Cybersecurity Specialist

We are looking for a Cybersecurity Specialist for our Client in Lafayette, CO for a 6 month contract.

This position is primarily responsible for detecting, analyzing, and triaging software vulnerabilities related to our product portfolio. You will work with R&D teams to help them understand the exploitability and risk tied to vulnerabilities, so they can make informed decisions on what action to take.

This is a hybrid role with 3 days per week onsite in Lafayette, CO.

Candidates must be authorized to work in the US – NO SPONSORSHIP. NO 3 rd Parties. NO EXCEPTIONS.

The Ideal Candidate Will Have Experience With

• Vulnerability analysis
• Software Bill of Material
• Threat modeling
  
  

Key Areas of Responsibility

• Monitor Dependency-Track for new vulnerabilities
• Import new and updated SBOMs into Dependency-Track
• Review SBOMs for accuracy
• Review and interpret CVEs for impact on products
• Review and interpret penetration testing results
• Work with technical experts and product owners to measure risk associated with vulnerabilities
• Document risk assessments
• Perform threat modeling
• Recommend mitigations for security risks
  
  

Qualifications

• Bachelor’s degree in computer engineering, software engineering, cybersecurity, computer science, or related field
• 2 years of experience in a cybersecurity-related role
• Experience with networking concepts
• Effective communication both verbally and in written form
• Experience with vulnerability monitoring tools such as Dependency-Track
• Experience with using the NVD
• Familiarity with the CycloneDX SBOM specification
• Experience with CVE and CWE interpretation
• Experience with CVSS scoring methodology
• Experience explaining technical concepts to non-technical individuals
• Familiarity with FDA Pre and Post-market guidance
• Familiarity with the OWASP Top 10
• Familiarity with standards such as IEC 81001-5-1 and IEC 62304
• Experience with a threat modeling tool, such as Microsoft Threat Modeling Tool