About the opportunity:
Hybrid Pathways is seeking a highly skilled and motivated Third-Party Risk Management Cyber Security Purple Team Analyst to join a dynamic team. As a Third-Party Risk Management Purple Team Analyst, you will play a crucial role in enhancing the customer’s organization's overall cybersecurity posture by integrating with the third-party risk management team to evaluate critical supply chain vendors’ real-world cyber threats, evaluating their security controls, and collaborating with both the supplier and other cyber security functions. The ideal candidate will possess a strong understanding of cyber threats, penetration testing methodologies, and defensive security strategies to be able to evaluate a vendor’s security posture. Must have a technical mindset and be a technically curious person that can be creative with solutions.
Responsibilities:
1. Evaluate Suppliers’ Security Posture with a Purple Team Mindset
- Identify different existing and non-existing threat intelligence sources within the organization and outside the organization to help identify the security posture of a critical supplier (e.g., threat intelligence feeds, SASE technology data, third party identity data, email reputation data, etc.).
- Work with cross-functional teams to aggregate the data into the third-party risk management platform
2. Threat Simulation:
- Develop realistic attack scenarios to feed the threat model for a supplier’s security posture.
- Identify vulnerabilities to the customer from the threat model with knowledge of ethical hacking and penetration testing techniques.
3. Continuous Improvement:
- Stay abreast of the latest cyber threats, vulnerabilities, and industry best practices.
- Propose and implement improvements to security controls based on findings from simulations and assessments.
4. Security Assessments:
- Conduct security assessments on various systems, applications, and infrastructure components that are related to third party suppliers within the customer’s environment.
5. Training and Knowledge Sharing:
- Provide training and knowledge sharing sessions to the wider security team.
- Mentor and guide junior team members in understanding advanced cyber threats and defensive strategies related to third party IT risk management.
- Proven experience in cybersecurity, including penetration testing and ethical hacking.
- Red teaming techniques, tactics, and procedures.
- Third party risk management experience or exposure.
- Vulnerability assessment.
- Hands-on experience with security tools and frameworks.
- Strong understanding of cyber threats, attack vectors, and defensive strategies.
- Proficiency in scripting and programming languages (e.g., Python, PowerShell).
- Excellent communication and collaboration skills.
- Ability to lead, influence, and make recommendations to client.
Preferred Skills
- Proven experience in cybersecurity, including penetration testing and ethical hacking.
- Hands-on experience with security tools and frameworks.
Preferred Education
- Bachelor's degree in Computer Science, Information Security, or a related field. Relevant certifications (e.g., CISSP, CEH, OSCP) are a plus.
About Us:
Hybrid Pathways is a New England-based IT professional services company that assists mid-to-large enterprises with the implementation of secure IT environments that span on-premises and public cloud platforms. Be a part of a fast-paced, growing organization focused on doing great projects for great people.
EEO Statement:
Hybrid Pathways is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, marital status, national origin, genetics, disability, age, or veteran status.