Security Engineer, Infosec Operations

About Us

Thrive is a rapidly growing technology solutions provider focusing upon Cloud, Cyber Security, Networking, Disaster Recovery and Managed Services. Our corporate culture, engineering talent, customer-centric approach, and focus upon "next generation" services help us stand out amongst our peers. Thrive is on the look-out for individuals who don't view their weekdays spent at "a job", but rather look to develop valuable skills that ignite their passion and lead to a CAREER. If you're attracted to a "work hard, play hard" environment, seeking the guidance, training and experience necessary to build a lucrative career, then welcome to THRIVE

Position Overview

We're seeking a proactive and technically adept Security Engineer to contribute to our vulnerability management program and actively participate in autonomous penetration testing initiatives. In this role, you'll drive vulnerability assessments, including scanning and penetration testing, while effectively communicating findings and remediation strategies to diverse stakeholders. You'll also play a key role in managing and enhancing our security awareness programs to empower users against evolving threats. This role demands a combination of hands-on technical skills, analytical capabilities, and strong communication to ensure our clients' environments remain secure.

Primary Responsibilities

• Drive vulnerability scanning activities using industry-standard tools.
• Assist with autonomous penetration testing initiatives.
• Analyze scanning outputs and make informed decisions on vulnerability severity and prioritization.
• Collaborate with internal support teams and clients to clearly articulate vulnerability remediation needs, tailoring explanations to both technical and non-technical stakeholders, including direct communication with customers.
• Distinguish between project-level remediation and issues covered by support offerings.
• Open and track assignment tickets to ensure timely resolution.
• Manage and configure security awareness training and phishing campaigns for our customers, proactively identifying areas for improvement and innovation to drive continuous program enhancement.
• Customize reports to align with client reporting needs and requirements.
• Creation and ongoing upkeep of materials documenting our security processes, procedures, and technologies, along with the generation of automated reports for relevant stakeholders.
• Stay informed about the latest security events and techniques to proactively address emerging threats.
• Contribute to the creation and updating of client security presentations.
• Other duties as required.

Qualifications

• Bachelor's degree in Cybersecurity, Computer Science, or a related field is preferred.
• Relevant cybersecurity certifications (e.g., CISSP, OSCP, Security+, GIAC and Azure certifications) are a plus.
• Proven experience in vulnerability management, including scanning, analysis, and remediation.
• Hands-on experience with systems and network/firewall administration.
• Experience with Active Directory administration.
• Experience with SIEM and EDR technologies.
• Heavy experience with TCP/IP network protocols, application layer protocols (e.g., HTTP, SMTP, DNS, etc.).
• Ability to analyze a large amount of data from various sources and use this information to solve complex problems and make good decisions.
• Knowledge of risk assessment tools, technologies, and methods.
• Demonstrated understanding of cybersecurity threats and incident response procedures.
• Proficiency in developing and automating client-facing reports.
• Excellent written and verbal communication skills for both technical and non-technical audiences.
• Must be able to work effectively in a team environment and collaborate within the team and other stakeholders.
• Demonstrate comprehension of good security practices.
• Knowledge of programming languages.
• Passion for cybersecurity and continuous learning.