Security Engineer/Vulnerability Management
Security Engineer/Vulnerability Management
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Not Disclosed
Salary Not Disclosed
1 Vacancy
Job Description
Title: Security Engineer/Vulnerability Management
Location: Hybrid/NYC or Troy MI
We are seeking an experienced IT Security Engineer with a strong understanding of vulnerability management risk assessment and security best practices within the banking sector. The ideal candidate will have hands-on experience in identifying analyzing and remediating vulnerabilities in critical banking systems and applications. The role demands proficiency in security tools methodologies and regulatory compliance standards. The Security Engineer will work closely with internal teams to ensure the bank s infrastructure applications and services remain secure against evolving threats.
Key Responsibilities:
- Vulnerability Management & Remediation:
- Identify assess and prioritize security vulnerabilities in banking applications network infrastructure and IT systems.
- Work with development and infrastructure teams to remediate vulnerabilities and weaknesses in a timely manner minimizing security risks.
- Develop and implement vulnerability management programs including regular vulnerability scans and patching processes.
- Maintain and manage tools such as Nessus Qualys or similar vulnerability management platforms to ensure the detection of security flaws.
- Security Monitoring & Incident Response:
- Monitor and analyze security logs alerts and events to identify potential security incidents leveraging SIEM tools (e.g. Splunk ArcSight QRadar).
- Investigate respond to and escalate security incidents as necessary ensuring timely resolution and documentation of incidents.
- Collaborate with the Incident Response team to support forensic investigations and mitigate ongoing security threats.
- Banking & Financial Security Standards:
- Ensure the implementation and maintenance of security controls in alignment with banking regulations including GLBA PCI-DSS and other financial industry security standards.
- Apply security frameworks and best practices in compliance with industry standards like NIST ISO 27001 and SOC 2.
- Stay up to date with regulatory changes evolving cyber threats and industry trends to ensure the organizations security posture remains compliant.
- Penetration Testing & Security Assessments:
- Conduct or coordinate regular penetration tests and security assessments to proactively identify vulnerabilities in the banks applications networks and systems.
- Provide recommendations for enhancing security architecture and application defense mechanisms based on test findings.
- Assist in vulnerability risk assessments to determine the severity and impact of potential threats on banking systems.
- Security Tools & Automation:
- Deploy configure and maintain security tools for vulnerability scanning penetration testing and threat intelligence.
- Develop and automate security monitoring processes using tools like Ansible Puppet or PowerShell.
- Assist in implementing security automation and orchestration for quicker identification and mitigation of vulnerabilities.
- Collaboration & Documentation:
- Work with IT development and operations teams to integrate security practices within DevOps pipelines and the SDLC (Software Development Life Cycle).
- Create and maintain security documentation including vulnerability reports risk assessments security guidelines and incident reports.
- Provide security training and awareness sessions for employees focusing on threat prevention and safe security practices.
- Security Architecture & Risk Assessment:
- Review and provide recommendations on network architecture cloud security and security infrastructure.
- Collaborate with senior security architects to build and refine the bank s security architecture with a particular focus on reducing risk exposure and improving overall system defenses.
- Identify risks gaps and weaknesses in the organization s security posture and recommend appropriate security controls to mitigate them.
Qualifications:
- Bachelor s degree in Computer Science Information Security Information Technology or a related field.
- 10 years of hands-on experience in IT security vulnerability management and penetration testing particularly within the banking or financial services industry.
- In-depth understanding of common security vulnerabilities (e.g. SQL injection cross-site scripting buffer overflow etc.) and methods to mitigate them.
- Experience with vulnerability scanning tools such as Nessus Qualys or OpenVAS.
- Familiarity with security frameworks such as NIST ISO 27001 PCI-DSS and SOC 2.
- Strong understanding of network security including firewalls IDS/IPS VPNs and encryption protocols.
- Experience working with SIEM tools (e.g. Splunk QRadar ArcSight) to monitor detect and respond to security incidents.
- Knowledge of secure coding practices and experience working with developers to mitigate vulnerabilities in software.
- Familiarity with penetration testing tools like Metasploit Burp Suite and Kali Linux.
- Experience with cloud security in platforms like AWS Azure or Google Cloud.
- Solid understanding of incident response including forensic analysis and security breach containment.
- Excellent communication skills with the ability to write clear concise documentation and present complex security findings to technical and non-technical audiences.
- Certifications (preferred but not required):
- CISSP (Certified Information Systems Security Professional)
- CEH (Certified Ethical Hacker)
- CompTIA Security
- CISA (Certified Information Systems Auditor)
Preferred Qualifications:
- Experience in banking environments with a focus on regulatory compliance and financial security standards.
- Familiarity with DevSecOps practices and security integration in the SDLC.
- Experience with security automation and orchestration tools (e.g. Ansible Puppet Chef).
- Knowledge of risk management frameworks and tools such as RiskWatch or RiskMatrix.
Employment Type
Full Time
