Senior Vulnerability Remediation Analyst

Full Time
Cary, North Carolina
report a problem
Overview
The Vulnerability Remediation team is responsible for the aggregation, prioritization, and enabling the successful resolution, of findings from various ECS functions.
 
The Expertise we’re looking for
  • Bachelor degree in computer science, IT, IS or a related discipline
  • Specialist security training and certification an advantage, for example CISSP or SANS
  • 5+ yrs of experience in IT
  • 3+ yrs of experience in Information Security
  • Experience with Technology risk advisory, information security consulting or IT audit experience in large, complex environment
The Purpose of your role
  • To facilitate the remediation of flaws detected by security assessment teams
 
The Skills You Bring
  • Your knowledge of information security
  • Your knowledge of the security threat landscape, especially network and web-based threats
  • Your knowledge of Windows and / or Linux operating systems
  • Your knowledge of TCP/IP
  • Your knowledge of application and infrastructure security considerations, e.g. OWASP Top Ten
  • Your ability to conduct interviews with technologists and to communicate deficiencies to in a constructive fashion
  • Your knowledge of network, application, platform and database technologies and strong knowledge of InfoSec, Technology Risk and Infrastructure related processes
  • Your knowledge of related industry standards, frameworks and best practices, such as COBIT, SSAE16, ISO27001 including associated regulatory requirements
  • You have experience performing Risk assessments, Control assessments or Audits; working knowledge of Governance, Risk, and Compliance (GRC) tools, such as Archer or Open Pages is preferred
  • Your experience with cloud computing architectures and implementations is preferred
  • Your excellent communication skills and ability to work within a team environment
The Value You Deliver
  • Leading remediation efforts for penetration testing, secure code review, vulnerability detection and other security assessment program findings
  • Consulting with business partners, vendor managers, information security officers and risk management teams involved in hosting Fidelity data with external/third parties that provide critical technology services functions to the firm.
  • Meeting with developers to review application security findings and describe what is needed to address the security findings
  • Consulting with enterprise infrastructure management teams involved in hosting Fidelity data internally that provide critical technology services functions to the firm.
  • Participating in the planning and execution of assessments to ensure the level of controls meet or exceed that of the business requirements. 
  • Assisting Fidelity business units with understanding the risks associated with external/third party environments and recommend solutions to reduce or eliminate the risk
  • Preparing ad hoc finding reports for asset owners and information security officers/risk management teams.
How Your Work Impacts the Organization

This role will critical in collaborating with internal security assessment teams to aggregate findings; developing a methodology across functions to measure and prioritize risk ratings; develop a solution to present findings to system and application owners; and collaborate closely with business groups to remediate their findings in a timely manner.

Company Overview
 
At Fidelity, we are focused on making our financial expertise broadly accessible and effective in helping people live the lives they want. We are a privately held company that places a high degree of value in creating and nurturing a work environment that attracts the best talent and reflects our commitment to our associates. For information about working at Fidelity, visit FidelityCareers.com

 
Fidelity Investments is an equal opportunity employer.
 

Job:  Information Security/Risk
Primary Location:  US-NC-Cary
Schedule:  Full-time
Job Level:  Individual Contributor
Education Level:  Bachelor's Degree (±16 years)
Job Type:  Standard
Overtime Status:  Exempt
Travel
:  No


 
Fidelity Investments is an equal opportunity employer.
 



Share this job:

Fidelity Investments

Every someday needs a plan
At Fidelity, we are focused on making our financial expertise broadly accessible and effective in helping people live the lives they want— from the 23 million people investing their life savings, to the 20,000 businesses managing their employee benefits programs, to the10,000 advisors and institutions needing innovative technology solutions to invest their clients’ money. To do this well, as a privately held company, we place a high degree of value in nurturing a work environment that attracts the best talent and reflects our commitment to being an employer of choice. 
Visit Fidelity Investments's Social Media pages:
Company Industry: Financial Services
Company Type: Privately Held
Company Size: 10,001+