Previous Job
Vulnerability Management Analyst
Ref No.: 18-01171
Location: Florham Park, New Jersey
Job Description:
Join the growing team chartered with executing the cyber security vulnerability management and penetration testing program within the firm. Analysts are responsible for:
  • Helping to develop the firm's next generation vulnerability management program including formalized assessment criteria, integration with asset inventory, enterprise vulnerability scanning, and remediation tracking and governance.
  • Documenting and implementing an enhanced penetration testing program to cover testing of application and infrastructure systems for security vulnerabilities
  • Developing innovate security testing to mimic advanced persistent threat techniques and blended threats including social engineering, physical access gaps
  • Developing program quality metrics as both program performance indicators and enterprise risk indicators
  • Assessing publicly and privately announced security vulnerabilities to determine the risk based on severity, threat likelihood and firm impact.
  • Operate the firm's vulnerability scanning program using industry standard tools for scanning and reporting application and infrastructure vulnerabilities
  • Manage the firm's penetration testing program by leveraging both in house staff and vendor expertise to identify weaknesses in technology, people or process.
  • Develop and use cyber red team strategies for testing organizational security posture
  • Leverage firm inventory and patch management systems to provide reporting and governance for vulnerability impact and remediation progress
  • Integrate findings across infrastructure, web application, and static code security testing to provide a holistic security posture for assets

  • Bachelor's degree in computer science or a related discipline, or equivalent work experience required, advanced degree preferred. Industry certifications such as CISSP or GCIH a plus.
  • 8-10 years of experience in information security or related technology experience required, experience in the securities or financial services industry is a plus.
  • Minimum five years of cyber security and vulnerability management or penetration testing experience
  • Experience in deploying and operating vulnerability scanning infrastructure and services
  • Previous hands on experience in application or network penetration testing
  • Strong knowledge industry standards regarding vulnerability management including Common Vulnerabilities and Exposures (CVE), Common Vulnerability Scoring System (CVSS) and Open Web Application Security Project (OWASP)
  • Strong knowledge of technology and security topics including network security, wireless security, application security, infrastructure hardening and security baselines, web server and database security
  • Strong verbal and written communication skills.
  • US Government Security Clearance a plus