Information System Security Anaylst, Assistant Vice President
Location:
Quincy , Massachusetts
Posted:
December 14, 2017
Reference:
166705
We are seeking a Security Engineer for Threat and Vulnerability Management to Engineer provides security oversight to State Street's global computing environment.
Responsibilities:
    \t
  • \t\tResponsible for configuring vulnerability assessment tools as well as performing scans researching and analyzing vulnerabilities identifying relevant threats corrective action recommendations summarizing and reporting results.
  • \t
  • \t\tDevelops and validates baseline security configurations for operating systems applications and networking and telecommunications equipment.
  • \t
  • \t\tUse automated tools to perform infrastructure vulnerability assessments identify and resolve any false positive findings in assessment results.
  • \t
  • \t\tAnalyze results identify patch changes and configuration changes needed to be applied.
  • \t
  • \t\tAddress vulnerabilities include system patching deployment of specialized controls code or infrastructure changes and changes in build engineering processes.
  • \t
  • \t\tManage tracking and remediation of vulnerabilities by leveraging agreed-upon action plans and timelines with responsible technology partners and support teams.
  • \t
  • \t\tDesign and deliver actionable Information Security dashboards and scorecards.
  • \t
  • \t\tAnalyze data sources and recommend optimal data sources to provide relevant reporting.
  • \t
  • \t\tProvide IT Governance metrics and reporting.
  • \t
  • \t\tReview and coordinate changes to patching policies procedures standards and audit work programs in a continuous improvement model.
  • \t
  • \t\tPartner with stakeholders who own and support applications IT infrastructure and operations
  • \t
  • \t\tProactively identify and develop infrastructure standards that are based on industry-accepted best practices.
  • \t
  • \t\tPartner with vendors that provide our infrastructure scanning capabilities and patch management platforms.
  • \t
  • \t\tParticipates on IT project teams ensuring application risk and security issues are identified and addressed.
  • \t
  • \t\tApplying an advanced level of knowledge while collaborates with business partners within the team to ensure alignment to risk and security policies standards and best practices.
  • \t
  • \t\tTrain engineering staff in the use of industry standard tools to conduct infrastructure scans on systems prior to being implemented in the environment.
  • \t
  • \t\tConduct risk assessments and evaluate products and process for use within the State Street environment.
Basic Qualifications
    \t
  • \t\tAt least 5 + years of experience working as Linux and/or Windows system administrator.
  • \t
  • \t\tAt least 3 + years of IT experience working in threat and vulnerability management.
  • \t
  • \t\tPossess one or more security or IT certification CISSP CCNACEH GCIH GPEN GWAPT OSCP
  • \t
  • \t\tDisplay a passion for information security.
  • \t
  • \t\tExperience working with vulnerability scanning tools Nessus Qualys Nexpose etc.
  • \t
  • \t\tAdvanced understanding of operating system and application security administration and debugging.
  • \t
  • \t\tUnderstanding of controls (e.g. access control auditing authentication encryption integrity physical security and application security).
  • \t
  • \t\tMust be well versed in operating systems such as Linux as well as Windows environments Active Directory VPN systems encryption schemas and algorithms various authorization and authentication mechanisms/software network monitoring and sniffing TCP/IP networks and vulnerability and threat management tools (including network based scanners).
  • \t
  • \t\tExperience with vulnerability scanners vulnerability management systems patch management and host based security systems.
  • \t
  • \t\tDemonstrable conceptual analytical and innovative problem-solving and evaluative skills an ability to conduct independent research and analysis identifying issues formulating options and making conclusions and recommendations.
  • \t
  • \t\tStrong ethics and understanding of ethics in business and information security
  • \t
  • \t\tProficient with Microsoft Office tools Excel Word Power Point etc.
  • \t
  • \t\tProficient English language written and oral communication skills

A little about us:
We hire veterans to help us transform--improve and innovate--the way we run our business to face industry challenges head-on.

Know someone who would be interested in this job? Share it with your network.