Cyber Analyst - Threat Exposure Management (AppSec & AI)
Maersk · India, Bengaluru, 560064
Maersk · India, Bengaluru, 560064
A Cyber Security Capability is defined as a fusion of people, process and technology which is designed to achieve an effect on specified assets within a defined environment to deliver appropriate risk mitigation through operational controls. Those Capabilities are comprised of teams working together to deliver thorough Frontline Cyber Ops services that encompass every aspect of operating processes and platform-provided capabilities, ensuring seamless and efficient service operations throughout the entire lifecycle, specifically designed to proactively defend Maersk against an ever-changing threat landscape. This role is for a Cyber Analyst specialising in Threat Exposure Management for AppSec and AI within the ‘Identify’ Capability. The ‘Identify’ capability focusses on managing the attack surface and continually evaluating the accessibility, exposure, and exploitability of our environments and assets. This involves in supporting building and running all the services (technology, people and process) to perform Threat Exposure Management along with responsibility for managing the output and working with stakeholders to close any discovered issues. As part of the ‘Identify’ capability within the Threat Exposure Management function, the Cyber Analyst – Threat Exposure Management has the responsibility for overseeing the continual evolution of the organisation’s threat exposure management lifecycle and reduction programmes within a given scope, and reports to the Cyber Manager – Threat Exposure Management. This role ensures that exposures across the Code, Application and AI environments are proactively identified, prioritised, validated, and remediated in alignment with business risk and operational resilience requirements. The successful candidate must demonstrate a strong track record in performing in-depth technical assessments, and delivering clear, expert insights on identified vulnerabilities and exposures, including validation, prioritisation, and contextual analysis. They will be responsible for helping to establish and refine best practices for threat exposure management and vulnerability management, whilst effectively influencing stakeholders across the organisation. The role requires advanced technical expertise in exposure analysis and defensive and offensive security, with the ability to lead detailed technical discussions and perform complex investigations across Identity technologies. Professional Background 3-5+ years of progressive experience in enterprise cyber security with demonstrable in-depth technical expertise across Threat Exposure Management, Vulnerability Management, Defensive and Offensive Security applied to Identity technologies, whilst Application Security, Cloud Security, Data, OT/ICS, and AI/ML Security are beneficial. Experience must span large-scale, heterogeneous environments with complex technology stacks. Certifications such as CISSP, GIAC, Microsoft Identity and Security, IGA, PAM are advantageous, but equivalent hands-on technical capability, advanced analytical proficiency, and a strong record of continuous learning and practical security training are essential. Vulnerability & Exposure Analysis • · Deep understanding of vulnerability classes, exploit vectors, configuration weaknesses, and exposure patterns across Windows, Linux, network devices, cloud services, containers, applications, and OT/ICS systems. • · Strong ability to perform exploitability assessment, correlate vulnerabilities with attacker behaviour (MITRE ATT&CK), and differentiate real risk from noise or false positives. • · Hands-on experience with VM/CTEM tooling and pipelines, including, but not limited to authenticated scanning, asset discovery methods, CSPM, AppSec (SAST/SCA/DAST/IaC), ASM/EASM platforms, passive/active enumeration and validating high-risk Critically Exposed Assets (CEAs). • · Strong capability to validate data accuracy, match assets, reconcile mismatches, and ensure consistent exposure attribution and ability to analyse trend data, identify anomalies, and provide actionable insights. Identity & Directory Exposure • · Strong knowledge of AD/Entra ID, Kerberos, NTLM, PKI, certificate chains, CRLs/OCSP, SPNs, federation, MFA, and the ability to identify high-risk identity misconfigurations such as insecure trust relationships, expired or weak certificates, unconstrained delegation, and stale privileges. • · Skilled in analysing identity attack paths, identifying lateral movement, privilege escalation, token abuse, SPN abuse, mis-issued certificates, and validating high-fidelity identity exposures including certificate-related attack vectors. Cloud & Hybrid Identity Exposure • · Proficient in cloud and hybrid identity setups (Azure AD/Entra, ADFS, Azure AD Connect) including IAM roles, service principals, OAuth/OIDC flows, certificate-based authentication, SCIM provisioning, and detection of identity drift, sync failures, or insecure connectors. • · Ability to identify cloud and DNS-related exposure paths such as dangling DNS records, orphaned service endpoints, misconfigured identity endpoints, excessive cloud privileges, insecure APIs, and domain-federation weaknesses across CSPs such as, Azure, AWS, and GCP. Privileged Access & Threat-Led Analysis • · Knowledge of PAM/PAW, JIT/JEA models, IGA (SailPoint, Saviynt), and Zero Trust identity principles, with the ability to spot toxic privilege combinations, entitlement sprawl, and policy drift. • · Ability to correlate identity exposures with adversary TTPs, credential abuse techniques, Golden Ticket/SAML attacks, a