Security Analyst II (Attack Surface Management)
We are Lennar
Lennar is one of the nation's leading homebuilders, dedicated to making an impact and creating an extraordinary experience for their Homeowners, Communities, and Associates by building quality homes and providing exceptional customer service, giving back to the communities in which we work and live in, and fostering a culture of opportunity and growth for our Associates throughout their career. Lennar has been recognized as a Fortune 500® company and consistently ranked among the top homebuilders in the United States.
Join a Company that Empowers you to Build your Future
The Security Analyst II will play a key role in the Attack Surface Management (ASM) team, supporting the organization’s risk-first approach to cybersecurity. This position will focus on identifying, prioritizing, and reducing vulnerabilities, proactively hunting threats, and validating defenses through red/purple team exercises.
The analyst will collaborate with LTG, SOC/IR, GRC, and business units to deliver measurable risk reduction, improve detection and response capabilities, and support executive reporting. Depending on team needs, the analyst may take lead responsibilities in one or more of the following areas: Vulnerability Management, Threat Hunting, or Red Teaming.
A career with purpose.
A career built on making dreams come true.
A career built on building zero defect homes, cost management, and adherence to schedules.
Your Responsibilities on the Team
Vulnerability Management
Conduct continuous vulnerability scanning (internal and external) using Rapid7 and other tools.
Validate findings and prioritize vulnerabilities based on exploitability, business criticality, and external exposure.
Track remediation efforts with LTG/system owners and enforce SLA timelines.
Generate operational dashboards and executive reports translating technical findings into business risk.
Support the development of vulnerability management SOPs, playbooks, and automation integrations.
Threat Hunting
Conduct hypothesis-driven hunts using CrowdStrike, SIEM data, AD logs, and threat intelligence feeds.
Investigate stealthy attacker behaviors such as lateral movement, credential abuse, or persistence.
Develop new detection logic in collaboration with SOC/IR to improve defensive coverage.
Maintain hunt playbooks, documentation, and lessons learned.
Research attacker tactics using MITRE ATT&CK and enrich detection engineering.
Share findings with SOC/IR and provide business-impact-focused summaries to leadership.
Red Teaming & Purple Teaming
Plan and execute adversary emulation exercises aligned with MITRE ATT&CK.
Lead purple team exercises in collaboration with SOC/IR to validate detection and response.
Conduct controlled penetration testing of internal/external systems with a risk-first approach.
Document findings, track remediation with IT, and validate closure.
Research emerging adversary techniques and incorporate them into testing scenarios.
Translate red team results into business risk language for executives.
Requirements
Bachelor’s degree in Cybersecurity, Computer Science, or related field (or equivalent experience).
3+ years of experience in one or more of the following: Vulnerability Management, Threat Hunting, Penetration Testing, or Red Teaming.
Familiarity with security tools: Rapid7, CrowdStrike, SIEM platforms, and red team/offensive frameworks.
Knowledge of frameworks: CVSS, MITRE ATT&CK, threat intelligence feeds (CISA KEV, OTX, etc.).
Preferred certifications: OSCP, CRTO, GPEN, CISSP, or equivalent.
Physical & Office/Site Presence Requirements:
This is primarily a sedentary office position which requires the incumbent to have the ability to operate computer equipment, speak, hear, bend, stoop, reach, lift, and move and carry up to 25 lbs. Finger dexterity is necessary.
Additional Requirements
Strong technical aptitude and analytical mindset.
Excellent problem-solving and investigative skills.
Effective communication skills — ability to brief executives in business terms.
Strong collaboration with IT, SOC, and GRC teams.
Self-starter with the ability to balance competing deadlines.
Reliable, consistent, and punctual attendance required.
This description outlines the basic responsibilities and requirements for the position noted. This is not a comprehensive listing of all job duties of the Associates. Duties, responsibilities and activities may change at any time with or without notice.
Life at Lennar
At Lennar, we are committed to fostering a supportive and enriching environment for our Associates, offering a comprehensive array of benefits designed to enhance their well-being and professional growth. Our Associates have access to robust health insurance plans, including Medical, Dental, and Vision coverage, ensuring their health needs are well taken care of. Our 401(k) Retirement Plan, complete with a $1 for $1 Company Match up to 5%, helps secure their financial future, while Paid Parental Leave and an Associate Assistance Plan provide essential support during life's critical moments. To further support our Associates, we provide an Education Assistance Program and up to $30,000 in Adoption Assistance, underscoring our commitment to their diverse needs and aspirations. From the moment of hire, they can enjoy up to three weeks of vacation annually, alongside generous Holiday, Sick Leave, and Personal Day policies. Additionally, we offer a New Hire Referral Bonus Program, significant Home Purchase Discounts, and unique opportunities such as the Everyone’s Included Day. At Lennar, we believe in investing in our Associates, empowering them to thrive both personally and professionally. Lennar Associates will have access to these benefits as outlined by Lennar’s policies and applicable plan terms. Visit Lennartotalrewards.com to view our suite of benefits.
Join the fun and follow us on social media to see what's happening at our company, and don't forget to connect with us on Lennar: Overview | LinkedInhttps://www.linkedin.com/company/lennar/> for the latest job opportunities.
Lennar is an equal opportunity employer and complies with all applicable federal, state, and local fair employment practices laws.