Senior Vulnerability Remediation Analyst
- Bachelor degree in computer science, IT, IS or a related discipline
- Specialist security training and certification an advantage, for example CISSP or SANS
- 5+ yrs of experience in IT
- 3+ yrs of experience in Information Security
- Experience with Technology risk advisory, information security consulting or IT audit experience in large, complex environment
- To facilitate the remediation of flaws detected by security assessment teams
- Your knowledge of information security
- Your knowledge of the security threat landscape, especially network and web-based threats
- Your knowledge of Windows and / or Linux operating systems
- Your knowledge of TCP/IP
- Your knowledge of application and infrastructure security considerations, e.g. OWASP Top Ten
- Your ability to conduct interviews with technologists and to communicate deficiencies to in a constructive fashion
- Your knowledge of network, application, platform and database technologies and strong knowledge of InfoSec, Technology Risk and Infrastructure related processes
- Your knowledge of related industry standards, frameworks and best practices, such as COBIT, SSAE16, ISO27001 including associated regulatory requirements
- You have experience performing Risk assessments, Control assessments or Audits; working knowledge of Governance, Risk, and Compliance (GRC) tools, such as Archer or Open Pages is preferred
- Your experience with cloud computing architectures and implementations is preferred
- Your excellent communication skills and ability to work within a team environment
- Leading remediation efforts for penetration testing, secure code review, vulnerability detection and other security assessment program findings
- Consulting with business partners, vendor managers, information security officers and risk management teams involved in hosting Fidelity data with external/third parties that provide critical technology services functions to the firm.
- Meeting with developers to review application security findings and describe what is needed to address the security findings
- Consulting with enterprise infrastructure management teams involved in hosting Fidelity data internally that provide critical technology services functions to the firm.
- Participating in the planning and execution of assessments to ensure the level of controls meet or exceed that of the business requirements.
- Assisting Fidelity business units with understanding the risks associated with external/third party environments and recommend solutions to reduce or eliminate the risk
- Preparing ad hoc finding reports for asset owners and information security officers/risk management teams.
This role will critical in collaborating with internal security assessment teams to aggregate findings; developing a methodology across functions to measure and prioritize risk ratings; develop a solution to present findings to system and application owners; and collaborate closely with business groups to remediate their findings in a timely manner.
Job: Information Security/Risk
Primary Location: US-NC-Cary
Job Level: Individual Contributor
Education Level: Bachelor's Degree (±16 years)
Job Type: Standard
Overtime Status: Exempt
Company Type: Privately Held
Company Size: 10,001+