Senior Cyber Analyst, Threat Exposure Management

About the Role: Senior Cyber Analyst, Threat Exposure Management

We are seeking a Senior Cyber Analyst, Threat Exposure Management, specializing in Application Security (AppSec) and AI within the 'Identify' Capability. This critical role focuses on managing the attack surface and continuously evaluating the accessibility, exposure, and exploitability of our environments and assets.

The 'Identify' capability is responsible for building and running all services—technology, people, and processes—to perform Threat Exposure Management. This includes managing the output and collaborating with stakeholders to resolve any discovered issues. As part of this function, the Senior Cyber Analyst, Threat Exposure Management, will oversee the continuous evolution of the organization’s threat exposure management lifecycle and reduction programs within a defined scope, reporting directly to the Cyber Manager, Threat Exposure Management.

This position ensures that exposures across Code, Application, and AI environments are proactively identified, prioritized, validated, and remediated, aligning with business risk and operational resilience requirements.

The ideal candidate will have a strong track record in performing in-depth technical assessments and delivering clear, expert insights on identified vulnerabilities and exposures, including validation, prioritization, and contextual analysis. You will help establish and refine best practices for threat exposure management and vulnerability management, while effectively influencing stakeholders across the organization. The role demands advanced technical expertise in exposure analysis and both defensive and offensive security, with the ability to lead detailed technical discussions and conduct complex investigations across Identity technologies.

Key Responsibilities

• Threat Exposure Management and Vulnerability Management
  • Perform detailed analysis of vulnerabilities and exposures across source-code repositories, applications, and AI/ML ecosystems attack surfaces.
  • Support other attack surface technologies such such as IT, OT/ICS, cloud environments, containers, applications, identity systems, and data platforms.
  • Execute the full exposure lifecycle: asset discovery, authenticated scanning, enumeration, exploitability assessment, enrichment, and risk-based prioritization.
  • Maintain reliable integration and data quality across VM, CTEM, AppSec, CSPM, ASM/EASM, and asset-inventory platforms for complete and accurate attack-surface visibility.
  • Collaborate with Threat Intelligence, Red Team, and Incident Response to validate exploit paths, map findings to adversary TTPs, and translate technical risks into clear remediation actions.
  • Assess cloud, code assets, and AI/ML technologies for misconfigurations, privilege issues, insecure interfaces, and emerging exposure patterns, supporting timely remediation and control hardening.
• Operational Excellence & Quality Obsession
  • Contribute to Standard Operating Procedures (SOPs), playbooks, and continuous-improvement initiatives across VM and CTEM services, ensuring consistent, repeatable processes and high-standard deliverables.
  • Support optimization of VM, ASM/EASM, CSPM, CTEM, and AppSec toolsets, ensuring reliable coverage, accurate data, and high-fidelity results.
  • Ensure high data-quality standards across exposure findings, asset attribution, prioritization logic, and reporting outputs.
  • Collaborate effectively across Identity, Respond, Detect, Protect, Strategy, Delivery, Platform Engineering, Threat Intelligence, Architecture, Risk, Issues Engineers, and Portfolio Cyber Leads to drive aligned, timely remediation outcomes.
• Reporting, Analytics & Metrics
  • Support the production of accurate reporting and dashboards on vulnerabilities, Critically Exposed Assets (CEAs), exposure windows, burndown trends, and remediation progress, ensuring high data quality across all sources.
  • Validate and maintain data integrity by troubleshooting attribution issues, correcting inconsistencies across VM, CTEM, AppSec, CSPM, ASM/EASM, and asset-inventory platforms.
  • Analyze exposure patterns and metric trends to provide insights that support prioritization, operational decisions, and continuous-improvement actions.
  • Support leadership reporting by preparing inputs for scorecards, deep dives, and performance reviews, identifying opportunities to enhance KPIs and metric definitions.

We Are Looking For

• 5-7+ years of progressive experience in enterprise cybersecurity with demonstrable in-depth technical expertise in Threat Exposure Management, Vulnerability Management, Defensive and Offensive Security applied to Identity technologies.
• Experience in Application Security, Cloud Security, Data, OT/ICS, and AI/ML Security is beneficial.
• Experience must span large-scale, heterogeneous environments with complex technology stacks.
• Certifications such as CISSP, GIAC, Microsoft Identity and Security, IGA, PAM are advantageous, but equivalent hands-on technical capability, advanced analytical proficiency, and a strong record of continuous learning and practical security training are essential.
• Deep understanding of vulnerability classes, exploit vectors, configuration weaknesses, and exposure patterns across Windows, Linux, network devices, cloud services, containers, applications, and OT/ICS systems.
• Strong ability to perform exploitability assessment, correlate vulnerabilities with attacker behavior (MITRE ATT&CK), and differentiate real risk from noise or false positives.
• Hands-on experience with VM/CTEM tooling and pipelines, including authenticated scanning, asset discovery methods, CSPM, AppSec (SAST/SCA/DAST/IaC), ASM/EASM platforms, passive/active enumeration, and validating high-risk Critically Exposed Assets (CEAs).
• Strong capability to validate data accuracy, match assets, reconcile mismatches, and ensure consistent exposure attribution and ability to analyze trend data, identify anomalies, and provide actionable insights.
• Strong knowledge of AD/Entra ID, Kerberos, NTLM, PKI, certificate chains, CRLs/OCSP, SPNs, federation, MFA, and the ability to identify high-risk identity misconfigurations such as insecure trust relationships, expired or weak certificates, unconstrained delegation, and stale privileges.
• Skilled in analyzing identity attack paths, identifying lateral movement, privilege escalation, token abuse, SPN abuse, mis-issued certificates, and validating high-fidelity identity exposures including certificate-related attack vectors.
• Proficient in cloud and hybrid identity setups (Azure AD/Entra, ADFS, Azure AD Connect) including IAM roles, service principals, OAuth/OIDC flows, certificate-based authentication, SCIM provisioning, and detection of identity drift, sync failures, or insecure connectors.
• Ability to identify cloud and DNS-related exposure paths such as dangling DNS records, orphaned service endpoints, misconfigured identity endpoints, excessive cloud privileges, insecure APIs, and domain-federation weaknesses across CSPs such as Azure, AWS, and GCP.
• Knowledge of PAM/PAW, JIT/JEA models, IGA (SailPoint, Saviynt), and Zero Trust identity principles, with the ability to spot toxic privilege combinations, entitlement sprawl, and policy drift.
• Ability to correlate identity exposures with adversary TTPs, credential abuse techniques, Golden Ticket/SAML attacks, and map identity weaknesses within wider attack paths across apps, cloud, and infrastructure.