Threat Level: green Handler on Duty: Russ McRee

SANS ISC: InfoSec Jobs InfoSec Jobs

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Supply Chain Threat Analyst
Company Fortress Information Security
Location Orlando, FL
Preferred GIAC Certifications GPYC, GSEC, GPEN, GCIH
Travel 0%
Salary Not provided
Contact Name Stefani Rodriguez
Contact Email srodriguez/at/
Expires 2020-11-24

Job Description

Why work at Fortress?

Fortress Information Security is one of the largest cyber security providers of supply chain risk management and vulnerability risk management in the US. Fortress has been recognized as one of Orlando’s 2019 Best Places to Work and has also been recently published for our efforts in securing the US power grid in Forbes and countless other publications.

Our mission is to secure critical infrastructure by managing supply chain risks. The Fortress team consists of experts in the field of cyber security who are recognized leaders on industry best practices and processes. Fortress is headquartered in Orlando, FL, with offices in Boise, ID, Reston, VA, and Columbus, OH.

Fortress Information Security is looking for a Senior Threat Analyst to act as the SME, particularly as it relates to Continuous Monitoring and Supply Chain Threats. You will work in a fast-paced environment, in constant communication and coordination with software architects, project leaders, external customers, and senior management to build and deploy world-class information security solutions.


Work with customers, producing intelligence pertinent to their threat landscape.
Investigate and present operational and strategic intelligence about threat actors.
Evaluate tools, methodologies, and best practices to effectively understand the tactics, techniques, and procedures (TTPs) utilized by threat actors.
Mentor for junior analysts and elucidate analytic value in our technology tool suites.
Lead project-based teams and analysis efforts.
Composition of tailored and actionable threat intelligence reporting based on tasking
Leverage IT Security tools in the evaluation of vulnerabilities/risks
Evaluate risk and report to Manager on the security of the infrastructure
Define, and document secure baseline OS configurations
Advise on technical security decisions regarding configuration and settings of security tools according to industry best practices and corporate policies
Review & recommend secure network, server, and application configurations and solutions


Experience with analytic visualization tools (e.g. Maltego, Analyst Notebook)
Effective programing or scripting skills (Python preferred)
Experience of reverse engineering malware
OSINT investigative skills and data correlation
Subject Matter Expert (SME) for regional or cyber threat actors TTPs
Ability to work in a fast-paced, team-oriented, and mission-focused group
Ability to be an intellectually curious self-starter, with ample opportunities to explore, research, and develop new and unique solutions.
Networking experience with at least 2 of the following: LAN, WAN, MAN, Wi-Fi
Working knowledge of Internet Protocols, communication protocols, data and network security fundamentals
Intermediate understanding and knowledge of encryption techniques, tools, and best practices
Working knowledge of distributed server secure configurations and benchmarks
Working knowledge of basic Software Architecture design & methodologies
Working knowledge of fundamentals of Electronics Technology design
Working knowledge of supply chain threats
Experience performing IT risk assessments, including on networking infrastructure


Bachelor’s in computer science or Cyber Security/ Information Security or 1-3 years relevant experience

Bachelor’s, Associates, or 2nd in Electronics Technologies, Digital Electronics fundamentals, or Electrical/Electronic Engineering.

Preferred Licensing/Certifications:

CompTIA Security+ or
Cyber Security Analyst + (CySA+) (in lieu of Sec+) or
CISSP (Certified Information Systems Security Professional) (preferred)
Offensive Security Certified professional (OSCP) (nice to have)
GIAC certifications (nice to have)


5+ years of experience as a threat intelligence analyst, network forensics analyst, or IT security analyst
Exceptional oral and written communication skills, with a proven ability to produce customer-facing intelligence reports
Effective organizational skills with the ability to prioritize and execute
Proven track record of leading teams and projects
Ability to work effectively in a distributed team environment
Well-developed analytical and problem-solving skills
Deep working knowledge of IP networking and services; including standard Internet protocols such as DNS, HTTP/HTTPS, and VPNs, as well as routing protocols
Demonstrated knowledge of operating system concepts
Experience with basic malware analysis, network and application forensics
Experience developing indicators of compromise (IOCs) and an understanding of how they can be used/deployed in various detection architectures at host or network level
Nexpose Scanner Experience (OR other enterprise Scanner tools) (Highly Desired)
Nessus Vulnerability Scanner: 1-3 years (Preferred)
SCAP tools: 1-3 years (Preferred)
OSINT: 1-3 years (Required)
Microsoft Products (Word, Excel, PowerPoint – intermediate skills or more)
Experience with or Ability to learn/use Python to assist with reporting needs
Experience with or Ability to learn/use SQL to assist with reporting needs
Ability to work under demanding deadlines
Ability to think critically with an attention to detail
Strong written and oral communication skills

Fortress offers an attractive benefits package including:

Medical/Dental and Vision Benefits
Company-paid LIfe/STD/LTD
Paid Time Off
Company Holidays
401k plan

Employment Perks:

Free Snack and Drink bar including Chick-Fil-A® breakfast every Wednesday
Great Ongoing Learning and Development opportunities offered for certifications and tuition reimbursement
Employee Referral Programs
Company Sponsored Events
Casual dress daily
We promote from within and provide great employee succession planning

Fortress is an equal opportunity employer and does not discriminate or allow discrimination on the basis of race, color, religion, gender, age, national origin, citizenship, disability, veteran status or any other classification protected by federal, state, or local law.

For positions located in the US, the following conditions apply. If you are made a conditional offer of employment, you will be required to undergo a drug test. ADA Disclaimer: In developing this job description care was taken to include all competencies needed to successfully perform in this position. However, for Americans with Disabilities Act (ADA) purposes, the essential functions of the job may or may not have been described for purposes of ADA reasonable accommodation. All reasonable accommodation requests will be reviewed and evaluated on a case-by-case basis.