Threat Operations Analyst
Virtusa
Lead Software Engineer
Review and analyze threats, risks, and vulnerabilities identified by CTRL and proactive detection pipelines. Validate exposed services such as RDP, SSH, databases, and edge devices using Shodan, Censys, LeakIX, and Nuclei. Evaluate security configurations to identify mitigating or compensating controls.
Confirm internet-facing asset ownership using WHOIS, DNS and reverse-DNS, TLS fingerprinting, Shodan data, and OSINT techniques. Resolve attribution uncertainties to ensure customers receive notifications only for confirmed assets.
Act as a technical escalation point for Customer Support, Underwriting, and Claims. Investigate queries related to exposed services, vulnerabilities, false positives, or disputed ownership. Provide technical input to improve processes, detection workflows, and cross-team knowledge sharing.
Maintain a high standard of customer service with professional, timely communication. Assist in tuning detection logic and improving vulnerability and exposure accuracy. Support continuous improvement of CTRL intelligence capabilities and processes.
Strong understanding of networking fundamentals, ports, protocols, and common services. Familiarity with cyber security concepts including CVE, CVSS, threat actor TTPs, exploitation lifecycle, and attack surfaces. Hands-on experience with internet scanning and exposure tools such as Shodan, Censys, LeakIX, and Nuclei. Ability to interpret DNS records, WHOIS data, HTTP headers, and OSINT artefacts. Skilled at translating complex technical issues into clear, customer-friendly language.