Senior Information Security Analyst (ASM/VM)

For over four decades, Cirrus Logic has been propelled by the top engineers in mixed-signal processing. Our rockstar team thrives on solving complex challenges with innovative end-user solutions for the world's top consumer brands. Cirrus Logic is also known for its award-winning culture, built on a foundation of inclusion and fairness, meaningful community engagement, and delivering enjoyable employee experiences at every turn. But we couldn’t do it without our extraordinary workforce – and that’s where you come in. Join our team and help us continue to make Cirrus Logic an exceptional place to grow your career! 

We are seeking a highly motivated, seasoned security professional to join Information Security as a Senior Attack Surface Management / Vulnerability Management Information Security Analyst. You will be responsible for managing the scanning architecture, as well as the program to identify, analyze, prioritize, and mitigate security vulnerabilities in our digital assets to enhance cybersecurity and protect sensitive data. This role supports business strategy in a dynamic environment.

• Vulnerability Assessment: Conduct regular vulnerability assessments to identify security weaknesses in our systems, applications, and network infrastructure.
• Risk Analysis: Analyze and prioritize vulnerabilities based on risk level and potential impact on the organization.
• Mitigation Strategies: Develop and implement effective mitigation strategies to address identified vulnerabilities and reduce attack surfaces.
• Incident Response: Collaborate with the incident response team to investigate and respond to security incidents, ensuring swift resolution and minimizing damage.
• Security Tools: Manage and maintain security tools and technologies used for vulnerability management, including scanning tools.
• Security Policies: Develop and enforce security policies, standards, and best practices to ensure compliance with industry regulations and internal security requirements.
• Reporting: Prepare detailed reports on vulnerability assessment findings, mitigation efforts, and overall security posture for senior management.
• Security: Engage in the design and support of all aspects of an information security program, including Governance Risk & Compliance, Security Operations, and Security Engineering with hands on engineering and administration of security tools, such as CrowdStrike, Qualys, and Splunk in collaboration with fellow security and IT professionals.

• Demonstrable experience across multiple cybersecurity domains including vulnerability management, risk management, network security, Splunk engineering, and incident response.
• Experience analyzing impact of vulnerabilities and designing solutions across Windows, Mac, Linux, Cloud, Network, Labs, and OT.
• Technical experience designing solutions across Linux, Mac, and Windows platforms.
• Strong knowledge of common vulnerabilities and attack vectors, as well as security best practices.
• One or more of the following certifications is preferred: Certified Information Systems Security Professional (CISSP); Systems Security Certified Practitioner (SSCP); GIAC Certified Intrusion Analyst (GCIA).
• Bachelor’s degree in cybersecurity or have demonstrated ability as a security professional in a globally dispersed enterprise.
• Experience working in high-tech, engineering, or semiconductor industry is beneficial.
• Effective working with a globally dispersed team across multiple time zones to deliver solutions on time.
• Experience with security industry frameworks, such as NIST CSF, ISO 27000 series, FAIR risk analysis, and privacy regulations.
• Proficiency with security tools such as Qualys, Crowdstrike, and Splunk.
• Experience with incident response and threat hunting.
• Excellent analytical and problem-solving skills.
• Effective communication and interpersonal skills, with the ability to effectively convey technical information to both technical and non-technical stakeholders.
• Executive presence and comfortable engaging with leaders across the company to facilitate balanced risk discussions and decision making.

This position is in Edinburgh, UK.

This is a hybrid on-site position and will follow a 2+ day in-office work schedule, with in-office days based on business needs and team preference. You must be based within commutable distance of the work location listed on the job posting, or willing to relocate prior to beginning employment with Cirrus Logic.

#LI-PD1

#LI-Hybrid

At Cirrus Logic, we believe that diversity drives innovation, and we are committed to encouraging an open and collaborative culture where different approaches, ideas, and points of view are respected and valued. We aim to promote a workplace where everyone can contribute irrespective of race, colour, national origin, religion or belief, gender or gender identity, sexual orientation, age, marital status, pregnancy status, or disability.