Cyber Operator
Location: Remote, preference will be given to candidates located in Orlando, FL, or Columbus, OH.
Compensation: $60,000- $70,000 per year, depending on experience and qualifications.
Employment Type: Full-Time
Travel: Less than 15% travel required for office visits, meetings, and other business needs.
What you can expect as the Cyber Operator at Fortress...
The Cyber Operator supports the day-to-day execution of vulnerability management workflows for a major client engagement, contributing across the full lifecycle of vulnerability monitoring, triage, remediation coordination, validation, and operational communications. This role partners with senior analysts and client stakeholders to identify emerging vulnerabilities, coordinate remediation activity, maintain accurate records within the vulnerability management platform, and translate technical activity into clear, audit-ready written deliverables for both technical and leadership audiences. It is a compelling opportunity for someone looking to build foundational expertise in vulnerability management and cybersecurity operations while developing the technical judgment, operational discipline, and communication skills needed to take on greater responsibility over time.
Responsibilities Include
- Support the day-to-day execution of vulnerability management processes in alignment with established workflows, timelines, and program standards.
- Monitor security advisories, vendor bulletins, threat feeds, and open-source intelligence sources to identify emerging vulnerabilities and CVE activity, escalating findings to senior analysts for triage and prioritization decisions.
- Review vulnerability scanner output, identify asset ownership using CMDB and enterprise asset management data, and assess and document vulnerability applicability across assigned business units or asset groups under senior analyst guidance; coordinate manual data collection or verification for assets and applications not covered by automated scanning.
- Create and manage remediation tickets within enterprise ITSM platforms; maintain remediation tracking cadences including follow-up activities, status updates, escalation logging, stakeholder communications, evidence validation, and post-remediation status to confirm closure criteria are met.
- Maintain accurate records within the vulnerability management platform, including status updates, communication logs, and documentation entries; assist with periodic data quality reviews to identify and flag inconsistencies for senior analyst review.
- Translate analyst findings and program activity into clear, audience-calibrated written deliverables — including leadership readouts, business-unit communications, remediation updates, post-validation summaries, and coordinated-response session readouts — within established turnaround expectations, including same-business-day delivery for high-severity vulnerability events when required.
- Own recurring reporting cadences including weekly remediation tracker updates, monthly leadership reports, executive-facing PowerPoint presentations, and related operational communications that communicate operational status, remediation progress, and risk themes clearly and concisely.
- Capture and organize meeting notes, action items, escalation details, and operational decisions during coordinated-response sessions, program meetings, team standups, and client meetings.
- Exercise editorial judgment when refining communications for clarity, tone, and audience alignment while escalating substantive technical-content changes for senior analyst review and documented approval; produce accurate, audit-ready documentation throughout the vulnerability management lifecycle.
- Assist with development and upkeep of templates, process documentation, dashboards, and operational guidance materials; develop familiarity with evolving vulnerability trends, enterprise security practices, and program workflows over time.
- Use AI-assisted tools responsibly to support research, drafting, summarization, and documentation tasks while maintaining human review and oversight for all outputs; support additional cybersecurity operational activities and projects as assigned.
- Other duties as assigned.
Minimum Qualifications
- 1–3 years of experience in cybersecurity, vulnerability management, IT operations, SOC operations, technical writing, communications, program support, or a related field; relevant internship experience, coursework, or completion of a cybersecurity boot camp will be considered.
- Working familiarity with cybersecurity concepts including vulnerabilities, patching, CVEs, CVSS scoring, and risk fundamentals; formal training or self-study accepted.
- Strong written and verbal communication skills, including the ability to produce clear, organized, audience-calibrated written deliverables and audit-ready documentation; proficiency with Microsoft Office tools including Word, Excel, PowerPoint, Outlook, and SharePoint.
- Strong organizational habits with attention to detail and reliable follow-through; ability to manage multiple ongoing workstreams and meet deadlines in a structured, fast-paced operational environment.
- Comfort working collaboratively with both technical and non-technical colleagues, with the willingness to learn new tools, platforms, and workflows and apply them consistently.
- Ability to leverage AI tools and independently use and refine prompts to enhance the quality, efficiency, and insight of regular work processes.
Preferred Skills
- Hands-on or coursework exposure to enterprise vulnerability scanning platforms (Tenable, Qualys, Rapid7, or similar) and enterprise ITSM or ticketing platforms (ServiceNow, Jira, or similar).
- Experience producing structured written deliverables, executive-facing presentations, or operational reports on a recurring schedule, including work alongside technical teams in a support, coordination, or communications capacity.
- Familiarity with SharePoint, Confluence, or similar collaboration and documentation platforms, and with Power BI, Tableau, or similar reporting and dashboard tools.
- Exposure to regulated industries such as utilities, energy, defense, healthcare, or financial services, including NERC-CIP environments.
- Cybersecurity-related certifications (CompTIA Security+, Network+, CySA+, or equivalent).
Education
- Associate’s degree or equivalent professional work experience required.
- Bachelor's Degree preferred
Employee Benefits:
- Competitive pay structure
- Medical, dental, vision plans with employees covered up to 90% with highly progressive options for dependents and families
- Company paid life, short- and long-term disability insurance
- Employee Assistance Program
- 401(k) match
- Flexible Paid Time Off
- Parental Leave
Employment Perks:
- We provide each employee with professional growth opportunities through succession planning, up-skilling, and certifications
- Tuition and certification reimbursement
- Employee Referral Programs
- Company Sponsored Events
Fortress is proud to be an Equal Opportunity Employer. All employees and applicants will receive consideration for employment without regard to age, color, disability, gender, national origin, race, religion, sexual orientation, gender identity, protected veteran status, or any other classification protected by federal, state, or local law. Fortress Information Security takes part in the E-Verify process for all new hires.
For positions located in the US, the following conditions apply. If you are made a conditional offer of employment, you will have to undergo a drug test. ADA Disclaimer: In developing this job description care was taken to include all competencies needed to successfully perform in this position. However, for Americans with Disabilities Act (ADA) purposes, the essential functions of the job may or may not have been described for purposes of ADA reasonable accommodation. All reasonable accommodation requests will be reviewed and evaluated on a case-by-case basis.
