Information Security Engineer - Vulnerability Management III

Responsible for performing all functions required to support day-to-day data security operations and accountable for security and networking infrastructure component availability and integrity, monitoring compliance with IT security policy, and coordinating investigation and reporting of security incidents.

Primary Responsibilities:

Define, deliver, and support enterprise security tools and architecture in collaboration with other teams.

Enhance the Bank's network vulnerability management program for in-scope subsidiaries and affiliates.

Define security environments and lead the implementation and onboarding of new applications, programs, processes, projects, and initiatives into the Enterprise Vulnerability Management Program.

Communicate, escalate, support, and guide the resolution of open vulnerabilities, including infrastructure, application security, and configuration management vulnerabilities.

Conduct security research on threats and remediation techniques/technology, make recommendations to IS/IT teams, and oversee their implementation.

Proactively monitor and investigate security alerts from managed security service providers and in-house security tools.

Conduct risk assessments to evaluate the effectiveness of existing controls and determine the impact of proposed changes to business processes, applications, and systems.

Support ad hoc requests for reporting and control evidence, as needed.

Perform threat analysis and incident response by interpreting events.

Support the Bank's operational information security responsibilities, including developing and maintaining standards, procedures, and guidelines for the Enterprise Vulnerability Management Program.

Share knowledge and industry best practices with team members.

Serve as a security engineer/consultant on projects.

Excellent communication and presentation skills, and a proven background of presenting to senior leaders, large groups, etc. on relevant matters pertaining to large projects and impacting key functionality.

Lead and Implementation Experience

Performing referral to principle

proven consistent experience in vulnerability management, security engineering, security consulting etc

Proven experience with proactive threat management, research, escalation, discovery etc.

Security

Solid understanding of popular security tooling and understanding of security architecture/interconnectedness of processes and tooling.

Nice To Have

CISSP, CISA, CISM, AWS Solutions Architect certifications

GRC/audit management experience

Scripting/automation experience - python preferred

Solid proven experience with tooling such as Qualys, Brinqa, Archer, ServiceNOW, Checkmarx, Prisma (and any AWS experience is great as well)

Competitive base salary

Medical, dental, and vision insurance coverage

Optional life and disability insurance provided

401(k) with a company match and optional profit sharing

Paid vacation time

Paid Bench time