Vulnerability & Threat Assessment Specialist

 Jersey City, United States       Permanent contract        Security

Responsibilities

Day-to-Day Responsibilities:

  • Act as the main point of contact and expert in Vulnerability and Threat Assessment to the properties and network teams in order to offer solutions to new risks and threats
  • As the primary Subject Matter Expert in VTA, determine creative and cost-effective design solutions to challenging projects and initiative
  • Support the Security Engineering Team (GTS Security) and the Application Development Teams on their activities working directly with the applications, network, infrastructure, systems
  • Develop and oversee annual roadmaps of VTA initiatives to align with the InfoSec and business objectives/strategy
  • Oversee the discovery, evaluation, and implementation of vulnerability scanning, patch and configuration review, penetration testing, and malware detection solutions
  • Implement required VTA activities (e.g., penetration testing, threat modeling, security reviews and assessments) in a timely and high-quality fashion
  • Develop and manage detailed vulnerability reviews and assessments, malware detection and analysis, and patching and configuration reviews: (1) Assess potential damage of security flaws and assist in the implementation of corrective actions; (2) Identify, document, and report security issues and concerns to management; and (3) Monitor corrective actions and recommending cost-effective preventive measures to preclude recurrences
  • Review and sign-off on all recommendations on possible improvements resulting from the work performed as part of projects

Security Risk Management

  • Ensure that outstanding audit, assessment and regulatory findings and gaps are resolved timely
  • Assess and/or develop mitigation plans for identified threats/vulnerabilities in projects, applications, and systems
  • Provide technical risk assessments and evaluation for official sign-off or exception from standards when necessary
  • Monitor the effectiveness of corrective actions and recommend cost-effective preventive measures to preclude recurrences

Incident Management

  • Act as the VTA subject matter expert supporting Security Incident Response team(s)

Documentation, Reporting & Analytics

  • Contribute to the design and implementation of an operational reporting framework that will provide regular metrics and statistics about our business and IT environment; analyze trends in security events, activities, etc. to better understand risks, insufficiencies in our solutions, staffing shortages, etc.; report security metrics and statistics to the CISO and other key stakeholders such as the CTO
  • Provide subject matter expertise for all security exceptions that could negatively impact security risks and/or not adhere to established policies, standards, or procedures
  • Implement SOC requirements with regards to VTA metrics and ensure that metrics are gathered on a daily basis

Profile Required

Experience Needed:

  • 4-6 years related information security experience
  • Direct experience managing multi-faceted IT integration projects
  • Experience with current concepts in project risk assessment, metrics generation and analysis and risk management
  • Previous hands-on experience in an Information/Network Security Engineering role
  • Working knowledge of process engineering and technical requirements generation in the user environment

Educational Requirements:

  • Bachelor's degree or equivalent business experience in Computer Science, Business Management, or MIS required
  • Certified training in security management, risk and compliance solutions and practices. CISSP, CISA, CISM, GSEC, CRISC, or related certification(s) required

Technical Skills:         

  • Thorough knowledge of network and security architecture design concepts
  • Knowledge of underlying platform(s); prior experience working with interdependent platforms; working knowledge of standards and impact of non-standard approaches
  • Technical knowledge of business processes and procedures and underlying technical workings of system to support it
  • Ability to maximize system to support business processes, recommend and influence business process change to maximize use of system

Competencies:

  • Superior communications skills, both verbal and written

Business Insight

Data & Cyber Security (DCS) is globally responsible for securing and steering Information Security and Cybersecurity related risks for the Global Banking and Investor Solutions (GBIS) division and related Service Units. DCS is composed of diverse and talented professionals who translate ideas into action daily by combining the strength of its expertise with a deep understanding of GBIS and Service Unit needs.

 

The Vulnerability & Threat Assessment (VTA) Specialist for SG provides technical knowledge and expertise in security vulnerability management, including responsibility over security analysis, and security application packages related to vulnerability management; managing and overseeing the security infrastructure to maintain adequate levels of protection (patch management and anti-virus); managing configurations; performing landscape discovery to determine unauthorized changes and maintaining the health of all infrastructure tools and appliances. The VTA Specialist works closely with information security policy makers to ensure compliance with security policies.


We are an equal opportunities employer and we are proud to make diversity a strength for our company. Societe Generale is committed to recognizing and promoting all talents, regardless of their beliefs, age, disability, parental status, ethnic origin, nationality, sexual or gender identity, sexual orientation, membership of a political, religious, trade union or minority organisation, or any other characteristic that could be subject to discrimination.

Job code: 200002DF
Business unit: SG CIB
Starting date: 23/03/2020
Date of publication: 31/01/2020
Share on

Vulnerability & Threat Assessment Specialist

Permanent contract   |   Jersey City   |   Security