL and PKI cryptography
Multi-Cloud environments, architectures, and related security technologies/vendors
Strong understanding of Security Incident Handling or Response (SOC, DFIR, or Threat hunting)
Strong understanding of least access principles
Strong understanding of defense-in-depth methodology
Strong understanding of TCP/IP networking
Strong understanding of common authentication protocols and procedures
Excellent verbal and written communication skills for multiple audiences (technical, non-technical, and senior executive leadership)
Comfortable both in team settings and as a strong autonomous individual contributor
has desire to learn, teach, and mentor
Detection Engineering (Suricata, Yara, Sigma, etc.)
Familiarity with threat hunting, common adversarial tools, tactics, and procedures (TTPs)
Container security technologies
Common revision control and CI/CD pipeline tools and procedures
Experience with a broad array of security assessments:
web application testing and fuzzing
Physical security testing
Wireless security and signal testing
source code analysis
Social engineering lure and payload development
Experience with peta-scale data sets
Common Audit Standards and Controls Frameworks (SOC2, CIS, NIST 800 series, ISO 27001, NIST CSF)
Moderate understanding of web application or RESTful API development
Moderate understanding of Operating System Design, Hardening, and Exploit mitigation features
Python and an eye for the automation of tedious repetitive tasks
AWS/Google/Azure Cloud Security Certifications
SANS GCIA/GCIH/GCFA/GCTI, GPEN/GXPN, GWAPT
Offensive Security OSCP/OSCE
ISC2: CCSP, CISSP, CISA
Diversity. Bitsight is proud to be an equal opportunity employer. This means we do not tolerate discrimination of any kind and are committed to providing equal employment opportunities regardless of your gender identity, race, nationality, religion, sexual orientation, status as a protected veteran, or status as an individual with a disability.
Culture. We put our people first. Bitsight offers best in class benefits. We devote the same energy to nurturing our company's inclusive culture as we apply to serving our customers' needs. Working at Bitsight will give you the opportunity to fulfill your professional goals and expand your skills.
Open-minded. If you got to this point, we hope you’re feeling excited about the job description you just read. Even if you don’t feel that you meet every single requirement, we still encourage you to apply. We’re eager to meet people that believe in Bitsight’s mission and can contribute to our team in a variety of ways.
Additional Information for United States of America Applicants:
Bitsight also provides reasonable accommodations to qualified individuals with disabilities or based on a sincerely held religious belief in accordance with applicable laws. If you need to inquire about a reasonable accommodation, or need assistance with completing the application process, please email . This contact information is for accommodation requests only, and cannot be used to inquire about the status of applications.
Qualified applicants with criminal histories will be considered for employment consistent with applicable law.
This position may be considered a promotional opportunity pursuant to the Colorado Equal Pay for Equal Work Act.