Share this Job

Cyber Threat and Vulnerability Analyst

Date: Feb 8, 2019

Location: LAKE FOREST, IL, US, 600455202

Company: Grainger



Grainger is North America’s leading Maintenance Repair & Operating provider and we are the 10th largest North American E-commerce player with over 50% of our revenue coming from online transactions. Within the Enterprise Systems team we use technology to support the ever-changing and dynamic needs of a supply chain carrying 1.5 million products and an employee base of 25,000+; and we are committed to delivering technical solutions to support the business in its mission to stay atop. We deliver technology solutions across the enterprise including our call centers, branch network, sales, and our various digital channels. The team supports over 1000 applications across the network and operates in an agile environment to deliver complex solutions quickly and seamlessly. The team of 500+ is comprised of Infrastructure + Operations, Cyber Security, Technology Planning, Architecture and Engineering and are built in a way to support the dynamic and ever changing customer landscape.

Key Technologies / Framework: Java, J2EE, Ruby on Rails, RDBS, NoSQL, Lucene, SOLR


Primary Function


As a Cyber Threat and Vulnerability Analyst, you will conduct analysis of and determine relevancy of threats, profile threat actor behavior, evaluate and monitor the cyber threat landscape, and articulate recommendations for mitigating and detecting threats. The Cyber Threat and Vulnerability Analyst will be an important advisor for the Cyber Incident Response Team to provide input into their operations and advise during investigations.

The right candidate is an independent with excellent technical skills, a deep background in cyber security, and research. Candidate will be experienced with collecting behavioral and technical  indicators, assessing indicators, attributing campaigns to threat actors, researching broad and targeted attacks, and creating a variety of reports.


Principal Duties & Responsibilities: 


  • Understand and evaluate the cyber threat landscape, and assess what threats are most relevant to Grainger, the MRO industry, and the supplier and customer landscape.
  • Conduct insightful research on observed and noteworthy threats, as discovered using open and proprietary source as well as vendor-provided intelligence.
  • Perform technical research into advanced, targeted attacks, malware campaigns, malware and other emerging technologies and techniques to identify and report on cyber-attacks and attackers.
  • Perform proactive research to identify, categorize and produce reports on new and existing threats.
  • Assess behavioral and technical threat indicators and their credibility and distribute indicators to applicable teams for investigation and action, including the Cyber Incident Response Team to improve cyber security efforts.
  • Coordinate with the Information and Cyber Security teams to produce impactful actionable intelligence.
  • Produce a variety of research and awareness products, catering content for the intended audience (i.e. strategic briefs for leadership, operational reports for security operations analysts and engineers, and others)
  • Provide additional support and insight to other teams in Information Security, including especially the Cyber Incident Response Team, as requested, and assisting with incident investigation as needed
  • Engage in continuous learning and development to continue to develop expertise.
  • Cross-Train, and be an expert resource, on Threat and Vulnerability theory and approach.


Preferred Education & Experience: 




  • Bachelor’s degree in Information Systems or related degree, or equivalent job experience. 



• 2 years of experience in Security solution design, implementation and troubleshooting across all computer platforms.

• 5 years of experience in Security technology implementation and troubleshooting across all computer platforms (Can count a bachelor’s degree in CS, or InfoSec as 1.5 years of experience)

• 5 or more years required of combined IT and security work experience with a broad exposure to infrastructure/network and multi-platform environments.

• Experience and hands-on working knowledge with a variety of security technologies and processes including but not limited to Firewall (such as Check Point, Fortinet, Cisco ASA, Palo Alto, Juniper), VPN, SEIM, IDS/IPS (such as SourceFire, HP TippingPoint), HIDS, malware analysis and protection, content filtering, logical access controls, data loss prevention (such as Symantec, RSA, McAfee), content filtering technologies, application firewalls (such as F5, Imperva), vulnerability scanners, forensics software, and security incident response.

• Understanding of Cloud solution best practices and integration techniques

• GIAC and ISC2 certifications such as CISSP are highly preferred.

• Good understanding of Risk and Compliance framework, regulatory compliance (Sarbanes-Oxley (SOX) and PCI-DSS)

• Highly self-motivated

• Strong attention to detail

• Ability to effectively prioritize and execute tasks in a complex environment

• Solid understanding of standard business processes including Change Management, Problem Management, Work Prioritization, Quality Assurance, and Continuous Improvement best practices, etc.

• Strong client relationship management skills

• Strong analytical and problem-solving skills

• Very strong verbal and written communication skills

• Strong interpersonal and conflict management skills





“Grainger is an Equal Opportunity / Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, gender identity, sexual orientation, disability, or protected veteran status.”


Job Segment: Developer, Information Systems, Java, Supply, Cisco, Technology, Operations

Find similar jobs: