A career at New York Life offers many opportunities. To be part of a growing and successful business. To reach your full potential, whatever your specialty. Above all, to make a difference in the world by helping people achieve financial security. It's a career journey you can be proud of, and you'll find plenty of support along the way. Our development programs range from skill-building to management training, and we value our diverse and inclusive workplace where all voices can be heard. Recognized as one of Fortune's World's Most Admired Companies, New York Life is committed to improving local communities through a culture of employee giving and service, supported by our Foundation . It all adds up to a rewarding career at a company where doing right by our customers is part of who we are, as a mutual company without outside shareholders. We invite you to bring your talents to New York Life, so we can continue to help families and businesses "Be Good At Life." To learn more, please visit LinkedIn , our Newsroom and the Careers page of www.NewYorkLife.com .
New York Life is seeking a Vulnerability Management Analyst who will ensure continuous vulnerability life cycle management within the corporate environment; including but not limited to; monitoring, collection, reporting, and assessment of impact for vulnerability related data from vendors and internal threat intelligence sources.Responsibilities
Vulnerability management analyst across the following key areas at New York Life (but not limited to): Microsoft platform (e.g.; Server, Workstation, applications), Open Systems platforms (e.g.; Linux, UNIX, VM Ware ESX), Java, Adobe, Web Applications, Java web app virtualization platforms (e.g.; WebSphere), Networking, Databases (e.g.; Oracle, SQL Server, DB2, etc), and others.
- Understands and advises on enterprise policies and technical standards with specific regard to vulnerability management and secure configuration.
- Able to successfully partner with other security and IT infrastructure professionals to assess potential impact from vulnerabilities specific to New York Life's environment and determine appropriate mitigating controls.
- Work with industry standard tools as well as learn new innovative solutions
- Work with and manage 3rd party service providers
- Identify and recommend appropriate measures to manage and remediate vulnerabilities with the focus on reducing potential impacts on information resources to a level acceptable by New York Life.
- Build strong partnerships with technical teams to promote best practices for managing vulnerabilities in an agile manner; across traditional infrastructure and in cloud environments.
- Ability to fully understand business requirements and work with business partners to define appropriate solutions; meeting both security mandates and business needs.
- Be a champion for vulnerability management and information security; including broadening awareness, use of the team's services and education of security best practices.
- Provide mentorship and support to teammates with regard to vulnerability assessment and mitigation techniques and approaches.
- Using a risk-based approach, analyze New York Life vulnerability data against open / closed information sources to best prioritize vulnerability hygiene activities.
- Develop and improve KPIs, metrics, and trend analysis for vulnerability management functions.
General Experience, Education and Professional Certifications:
- Familiar with industry standard security best practices and vulnerability management processes; including vulnerability management standards and regulatory compliance reporting
- Experience with vulnerability scanning tools (Qualys preferred) and other vulnerability and risk management reporting platforms (RiskSense Preferred).
- Demonstrate knowledge of IT security / hardening best practices; including but not limited to operating systems (e.g.; Windows, Unix, Linux), web applications, and network devices.
- Demonstrated knowledge of networking concepts and devices (Firewalls, Routers, Switches, Load Balancers, etc)
- Excellent analytical and problem-solving skills.
- Demonstrated ability to participate in cross functional teams; including offsite, remote and with offshore resources.
- Experience working in very large enterprise environment with diverse teams.
- Effective written, verbal communication skills. Ability to tailor communication style to audience at hand and to effectively communicate with technical and non-technical resources.
- Self-directed, works with minimal guidance, and recognizes when guidance needed.
- Demonstrated ability to stay contemporary with the evolving security technology space.
Knowledge of NY DFS, NIST, COBIT, PCI, HIPAA, ISO, and other control frameworks.
- CISSP, GCIH, GPEN, or other acceptable industry certifications preferred.
- Minimum 3-5 years of operational experience in IT Security
- BA/BS Degree in Engineering, Computer Science, or equivalent experience in Cyber Security and Engineering.
- Preferred: CompTIA Security+, SSCP, or similar certifications
Lebanon, NJ preferredType of Position :
Corporate Technology / InfrastructureHiring Manager:
Christopher CurryFunctional Area:
Technology Security Operations
If you have difficulty using or interacting with any portions of this Web site due to incompatibility with an Assistive Technology, if you need the information in an alternative format, or if you have suggestions on how we can make this site more accessible, please contact us at: (212) 576-5811.