Gravity IT Resources
Senior Lead Cybersecurity Analyst (Dania)
Gravity IT Resources, Dania, Florida, United States, 33004
Position Title: Senior Lead Cybersecurity
Location: Dania, FL (Hybrid)
Position Summary: The Senior Lead Cybersecurity professional plays a critical role in the daily execution and supervision of enterprise security operations. This individual serves as the primary hands-on technical leader responsible for safeguarding systems, data, and customers within a cloud-native environment and extensive Software as a Service (SaaS) interconnectivity. The ideal candidate is an experienced leader and technical expert, highly proficient in Development, Security, and Operations (DevSecOps) practices. This role ensures effective application of security controls, acts as the primary escalation point for operational security issues, and focuses on implementing technical solutions that balance business agility with security imperatives. Essential Responsibilities: Serve as a trusted security advisor to leadership, supporting business decisions with appropriate risk considerations. Develop and maintain key risk indicators to measure cybersecurity risk and present security threats to senior and technology leadership. Lead, mentor, and guide a small team of security professionals as the security function grows. Maintain hands-on experience with Google Cloud Platform (GCP) security services and architecture. Utilize containerization and orchestration technologies (Docker, Kubernetes/GKE) and/or serverless environments (Cloud Functions, Cloud Run). Implement identity and access management within GCP, including Cloud IAM, workload identity federation, SAML, and OIDC. Conduct risk assessments and map controls to frameworks such as NIST CSF, CIS Controls, ISO 27001, and communicate risk in clear business terms. Use the MITRE ATT&CK framework to model threats, evaluate control coverage, and enhance detection and response capabilities. Participate in security architecture reviews to ensure security-by-design principles are applied to new products, services, and infrastructure. Enhance and oversee data governance programs, including data classification, encryption standards, and Data Loss Prevention (DLP). Oversee threat intelligence activities, turning insights into actionable defensive improvements and proactive threat hunting. Build and scale security processes aligned with organizational growth and operational needs. Partner with Engineering and Product teams to embed DevSecOps practices in CI/CD pipelines, including automated testing and secure builds. Oversee core security functions: incident response, vendor risk management, vulnerability management, IAM, and security awareness. Ensure the secure interconnectivity of APIs, third-party integrations, and multi-cloud data flows. Conduct and oversee tabletop exercises for disaster recovery, business continuity, and incident response. Develop and track KPIs and metrics to measure and report security performance and risk posture. Ensure compliance with applicable financial, regulatory, and data protection requirements (e.g., PCI DSS, GDPR, SOX). Actively participate in security incident detection, investigation, and remediation. Build scalable processes that balance agility with regulatory and enterprise standards. Perform other complex projects and duties as assigned. Minimum Experience and Qualifications: Bachelors Degree; OR a High School Diploma/GED and at least four (4) years of relevant work experience in Information Security, Computer Science, Business, or related fields. Four (4) years of progressive IT or cybersecurity experience, including at least two (2) years as a direct security practitioner. One (1) year of experience leading cybersecurity teams. Certified Cloud Security Professional (CCSP). Certified Information Systems Security Professional (CISSP). Certified Information Privacy Professional (CIPP). Hands-on experience with cloud-native environments such as Google Cloud Platform (GCP). Strong understanding of cloud security architectures (Zero Trust, Secure SDLC, IaC security, DevSecOps). Ability to embed security into SDLC and CI/CD pipelines using automated validation and Infrastructure-as-Code security tooling. Knowledge of frameworks including NIST CSF, ISO 27001, and CIS Controls. Excellent written and verbal communication skills with an ability to translate risk for non-technical audiences. Demonstrated experience building and scaling security processes from the ground up. Ability to travel occasionally (up to 10%). Must pass a ten (10) year background check. Must be legally eligible to work in the United States. This position is
not
eligible for visa sponsorship. Preferred Experience and Qualifications: Experience in technology, travel, retail, airline, or other regulated industries. Ability to work autonomously and drive initiatives in a fast-paced environment. Experience in matrixed or affiliate organizational models. Familiarity with container security, API security, IAM, and zero-trust implementations. Proven ability to influence stakeholders and drive security improvements. One or more additional certifications such as CISM, CRISC, CCSK, CISA, or similar.
