Job Title Analyst, Vulnerability & Threat Job Description I. Job Summary | The Analyst of Vulnerability and Threat will assist in identifying, assessing, and mitigating cybersecurity vulnerabilities and threats to the organization. This individual will work closely with the manager and other team members to ensure the confidentiality, integrity, and availability of the organization's information assets. As a visible member within the Security team, you will be responsible for supporting the technical direction of security, participating in multiple, complex technical projects, and partnering with other groups within the organization to deliver tools and services that align with our security roadmaps. II. Essential Job Functions Weight % | Accountabilities, Actions and Expected Measurable Results 45% | Threat Management: - Gather and analyze threat intelligence from various sources. - Correlate data from SIEMs, EDRs, and network telemetry to validate findings and escalate confirmed incidents to incident response teams. - Assist in the development and support incident response plans to address security incidents effectively. - Conduct regular threat assessments and testing, including penetration testing/red teaming to evaluate the organization's security posture. 25% | Threat Hunting, Research and Analysis: - Perform in-depth analysis of publicly disclosed vulnerabilities and assess organizational exposure. - Assess and test the effectiveness of current detection and prevention technologies, identifying gaps and recommending improvements. - Proactively identify potential threats by developing and executing threat-hunting campaigns across networks, endpoints and cloud environments. - Leverage threat intelligence, behavioral analytics, and anomaly detection to uncover indicators of compromise (IOCs) or advanced persistent threats (APTs) that evade standard detection tools.. - Refine and create new alerting logic, detection signatures, and playbooks based on hunting outcomes. - Develop and maintain security documentation and procedures. 20% | Vulnerability Management: - Assist in conducting regular and ad-hoc vulnerability scans and assessments using a variety of tools (SAST, DAST, IAST, etc.) and techniques. - Analyze scan results and identify critical vulnerabilities. - Help maintain vulnerability assessment tools and technologies. - Research and document vulnerabilities based on risk and potential impact. - Collaborate with IT, Engineering and business units to ensure timely remediation in accordance to SLAs. - Track remediation progress and ensure timely closure of vulnerabilities. 10% | Collaboration and Communication: - Work closely with IT, engineering, operations and other stakeholders to ensure effective collaboration. - Communicate security risks and recommendations to management and stakeholders. - Assist in the development and delivery of security awareness training programs. III. Minimum Qualifications and Job Requirements | All must be met to be considered. Education: Bachelor's degree in Computer Science, Information Security, or a related field or equivalent experience. Experience: Minimum of 1-3 years of experience in cybersecurity, with a focus on vulnerability and threat management. Relevant certifications such as CEH, OSCP, Security+, or GIAC certifications are desirable. Specific Knowledge, Skills and Abilities: - Cybersecurity expertise: Security principles, vulnerabilities, threats, container security and cloud security (AWS, GCP, Azure). - Vulnerability and Threat Management: Assessment, threat modelling (STRIDE / MAESTRO methods preferred), penetration testing, intelligence gathering and analysis. - OS Security and Compliance: Linux, Windows, Mac, G-Suite, GWS Administration, SOC 2, NIST CSF, SOX, PCI-DSS. - Technical skills: Scripting (Python, Powershell, Bash), incident investigation and response. - Soft skills: Communication, interpersonal skills, organization, time management, teamwork, and the ability to work independently in a fast-paced environment. - Additional requirements: Occasional travel and on-call availability. It is the policy of People Inc. to provide equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state or local law. In addition, the Company will provide reasonable accommodations for qualified individuals with disabilities. Accommodation requests can be made by emailing hr@people.inc. The Company participates in the federal E-Verify program to confirm the identity and employment authorization of all newly hired employees. For further information about the E-Verify program, please click here: https://www.e-verify.gov/employees Pay Range Salary: Remote US: $75,000 - $85,000 The pay range above represents the anticipated low and high end of the pay range for this position and may change in the future. Actual pay may vary and may be above or below the range based on various factors including but not limited to work location, experience, and performance. The range listed is just one component of People Inc's total compensation package for employees. Other compensation may include annual bonuses, and short- and long-term incentives. In addition, People Inc. provides to employees (and their eligible family members) a variety of benefits, including medical, dental, vision, prescription drug coverage, unlimited paid time off (PTO), adoption or surrogate assistance, donation matching, tuition reimbursement, basic life insurance, basic accidental death & dismemberment, supplemental life insurance, supplemental accident insurance, commuter benefits, short term and long term disability, health savings and flexible spending accounts, family care benefits, a generous 401K savings plan with a company match program, 10-12 paid holidays annually, and generous paid parental leave (birthing and non-birthing parents), all of which may vary depending on the specific nature of your employment with People Inc. and your work location. We also offer voluntary benefits such as pet insurance, accident, critical and hospital indemnity health insurance coverage, life and disability insurance. #NMG#

• Create new first party Intelligence sources • Promote Lancope security thought leadership through media outreach and collaborative reporting • Source and analyze data from available product sources across Lancope as well as externally from partners or other qualified third-parties • Manage reporting and dissemination of security intelligence and research efforts • Monitor, identify, and respond to timely security events • Provide data driven insight for internal business intelligence and external communications with media, analysts and/or customers/stakeholders • Establish cross-departmental channels to facilitate collaborative research sharing for external reporting and internal business strategy • Liaise with key security initiatives and groups within the security industry to better establish Lancope as both a security thought leader and trusted partner • Help guide the development by working with product teams

• Analyze large volumes of online conversation to identify brand narratives • Translate platform outputs into insights for non-technical audiences • Produce marketing content based on data • Support rapid-response analysis during brand moments • Deliver timely, actionable insights under deadlines

• Track adversary campaigns, tactics, techniques, and procedures (TTPs) through analysis of CrowdStrike's unique telemetry, open-source data sets, and third-party intelligence • Author short and long format written reports with minimal supervision that apply analytic tradecraft, including appropriate use of estimative language, confidence levels, and structured analytic techniques • Engage in cross-team discussions and collaborate with subject matter experts across CrowdStrike Intelligence and other business units to ensure comprehensive adversary tracking and deconfliction • Identify intelligence gaps and propose research projects to address collection shortfalls within the mission area • Conduct peer review of reporting by team members to help maintain CrowdStrike Intelligence's analytic standards for accuracy, clarity, and objectivity • Prioritize, categorize, and respond to requests for information from internal and external customers • Support and contribute to customer briefings as directed for internal teams and external customers via phone, video conference, webcast, in-person, or industry conferences • Identify opportunities for process improvements and automation, contributing to working groups on tool development and analytic enhancements