Web3 Security Specialist- Internal Security

BitSight is looking for an experienced Security Specialist to join our growing Internal Security team. We pride ourselves on building exceptional career opportunities and offering outstanding benefits to our team. We have the enthusiasm of a start-up but the structure and solidity of a mature industry leader. We are seeking a talented practitioner to help scale the organization's rapidly growing security capabilities and continue to evolve our protections as the threat landscape changes. In this role, you will have the flexibility to help drive the overall security strategy and be a subject matter expert with class-leading security platforms. You would help define proactive and preventative security measures to keep BitSight and its employees' data safe. BitSight is transforming how companies manage information security risk with objective, verifiable and actionable Security Ratings. BitSight’s platform continuously analyzes vast amounts of external data on security issues and behaviors in order to help organizations manage third-party risk, underwrite cyber insurance policies, benchmark performance, conduct M&A due diligence and assess aggregate risk. Fifty percent of the world’s cyber insurance premiums are underwritten by BitSight customers, all four of the Big 4 accounting firms use BitSight, and four of the top five investment banks rely on our solution to manage cyber risks. Required Skills/Experience: Minimum 4+ years in dedicated information security roles TCP/IP networking TLS/SSL and PKI cryptography AWS Cloud and related security technologies/vendors SIEM and EDR Security Incident Handling or Response (SOC, DFIR, or Threat hunting) Strong understanding of least access principles Strong understanding of the defense-in-depth methodology Excellent verbal and written communication skills for multiple audiences (technical, non-technical, and senior executive leadership) Comfortable both in team settings and as a strong autonomous individual contributor Desired Skills/Experience: Detection Engineering (Suricata, Yara, sigma, etc.) Familiarity with threat hunting, common adversarial tools, tactics, and procedures (TTP) Container security Infrastructure-as-code Experience with offensive security such as penetration testing, red teaming, web application testing, and source code analysis Experience with petascale data sets Common Audit Standards and Controls Frameworks (SOC2, CIS, NIST 800 series, ISO 270001, etc) Python Preferred Certifications: AWS Certified Security Specialty SANS GCIA/GCIH/GCFA/GCTI, GPEN/GXPN, GWAPT Offensive Security OSCP/OSCE