VMware Security Services Analyst

Spinnaker Support provides global enterprise software support, managed services, and project-based consulting to many of the world’s most recognized and respected brands. Founded in 2008, our customer focus, business integrity, exacting standards, and depth of expertise have earned us the trust and loyalty of over 1,300 organizations located in 104 countries. Our dedicated international team works closely with every customer to ensure they receive exceptional, customized services that clear the way for their operational success. Today, Spinnaker Support is proud to be the industry’s highest-rated provider for third-party software support services for Oracle, SAP and JD Edwards.

We have an immediate need for a Security Services Analyst based in the United States. This position can be based out of your home office. The Security Services Analyst will be responsible for developing and maintaining the operations of security products and offering within Spinnaker Support. This role will serve to define and deliver Spinnaker Support’s approach to security within the 3^rd party support and managed service markets.

This position requires a strong customer-facing skill and expertise in security architecture, vulnerability analysis, and vulnerability mitigation design.  This role is technology-focus, emphasizing on-premises data center security with focus on software supported by Spinnaker Support.  As part of the Spinnaker Support Security Services team, you will be responsible for providing guidance to clients on attack surface reduction strategies for VMware, Oracle and SAP environments.  You will work directly with clients to assess their security posture, design mitigation strategies, and provide expert guidance on secure architectures. You will play a critical role in helping organizations strengthen their security defenses while maintaining business agility.

This position requires a person with multiple years of hands-on technical expertise in designing and implementing secure architectures.  Preference will be given to those individuals that have demonstrated their expertise and commitment to understanding IT security and have obtained certificates such as Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), or Certified Information Systems Security Professional (CISSP).

Key Responsibilities

• Act as a trusted security advisor, engaging directly with clients to assess and improve their security posture, ensuring alignment with their business objectives, industry best practices and compliance standards.
• Work with clients to address identified vulnerabilities and attack vectors for on-premises data centers, VMware environments, and enterprise applications supported by Spinnaker Support.
• Develop and recommend mitigation strategies for identified security risks, including hardening configurations, access controls, and monitoring enhancements.
• Deliver technical presentations, reports, and security recommendations to both technical and executive stakeholders.
• Provide technical expertise in securing VMware environments, including ESXi hosts, vCenter, vSAN, and associated components as supported by Spinnaker.
• Assess and improve security controls for enterprise applications, particularly Oracle and SAP, ensuring compliance with security frameworks and best practices.
• Stay up to date with evolving cyber threats, attack techniques, and security technologies relevant to on-premises infrastructure.

Required Skills & Experience

• 4-6 years of experience in security consulting, architecture, or vulnerability management.
• Understanding of on-premises data center security, including network security, endpoint protection, and access management.
• Experience in securing VMware environments, including ESXi, vCenter, vSAN, and virtualization security best practices.
• Experience with security controls and hardening for Oracle or SAP systems is highly desirable.
• Knowledgeable of common vulnerabilities (CVE, OWASP, MITRE ATT&CK) and have the ability to develop mitigation strategies to address those vulnerabilities.
• Solid knowledge of the security architecture across multiple deployment platforms (network, firewall, computer, storage, database and application)
• Ability to communicate effectively with C-level executives, technical teams, and business stakeholders.
• Strong analytical and problem-solving skills, with the ability to work independently and in a team-oriented environment.
• Excellent communication skills and issue/project management skills
• Understanding of common network topologies and their application to security mitigation.
• Strong analytical skills with ability to understand and document details for complex solutions
• Solid organizational and consultative skills
• Goal oriented with high standards for quality and performance.

Preferred Qualifications

• Certifications such as CISSP, CEH, CISM, CCSP, VMware VCP-SEC, Oracle Certified Professional (OCP)
• Experience with cloud security principles (AWS, Azure, GCP) is a plus but not required.
• Prior consulting experience with security assessments, risk management, and compliance auditing.
• Familiarity with security frameworks and compliance standards such as NIST, CIS, Cyber Essentials, ISO 27001, PCI DSS, and GDPR.
• Firm understanding of SIEM, IDS/IPS, EDR solutions, and security monitoring.