Security Assurance Analyst III

Relocation Benefits Available

Position Can Sit in Orlando FL or South FL

As a member of the professional staff, contributes general knowledge and skill in a discipline area (e.g., Accounting, Finance, Human Resources, Information Resources, Operations Planning & Support, Sales & Marketing) to support team and/or department objectives.

Generally, works under limited supervision, but within established guidelines, producing and analyzing more complex business information to assist in the decision-making process.

The Manager, Security Assurance Analyst III role is responsible for identifying and exploiting vulnerabilities within the organization's infrastructure, applications, APIs, and cloud environments. This position focuses on conducting security testing, including penetration testing and red team exercises, to simulate real-world adversary tactics and techniques. The role also applies expertise to application security testing, working closely with development teams to ensure secure coding practices and vulnerability remediation are integrated into the development lifecycle.

In addition to hands-on offensive security testing, this role requires mapping attack scenarios to frameworks such as the MITRE ATT&CK framework to assess the organization's defense mechanisms. The individual will identify weaknesses in systems and provide recommendations for security improvements. The ideal candidate is a highly skilled, collaborative security professional with a deep understanding of offensive security techniques and a passion for continuous testing and learning.

1. Contributes to team, department, and/or business results by performing complex analysis for processes and projects, often managing small projects or parts of larger ones.
2. Responds to, solves, and makes decisions on complex/non-routine business requests with limited to moderate risk.
3. Assists senior associates by identifying opportunities to enhance business processes, participating in setting department plans, and achieving results within scope and budget.
4. Demonstrates self-awareness and acts independently to improve skills and knowledge.

• Conduct thorough penetration testing of infrastructure, applications, APIs, and cloud environments to identify vulnerabilities.
• Collaborate with development teams to implement security testing early in the SDLC, ensuring secure coding and configurations.
• Review development processes for secure coding practices and vulnerabilities.
• Lead red team exercises simulating advanced threats to assess security resilience.
• Work with blue team members to improve detection and response efforts.
• Map security test results to the MITRE ATT&CK framework.
• Perform vulnerability assessments and threat simulations.
• Validate vulnerabilities and verify remediation efforts.
• Mentor junior analysts in offensive security techniques.
• Develop testing methodologies and custom attack scenarios.
• Collaborate with IT and security teams to prioritize and remediate vulnerabilities.
• Document findings and communicate security recommendations.
• Stay updated on emerging threats and trends to improve testing practices.

Suitable candidates should have relevant knowledge, experience, and leadership skills, typically requiring a college degree or equivalent experience.

• Bachelor’s degree in Computer Science, Information Security, or related field; or equivalent experience.

• OSCP, CEH, GPEN, OSWE, CSSLP, GWAPT

• At least 4 years in offensive security roles, including penetration testing, red teaming, and application security testing.
• Hands-on experience with tools like Burp Suite, Metasploit, Kali Linux, Cobalt Strike, and scripting.
• Proven ability to identify and exploit vulnerabilities across applications, APIs, and cloud platforms.
• Experience with DevSecOps, CI/CD, and integrating security into SDLC.
• Deep knowledge of application security testing methods and cloud security (AWS, Azure, GCP).

• Advanced penetration testing skills across web, mobile, APIs, and cloud services.
• Expertise in secure coding, vulnerability scanning, and application security practices.
• Knowledge of secure development methodologies and frameworks like SDL.
• Ability to simulate sophisticated attacks and evaluate defenses.
• Understanding of cloud security and container security best practices.
• Skill in validating vulnerabilities and assessing exploitability.
• Ability to collaborate with incident response teams and communicate findings clearly.
• Leadership and mentorship skills, with strong analytical and problem-solving abilities.

#LI-SW1

Marriott Vacations Worldwide is an equal opportunity employer committed to diversity and inclusion.