Core Level resource - 1-3 years of experience
Tracing our roots to 1928,Client is one of the world’s largest independent investment management firms. With over US$1.2 trillion in assets under management as of 30 June 2021, they serve as a trusted adviser to institutional clients and mutual fund sponsors in over 55 countries. Their innovative investment solutions are built on the strength of proprietary, independent research and span nearly all segments of the global capital markets, including equity, fixed income, multi-asset, and alternative strategies. As a private partnership whose sole business is investment management, their long-term views and interests are aligned with those of our clients.
As a Systems Engineer on the Threat and Vulnerability Management team, you'll be working with multiple teams across the company to assist in minimization of potential attack surfaces through aggressive vulnerability management and patching operations. You will work with IT and business partners to provide guidance on vulnerability management for both the on-premise and cloud-based assets. You will also play a key role in the delivery and reporting of critical metrics to application owners to facilitate remediation plans. The Threat and Vulnerability Management Team is looking for a flexible, motivated individual who is eager to make a big impact in this space.
DETAILED RESPONSIBILITIES INCLUDE:
• Review of both internal and open-source threat intelligence sources for recently disclosed vulnerabilities at risk of introduction into the Company environment.
• Perform assessments of the likelihood of exploitation and potential impact of vulnerabilities to determine the appropriate course of action to mitigate potential risk
• Track weekly vulnerability scan metrics and collaborate with the appropriate teams to provide technical guidance with remediation or mitigation plans based on findings from assessment tools.
• Enhance team capabilities by assisting with the development and implementation of new tools and processes, such as a vulnerability analytics system.
• Contribute to team documentation for updates to existing processes, new processes, assessment tool infrastructure details and workflows.
• Assist users with the integration and onboarding of binary code analysis tools.
• Stay up to date with current and relevant cyber security threats as well as any associated countermeasures NON-TECHNICAL QUALIFICATIONS
• BS degree in Information Systems/related discipline or equivalent IT work experience
• Strong analytical, decision-making, and investigative skills
• Ability to self-motivate, with an eagerness to dig into potential risks
• Ability to work with global teams effectively
o Excellent oral and written communication skills with a proven ability to effectively interact with teams representing a wide variety of technical disciplines.
• Ability to work in a team-oriented, fast–paced environment
• Aptitude to provide innovative solutions to problems
• Attentive to detail and self-disciplined
• A demonstrated interest in Cyber Security and a desire to stay current with the changing threat landscape and evolving attack techniques.
• Previous experience assessing, documenting, and communicating information security risk, particularly related to cyber vulnerabilities is preferred
• Strong interest in public cloud/hybrid models, with previous experience preferable
• Foundational knowledge in the areas of network architecture and engineering and software application development
• Foundational knowledge of threat intelligence feeds and resources
• Working knowledge of vulnerability scanning software/hardware
• Preferred: Scripting experience
• Preferred: Working knowledge of Amazon AWS services
• Familiarity with Amazon Inspector is a plus