Thrive is hiring a
Security Engineer

Summary

Thrive is seeking a proactive and technically adept Security Engineer to contribute to their vulnerability management program and participate in autonomous penetration testing initiatives. The role involves driving vulnerability scanning activities, analyzing scanning outputs, collaborating with internal support teams and clients, managing security awareness programs, creating reports, staying informed about the latest security events, and contributing to client presentations.

Requirements

• Bachelor's degree in Cybersecurity, Computer Science, or a related field is preferred
• Relevant cybersecurity certifications (e.g., CISSP, OSCP, Security+, GIAC and Azure certifications) are a plus
• Proven experience in vulnerability management, including scanning, analysis, and remediation
• Hands-on experience with systems and network/firewall administration
• Experience with Active Directory administration
• Experience with SIEM and EDR technologies
• Heavy experience with TCP/IP network protocols, application layer protocols (e.g., HTTP, SMTP, DNS, etc.)
• Ability to analyze a large amount of data from various sources and use this information to solve complex problems and make good decisions
• Knowledge of risk assessment tools, technologies, and methods
• Demonstrated understanding of cybersecurity threats and incident response procedures
• Proficiency in developing and automating client-facing reports
• Excellent written and verbal communication skills for both technical and non-technical audiences
• Must be able to work effectively in a team environment and collaborate within the team and other stakeholders
• Demonstrate comprehension of good security practices
• Knowledge of programming languages
• Passion for cybersecurity and continuous learning

Responsibilities

• Drive vulnerability scanning activities using industry-standard tools
• Assist with autonomous penetration testing initiatives
• Analyze scanning outputs and make informed decisions on vulnerability severity and prioritization
• Collaborate with internal support teams and clients to clearly articulate vulnerability remediation needs
• Distinguish between project-level remediation and issues covered by support offerings
• Open and track assignment tickets to ensure timely resolution
• Manage and configure security awareness training and phishing campaigns for our customers
• Customize reports to align with client reporting needs and requirements
• Creation and ongoing upkeep of materials documenting our security processes, procedures, and technologies, along with the generation of automated reports for relevant stakeholders
• Stay informed about the latest security events and techniques to proactively address emerging threats
• Contribute to the creation and updating of client security presentations