Position Summary

Support senior cybersecurity staff in evaluating cybersecurity risks across commercial real estate (CRE) environments. Responsibilities include assisting with network security assessments, reviewing access controls, identifying common misconfigurations, running vulnerability scans, documenting networks/systems, and preparing clear reports. Scope spans both IT and OT (building systems such as BMS/BAS, HVAC, access control, CCTV).

Key Responsibilities

• Perform asset discovery and initial scans to identify hosts, services, and firmware versions (e.g., Nmap).
• Review firewalls, VPNs, and endpoint security to identify misconfigurations and vulnerabilities
• Evaluate switch/router configurations for proper segmentation
• Document current-state diagrams and asset inventories
• Assess BMS/BAS, IoT, and physical security systems for cyber risk with minimal disruption to operations.
• Identify common gaps (weak/default credentials, unpatched systems, outdated TLS, flat networks, exposed management interfaces, insecure vendor remote access).
• Support remediation by coordinating with IT teams, vendors, and property managers; verify fixes and retest critical findings.
• Prepare and maintain assessment artifacts: asset lists, risk-rated findings, evidence, compliance checklists, and client-ready reports.
• Track emerging threats and advisories relevant to smart buildings/IoT and CRE environments; summarize impact for the team.

Qualifications

Required

• Associate’s or Bachelor’s in Cybersecurity/IT (or 2+ years equivalent hands-on experience).
• Familiarity with core security technologies: Firewalls (e.g., Fortinet, Palo Alto), IAM/MFA (e.g., Entra ID/Azure AD), and EDR (e.g., SentinelOne).
• Intermediate networking: TCP/UDP, routing basics, Layer-3 switches, VPNs (IPsec/SSL), VLANs, ACLs, NAT, DHCP/DNS, Wi-Fi/WPA3.
• Working knowledge of Windows client/server; basic Linux familiarity.
• Strong documentation and communication skills; ability to translate technical findings into clear business impact.

Nice to Have

• Exposure to vulnerability management tooling and concepts.
• OT/IoT awareness: BACnet/Modbus basics, safety-first testing on live control networks, maintenance-window/change-control etiquette.
• Firewalls and platforms: Palo Alto, Fortinet, Check Point; switch stacks (Cisco Catalyst/Meraki, UniFi).
• Identity, privileged access, and remote access hygiene
• Endpoint and device management
• Scripting/automation
• Ticketing and knowledge tools (ServiceNow/Jira/Confluence); diagramming (Visio/draw.io).
• Familiarity with frameworks and benchmarks: NIST CSF 2.0, CIS Controls

Travel: Regular on-site visits to local properties (50%) with occasional out-of-area travel (5-10%)

Benefits

• Medical, dental, and vision insurance
• Life insurance
• Long-term disability
• Paid vacation
• Paid holidays
• Simple IRA (401K equivalent) for eligible employees
• Stocked snack bar
• Company-sponsored outings
• Fitness center onsite