Security Analyst - Commercial Vulnerabilities

Security Analyst - Job Listing.png

Security Analyst - Commercial Vulnerabilities

New York, New York

July 31st 2019

POSITION DETAILS

Contract

Job Title: Security Analyst - Commercial Vulnerabilities

The candidate will be joining the Commercial Vulnerability Management team as a Security Analyst within the Firm's Technology Risk organization. The team is responsible for assessing reported vulnerabilities pertaining to commercial software products as to severity and relevance to the Client and assigning them to responsible technology owners for remediation. The team is responsible for reporting on all aspects of commercial vulnerability risk exposure for the Firm.

This analyst will join the Commercial Vulnerability Management team within the Technology Risk department. The team consists of six (four members in Montreal and two in New York City) with responsibility for daily analysis of CVEs relevant to technology products in use by the Firm.


REQUIREMENTS

Qualifications/Requirements:

  • Candidate needs to be proficient with CVSS scoring and have experience accounting for the existence of compensating controls to re-factor the score.

  • Candidate needs to be comfortable escalating vulnerabilities to the CISO and senior management level and initiating requests for immediate action and triage of critical severity items.

  • Analyst will be responsible for a segment of products associated with a particular (TBD) area of the technology organization and therefore needs to form strong relationships with technology owners in order to influence remediation priorities.

  • Performance of daily functions will require the ability to derive information from various related Splunk views and indexes.


PREFERRED QUALITIES

Desired Skills:

  • 2-3 years of technology experience with 1 or more years in a technology risk function

  • Strong understanding of cyber exploit techniques and CVSS scoring of vulnerabilities in an enterprise IT environment

  • Understanding of technology components, interaction between layers and services for applications and infrastructure

  • Experience with an enterprise reporting platform (Splunk preferred)

  • Strong organizational, communication, and professional skills


 
Print Friendly and PDF

Job ID: A2450