Information Security Analyst

Need 10+ years of experience

Job Description:

What will I be doing?

We seek a candidate who has the technical expertise and communication skills to work closely with other teams at Hilton, such as infrastructure, cloud, external contractors, field-level IT resources, and risk management teams, as well as unaffiliated security researchers who participate in the Hilton Bug Bounty Program (BBP).

As a Senior Cyber Security Analyst on the SecPEN team, your primary responsibilities will include assisting developers with remediating vulnerabilities discovered from security testing, triaging findings that are submitted to the Hilton BBP, as well as developing Hilton BBP KPI reports for senior management.

What are we looking for?

Responsibilities:
• Track the lifecycle of bug bounty reports submitted through the Hilton Bug Bounty Program (BBP) assuring that program SLAs are met.
• Triage security vulnerabilities that are disclosed through the Hilton BBP.
• Facilitate communications as needed between the BBP and Hilton's various engineering teams, development teams, and finders.
• Collaborate with Hilton's Risk and Incident Response teams as needed to facilitate the management of reported security vulnerabilities.
• Schedule and assist with penetration and remediation testing for a wide variety of Hilton assets.
• Process and track all bug bounty payments to researchers and provide monthly expenditures.
• Analyze the data produced by Hilton's Bug Bounty Program using to surface trends and other insights which can be utilized to positively affect Hilton's security.
• Assist with the development of internal tooling to benefit the penetration testing and BBP programs.

We believe that success in this role will demonstrate itself through the following attributes and skills:
• Experience in Bug Bounty Management and experience working with shifting timelines and priorities is preferred.
• Strong oral and written communication skills with demonstrated experience presenting to various internal and external groups.
• Work effectively in situations involving uncertainty or lack of information, respond favorably to change, and react decisively in an unstructured environment.
• Demonstrated hands-on experience with penetration testing tools, such as Burp Suite or Metasploit • Deep understanding of common application security issues, such as Cross-Site Scripting (XSS) and Server-Side Request Forgery (SSRF)

To fulfill this role successfully, you should demonstrate the following minimum qualifications:
• At least three (3) years of experience in Technology or a related field • At least one (1) year of experience in a Cybersecurity-related role

It would be helpful in this position for you to demonstrate the following capabilities and distinctions:
• Bachelor's Degree, or Associate's Degree plus five (5+) years of Technology related experience, or High School Degree/GED plus ten (10+) years of Technology related experience • Experience programming in one or more of the following languages: Python, C#, JavaScript, TypeScript • Familiarity with one or more of the following technologies: Node.js, React, Express, GraphQL, IIS, Flask, ASP.NET, Active Directory (AD) • Understanding of fundamental networking related concepts, such as the OSI model, subnetting, etc.
• Relevant cybersecurity certifications (e.g., OSCP, CEH) • Prior security experience in a Fortune 500 or Hospitality environment