Responsibilities
Finastra’s Vulnerability Management team is the primary resource for identifying, classifying, aggregating, and mitigating cyber threats to the organization. You will have a crucial role in closing security gaps and preventing cyber-attacks on the enterprise network. You will be agile, willing to learn, and able to think outside of the box in order to operate effectively in a dynamic threat landscape. You will have the opportunity to work with cutting-edge security tools to identify vulnerabilities for Finastra and our customers.
Responsibilities of the Vulnerability Analyst include:
- Primary point of contact for status and reporting of vulnerabilities across multiple platforms and stakeholders.
- Manage and maintain scan and reporting schedules in a changing environment with aggressive deployment schedules.
- Research new vulnerabilities as they are uncovered and provide guidance on urgency, best practices, and mitigation techniques.
- Assemble stakeholder teams to remediate high-priority vulnerabilities rapidly.
- Work closely with technology and business stakeholders to ensure remediation activities comply with corporate policies and standards.
- Provide metric reporting on scanner tools for senior management visibility.
- Provide evidence of scanning activities for compliance with regulators or auditors.
- Support and administration of security tools and platforms in diverse, cloud-based, and on-premises environments.
- Work with CMDB and Network Infrastructure teams to ensure we are always scanning all internal and external network surfaces.
- Build strong partnerships with other teams.
Knowledge / Skills Required
- Excellent understanding of the Vulnerability Management Lifecycle.
- Good understanding of server-client computing environments.
- Hands-on server troubleshooting experience.
- Strong understanding of firewall concepts, security, and the risk-based approach to security.
- Knowledge of Information Security technologies and solutions.
- Excellent written and verbal communication skills, along with the ability to absorb and present large amounts of detail through various forms of communication to any level of Business Users, IT Management, or technical roles.
- Demonstrated analytical, problem-solving, planning, organizational, time management, interpersonal, critical thinking, and risk assessment skills
Qualifications Desired
- 3 years of combined experience in information security, information technology and related services and management.
- Working knowledge of vulnerability scanning tools (Qualys, Rapid7, Nessus, or other)
- Strong understanding of web application and network infrastructure cyber security risks.
- Knowledge of networking concepts, TCP/UDP protocols, Linux or Windows system administration, and security architecture.
- Knowledge of Firewalls, WAF, Load Balancers, and segmented networks.
- Excellent verbal and written communication skills.
- Strong troubleshooting skills.
- Ability to work well both independently and in a highly collaborative environment.
- Ability to manage multiple priorities in a high-pressure environment.
- Effective organizational skills.
- Cybersecurity experience in the financial industry.
- Some Python or other programing language a plus.
Education/Certifications
- A bachelor's degree from an accredited college or university or equivalent experience is preferred but not required. A degree in Computer Science, Computer/Data Systems Management, or a related field or discipline is preferred but not required.
- Certification in one or more of the following areas is desired but not required: Certified Information Security Professional (CISSP), Offensive Security Certified Professional (OSCP), Certified Ethical Hacker (CEH), CompTIA Pentest+, CompTIA Security+, CompTIA CySA+, Cisco CCNA, SANS GIAC.