Use of automated tools (including ChatGPT) during the interview process will disqualify candidates.
Position Summary: The Senior Lead Cybersecurity professional plays a critical role in the daily execution and supervision of enterprise security operations. This individual serves as the primary hands-on technical leader responsible for safeguarding systems, data, and customers within a cloud-native environment and extensive Software as a Service (SaaS) interconnectivity. The ideal candidate is an experienced leader and technical expert, highly proficient in Development, Security, and Operations (DevSecOps) practices. This role ensures effective application of security controls, acts as the primary escalation point for operational security issues, and focuses on implementing technical solutions that balance business agility with security imperatives. Essential Responsibilities: Serve as a trusted security advisor to leadership, supporting business decisions with appropriate risk considerations. Develop and maintain key risk indicators to measure cybersecurity risk and present security threats to senior and technology leadership. Lead, mentor, and guide a small team of security professionals as the security function grows. Maintain hands-on experience with Google Cloud Platform (GCP) security services and architecture. Utilize containerization and orchestration technologies (Docker, Kubernetes/GKE) and/or serverless environments (Cloud Functions, Cloud Run). Implement identity and access management within GCP, including Cloud IAM, workload identity federation, SAML, and OIDC. Conduct risk assessments and map controls to frameworks such as NIST CSF, CIS Controls, ISO 27001, and communicate risk in clear business terms. Use the MITRE ATT&CK framework to model threats, evaluate control coverage, and enhance detection and response capabilities. Participate in security architecture reviews to ensure security-by-design principles are applied to new products, services, and infrastructure. Enhance and oversee data governance programs, including data classification, encryption standards, and Data Loss Prevention (DLP). Oversee threat intelligence activities, turning insights into actionable defensive improvements and proactive threat hunting. Build and scale security processes aligned with organizational growth and operational needs. Partner with Engineering and Product teams to embed DevSecOps practices in CI/CD pipelines, including automated testing and secure builds. Oversee core security functions: incident response, vendor risk management, vulnerability management, IAM, and security awareness. Ensure the secure interconnectivity of APIs, third-party integrations, and multi-cloud data flows. Conduct and oversee tabletop exercises for disaster recovery, business continuity, and incident response. Develop and track KPIs and metrics to measure and report security performance and risk posture. Ensure compliance with applicable financial, regulatory, and data protection requirements (e.g., PCI DSS, GDPR, SOX). Actively participate in security incident detection, investigation, and remediation. Build scalable processes that balance agility with regulatory and enterprise standards. Perform other complex projects and duties as assigned. Minimum Experience and Qualifications: Bachelors Degree; OR a High School Diploma/GED and at least four (4) years of relevant work experience in Information Security, Computer Science, Business, or related fields. Four (4) years of progressive IT or cybersecurity experience, including at least two (2) years as a direct security practitioner. One (1) year of experience leading cybersecurity teams. Certified Cloud Security Professional (CCSP). Certified Information Systems Security Professional (CISSP). Certified Information Privacy Professional (CIPP). Hands-on experience with cloud-native environments such as Google Cloud Platform (GCP). Strong understanding of cloud security architectures (Zero Trust, Secure SDLC, IaC security, DevSecOps). Ability to embed security into SDLC and CI/CD pipelines using automated validation and Infrastructure-as-Code security tooling. Knowledge of frameworks including NIST CSF, ISO 27001, and CIS Controls. Excellent written and verbal communication skills with an ability to translate risk for non-technical audiences. Demonstrated experience building and scaling security processes from the ground up. Ability to travel occasionally (up to 10%). Must pass a ten (10) year background check. Must be legally eligible to work in the United States. This position is
not
eligible for visa sponsorship. Preferred Experience and Qualifications: Experience in technology, travel, retail, airline, or other regulated industries. Ability to work autonomously and drive initiatives in a fast-paced environment. Experience in matrixed or affiliate organizational models. Familiarity with container security, API security, IAM, and zero-trust implementations. Proven ability to influence stakeholders and drive security improvements. One or more additional certifications such as CISM, CRISC, CCSK, CISA, or similar.
Use of automated tools (including ChatGPT) during the interview process will disqualify candidates.