Technical Specialist - Vulnerability Management - [B255]

Technical Specialist - Vulnerability Management - [B255]

22 Dec
Fidelity International

22 Dec

Fidelity International


Job Description

The global cybersecurity & Information security (GCIS) department is a part of the Global Technology department. The Technology function provides IT services to the Fidelity International business, globally. These include the development and support of business applications that underpin our revenue, operational, compliance, finance, legal, and marketing and customer service functions. The broader organisation incorporates Infrastructure services that the firm relies on to operate on a day to day basis including data centre, networks, proximity services, security, voice, incident management and remediation.

Global cybersecurity & Information security (GCIS) is responsible for:

Cyber Security:

Protecting the Technology Environment from internal and external security threats,

Application Security (through secure coding practices, penetration testing, and developer training)

Centralised Access Management working to principles of least privilege, access appropriate to role, and Role Based Access Control Security Assurance & Compliance

Infrastructure Security

Vulnerability Management

Security Engineering and Architecture

IAM Product working on engineering, supporting & implementing new IAM solutions providing security controls in products like Identity governance & administration, Privileged access management, PKI and Enterprise directory services.

Cyber Defence Operations

Purpose of your role

The global IT Security group consists of Identity & Access Management, Assurance & Compliance, Vulnerability Management Application Security, Cyber Defence Operations (CDO), and Security Application Support & Engineering, and is present across various locations - UK, Dublin, India, and Asia-Pacific.

The role will be an individual contributor in Vulnerability Management team. The individual will address vulnerabilities found through remediation recommendations, Vulnerability Alerts and Vulnerability Bulletins. Performs risk analysis and facilitates risk discussions for cross functional teams. Provides consultative services to a broad range of internal business leaders on risk and IT security to determine current and target risk levels. Assist with developing remediation plans. Monitor progress of agreed upon remediation plans. This task area requires technical knowledge in computer network theory, IT standards and protocols, as well as an understanding of the lifecycle of cyberspace threats, attack vectors, and methods of exploitation.

Key accountabilities

Elevate - capability Define, update, publicize and ensure adherence to the VM policies & standards

Conduct open source research to identify and analyze known and unknown vulnerabilities

Continuously expand and rationalize the vulnerability scan coverage.

Deliver - efficiently Triage, prioritize Identify and draft mitigation guidance for vulnerabilities

Triage publicly disclosed vulnerabilities of vendor software/hardware products

Develop remediation plan along with platform and application teams and monitor progress of agreed plans.

Analyze known issues with vendor fixes and contact vendor for defined and attainable solution

Consult to range of internal business leaders on risk and IT security to determine current and target risk levels.

Engage - productively Work with platform / application teams at regular basis to increase sensitivity for addressing vulnerabilities

Work proactively with IT Infrastructure partners with respect to strategic and tactical plans

Communicate with Subject Matter Experts to determine expected impact and likelihood of loss events

Produce reports and dashboards that are easy to understand and identify actions.

Skills and experience

Must Have

Knowledge in computer network theory, Network data flows, ports, IT standards and protocols. Understanding of lifecycle of cyberspace threats, attack vectors, OWASP and exploitation methods.

Knowledge of and experience with applying Common Weakness Enumeration (CWE), Common Vulnerability Scoring System (CVSS), Common Vulnerabilities and Exposures (CVE and Open Web Application Security Project (OWASP) processes and remediation recommendations.

Bachelors degree in Computer Sciences or related field or equivalent experience.

5 years of solid, diverse experience in cyber security vulnerability assessments, or equivalent combination of education and work experience.

Hands on experience with security technologies, including vulnerability scanning tools (i.e. Nexpose, InsightVM etc.).

Tactically guide the Vulnerability Management (VM) Plan, to coordinate, monitor and support activities in the areas of the VM program, security patch and remediation management.

Facilitate and coordinate vulnerability assessment and scanning, reviews of assessment results, patching, and remediation activities related to workstations, servers, storage, databases, appliances, web applications and network devices.

Provide reporting and analysis and follow up.

Provide vulnerability analysis and produce reports for management.

Experience in defining endpoint, network device & server hardening best practices.

Analyze assessment results and threat feeds to properly react to security weaknesses or vulnerabilities.

Prepare and maintain technical documentation of VM program including requirements, architecture designs, network topology, applications and application security designs.

Collaborate on and provide VM results and metrics for consistent reporting for governance purposes; collaborate and coordinate remediation plans and activities.

Good to have:

Excellent communication skills and problem-solving ability

Certification such as CISSP, CRISC, CISM, CEH

The original job offer can be found in Kit Job:

Reply to this offer

Impress this employer describing Your skills and abilities, fill out the form below and leave Your personal touch in the presentation letter.

Subscribe to this job alert:
Enter Your E-mail address to receive the latest job offers for: technical specialist - vulnerability management - [b255]
Publish a new Free Offer
Need to publish an offer? With more than 1 million unique users per month, you will find the ideal candidate for your company instantly, what are you waiting for!
Publish Now

Subscribe to this job alert