Cyber Analyst Threat Exposure Management

We are looking for a Cyber Security Capability is defined as a fusion of people process and technology which is designed to achieve an effect on specified assets within a defined environment to deliver appropriate risk mitigation through operational controls.

Those Capabilities are comprised of teams working together to deliverthorough Frontline Cyber Ops services that encompass every aspect of operating processesand platform-provided capabilities ensuring seamless and efficient service operations throughout the entire lifecycle specifically designed to proactively defend Maersk against an ever-changing threat landscape. This role is for a Cyber Analyst specialising in Threat Exposure Management for AppSec and AI within the Identify Capability.

The Identify capability focusses on managing the attack surface and continually evaluating the accessibility exposure and exploitability of our environments and assets. This involves in supporting building and running all the services (technology people and process) to perform Threat Exposure Management along with responsibility for managing the output and working with stakeholders to close any discovered issues.

As part of the Identify capability within the Threat Exposure Management function the Cyber Analyst Threat Exposure Management has the responsibility for overseeing the continual evolution of the organisations threat exposure management lifecycle and reduction programmes within a given scope and reports to the Cyber Manager Threat Exposure Management. This role ensures that exposures across the Code Application and AI environments are proactively identified prioritised validated and remediated in alignment with business risk and operational resilience requirements.

The successful candidate must demonstrate a strong track record in performing in-depth technical assessments and delivering clear expert insights on identified vulnerabilities and exposures including validation prioritisation and contextual analysis. They will be responsible for helping to establish and refine best practices for threat exposure management and vulnerability management whilst effectively influencing stakeholders across the organisation. The role requires advanced technical expertise in exposure analysis and defensive and offensive security with the ability to lead detailed technical discussions and perform complex investigations across Identity technologies.

Key Responsibilities :

> Threat Exposure Management and Vulnerability Management

• Perform detailed analysis of vulnerabilities and exposures across the source-code repositories applications and AI/ML ecosystems attack surface.
• Support other attack surface technologies such as IT OT/ICS cloud environments containers applications identity systems data platforms.
• Execute the full exposure lifecycle including asset discovery authenticated scanning enumeration exploitability assessment enrichment and risk-based prioritisation.
• Maintain reliable integration and data quality across VM CTEM AppSec CSPM ASM/EASM and asset-inventory platforms to ensure complete and accurate attack-surface visibility.
• Collaborate with Threat Intelligence Red Team and Incident Response to validate exploit paths map findings to adversary TTPs and translate technical risks into clear remediation actions.
• Assess cloud code assets and AI/ML technologies for misconfigurations privilege issues insecure interfaces and emerging exposure patterns supporting timely remediation and control hardening.

> Operational Excellence & Quality Obsession

• Contribute to SOPs playbooks and continuous-improvement initiatives across VM and CTEM services ensuring processes are consistent repeatable and aligned with high-standards services and deliverables.
• Support optimisation of VM ASM/EASM CSPM CTEM and AppSec toolsets ensuring reliable coverage accurate data and high-fidelity results.
• Ensure high data-quality standards across exposure findings asset attribution prioritisation logic and reporting outputs.
• Collaborate effectively across Identity Respond Detect Protect Strategy Delivery Platform Engineering Threat Intelligence Architecture Risk Issues Engineers and Portfolio Cyber Leads to drive aligned timely remediation outcomes.

> Reporting Analytics & Metrics

• Support to produce accurate reporting and dashboards on vulnerabilities Critically Exposed Assets (CEAs) exposure windows burndown trends and remediation progress ensuring high data quality across all sources.
• Validate and maintain data integrity by troubleshooting attribution issues correcting inconsistencies across VM CTEM AppSec CSPM ASM/EASM and asset-inventory platforms.
• Analyse exposure patterns and metric trends to provide insights that support prioritisation operational decisions and continuous-improvement actions.
• Support leadership reporting by preparing inputs for scorecards deep dives and performance reviews while identifying opportunities to enhance KPIs and metric definitions.

We are looking for:

• 3-5 years of progressive experience in enterprise cyber security with demonstrable in-depth technical expertise across Threat Exposure Management Vulnerability Management Defensive and Offensive Security applied to Identity technologies whilst Application Security Cloud Security Data OT/ICS and AI/ML Security are beneficial.
• Experience must span large-scale heterogeneous environments with complex technology stacks. Certifications such as CISSP GIAC Microsoft Identity and Security IGA PAM are advantageous but equivalent hands-on technical capability advanced analytical proficiency and a strong record of continuous learning and practical security training are essential.
• Deep understanding of vulnerability classes exploit vectors configuration weaknesses and exposure patterns across Windows Linux network devices cloud services containers applications and OT/ICS systems.
• Strong ability to perform exploitability assessment correlate vulnerabilities with attacker behaviour (MITRE ATT&CK) and differentiate real risk from noise or false positives.
• Hands-on experience with VM/CTEM tooling and pipelines including but not limited to authenticated scanning asset discovery methods CSPM AppSec (SAST/SCA/DAST/IaC) ASM/EASM platforms passive/active enumeration and validating high-risk Critically Exposed Assets (CEAs).
• Strong capability to validate data accuracy match assets reconcile mismatches and ensure consistent exposure attribution and ability to analyse trend data identify anomalies and provide actionable insights.
• Strong knowledge of AD/Entra ID Kerberos NTLM PKI certificate chains CRLs/OCSP SPNs federation MFA and the ability to identify high-risk identity misconfigurations such as insecure trust relationships expired or weak certificates unconstrained delegation and stale privileges.
• Skilled in analysing identity attack paths identifying lateral movement privilege escalation token abuse SPN abuse mis-issued certificates and validating high-fidelity identity exposures including certificate-related attack vectors.
• Proficient in cloud and hybrid identity setups (Azure AD/Entra ADFS Azure AD Connect) including IAM roles service principals OAuth/OIDC flows certificate-based authentication SCIM provisioning and detection of identity drift sync failures or insecure connectors.
• Ability to identify cloud and DNS-related exposure paths such as dangling DNS records orphaned service endpoints misconfigured identity endpoints excessive cloud privileges insecure APIs and domain-federation weaknesses across CSPs such as Azure AWS and GCP.
• Knowledge of PAM/PAW JIT/JEA models IGA (SailPoint Saviynt) and Zero Trust identity principles with the ability to spot toxic privilege combinations entitlement sprawl and policy drift.
• Ability to correlate identity exposures with adversary TTPs credential abuse techniques Golden Ticket/SAML attacks and map identity weaknesses within wider attack paths across apps cloud and infrastructure.
• Knowledge of PAM/PAW JIT/JEA IGA platforms (SailPoint Saviynt) certificate lifecycle governance and Zero Trust identity principles with the ability to spot toxic privileges over-permissioned service accounts and unmanaged certificate trust chains.
• Ability to correlate identity exposures with adversary TTPs including certificate forgery (Golden Ticket Golden SAML forged smartcard auth) credential theft dangling DNS exploitation and map identity weaknesses into broader attack paths across infrastructure cloud and applications.

#LI-SS1

Maersk is committed to a diverse and inclusive workplace and we embrace different styles of thinking. Maersk is an equal opportunities employer and welcomes applicants without regard to race colour gender sex age religion creed national origin ancestry citizenship marital status sexual orientation physical or mental disability medical condition pregnancy or parental leave veteran status gender identity genetic information or any other characteristic protected by applicable law. We will consider qualified applicants with criminal histories in a manner consistent with all legal requirements.

We are happy to support your need for any adjustments during the application and hiring process. If you need special assistance or an accommodation to use our website apply for a position or to perform a job please contact us by emailing .