Information System Security Anaylst, Assistant Vice President
Quincy , Massachusetts
October 20, 2017
Across the globe, institutional investors rely on us to help them manage risk, respond to challenges, and drive performance and profitability. We keep our clients at the heart of everything we do, and smart, engaged employees are essential to our continued success.
Our promise to maintain an environment where every employee feels valued and able to meet their full potential infuses our company values. It's also part of our commitment to inclusion, development and engagement, and corporate social responsibility. You'll have tools to help balance your professional and personal life, paid volunteer days, and access to employee networks that help you stay connected to what matters to you. Join us.
State Street is an Affirmative Action/ Equal Opportunity Employer/Vet/Disability.

Job Description
We are seeking a Security Engineer for Threat and Vulnerability Management to Engineer provides security oversight to State Street's global computing environment.
  • Responsible for configuring vulnerability assessment tools, as well as performing scans, researching and analyzing vulnerabilities, identifying relevant threats, corrective action recommendations, summarizing and reporting results.
  • Develops and validates baseline security configurations for operating systems, applications, and networking and telecommunications equipment.
  • Use automated tools to perform infrastructure vulnerability assessments, identify and resolve any false positive findings in assessment results.
  • Analyze results, identify patch changes and configuration changes needed to be applied.
  • Address vulnerabilities include system patching, deployment of specialized controls, code or infrastructure changes, and changes in build engineering processes.
  • Manage tracking and remediation of vulnerabilities by leveraging agreed-upon action plans and timelines with responsible technology partners and support teams.
  • Design and deliver actionable Information Security dashboards and scorecards.
  • Analyze data sources and recommend optimal data sources to provide relevant reporting.
  • Provide IT Governance metrics and reporting.
  • Review and coordinate changes to patching policies, procedures, standards, and audit work programs in a continuous improvement model.
  • Partner with stakeholders who own and support applications, IT infrastructure, and operations
  • Proactively identify and develop infrastructure standards that are based on industry-accepted best practices.
  • Partner with vendors that provide our infrastructure scanning capabilities and patch management platforms.
  • Participates on IT project teams ensuring application risk and security issues are identified and addressed.
  • Applying an advanced level of knowledge, while collaborates with business partners within the team to ensure alignment to risk and security policies, standards, and best practices.
  • Train engineering staff in the use of industry standard tools to conduct infrastructure scans on systems prior to being implemented in the environment.
  • Conduct risk assessments and evaluate products and process for use within the State Street environment.

Basic Qualifications
  • At least 5 + years of experience working as Linux and/or Windows system administrator.
  • At least 3 + years of IT experience working in threat and vulnerability management.
  • Possess one or more security or IT certification, CISSP, CCNA,CEH, GCIH, GPEN, GWAPT, OSCP
  • Display a passion for information security.
  • Experience working with vulnerability scanning tools Nessus, Qualys, Nexpose, etc.
  • Advanced understanding of operating system and application security, administration, and debugging.
  • Understanding of controls (e.g. access control, auditing, authentication, encryption, integrity, physical security, and application security).
  • Must be well versed in operating systems such as Linux as well as Windows environments, Active Directory, VPN systems, encryption schemas and algorithms, various authorization and authentication mechanisms/software, network monitoring and sniffing, TCP/IP networks and vulnerability and threat management tools (including network based scanners).
  • Experience with vulnerability scanners, vulnerability management systems, patch management, and host based security systems.
  • Demonstrable conceptual, analytical and innovative problem-solving and evaluative skills, an ability to conduct independent research and analysis, identifying issues, formulating options, and making conclusions and recommendations.
  • Strong ethics and understanding of ethics in business and information security
  • Proficient with Microsoft Office tools Excel, Word, Power Point, etc.
  • Proficient English language written and oral communication skills

Job Opening ID


Closing Statement
To apply to this position, follow the "apply now" link. To locate this position in our application page, please use the KEYWORD search functionality and insert either the State Street Job ID or the Location.

A little about us:
We hire veterans to help us transform--improve and innovate--the way we run our business to face industry challenges head-on.

Know someone who would be interested in this job? Share it with your network.