WELLINGTON MANAGEMENT

Wellington Management offers comprehensive investment management capabilities that span nearly all segments of the global capital markets. Our investment solutions tailored to the unique return and risk objectives of institutional clients in more than 50 countries draw on a robust body of proprietary research and a collaborative culture that encourages independent thought and healthy debate. As a private partnership we believe our ownership structure fosters a long-term view that aligns our perspectives with those of our clients.

THE POSITION

TheAttack Surface Management team is seeking a Senior Security Engineer to be a key member of our team. There will be a heavy focus on building maturing and operationalizing a configuration baselines program spanning physical and virtual systems serverless workloads container security and other platforms. This engineer will assist in the minimization of potential attack surfaces through vulnerability management managing a baselines program cloud configuration assessments incorporating threat intelligence from public and private sources and work internally to build and enhance policies standards and processes. They will be working with various technologies that surface vulnerabilities misconfigurations end of life software and other vectors. The ideal candidate is one that has a passion for cyber-security a natural curiosity and is willing to think outside the box to challenge the status quo in Attack Surface Management.

RESPONSIBILITIES

• Develop and mature an internal security hardening and baselines program. This effort develops standards and process to ensure attack surface risk is reduced and configuration baseline is met both according to CIS Controls and cyber threats actively targeting the firm.

• Perform assessments and communicate to stakeholders on the likelihood of exploitation and potential impact of vulnerabilities misconfiguration findings and other potential vectors to determine the appropriate course of action to mitigate potential risk.

• Leverage Cloud Native Application Protection Platform (CNAPP) technology to assess findings and contribute guidance and expertise to application custodians on fixing issues.

• Act as a security liaison between Information Security and the Development staff to bring a security mindset to the software development lifecycle. Assess and understand the Wellington CI/CD pipeline to be able to provide recommendations to developers for securing their code.

• Stayupto date withcurrent andrelevant cyber security threatsas well as any associated countermeasures. Participate in internal meetings to map industry cyber threats to our current attack surface.

• Review of both internal and open-source threat intelligence sources for recently disclosed vulnerabilities at risk of introduction into the Wellington environment.

• Work with our Third-Party Risk team to engage third parties in Wellingtons vendor ecosystem to understand when third and fourth parties may be exposed to critical vulnerabilities.

• Contribute to team documentation for updates to existing processes new processes assessment tool infrastructure details and workflows.

• Contribute to firmwide documentation by being an SME contributor to policies and standards.

NON-TECHNICAL QUALIFICATIONS

• A Passion for cyber-security is a must.

• Ability to self-motivate with an eagerness to dig into potential risks. Ask questions be curious dig deeper.

• BS degreein Information Systems/related discipline or equivalent IT work experience

• Experience in developing new processes and procedures that match evolving attack surfaces.

• Excellent oral and written communication skills with a proven ability to effectively interact with teams representing a wide variety of technical disciplines.

• Ability to work with global teamseffectively.

• Ability to mentor junior team members and share discoveries about your work.

TECHNICAL QUALIFICATIONS

• Experience working with best practices frameworks such as CIS Critical Security Controls to drive an internal discovery and risk assessment program for a system baselines / hardening program.

• Knowledge of common cyber-attack types such as DDoS SQLi XSS and others. This experience relied upon to make rational decisions in our baselines program.

• Hands-on experience with vulnerability assessment software and prioritizing results using a combination of various frameworks tied to internal objects (CVE CVSS EPSS etc.).

• Previous experience assessing documenting and communicating information security risk particularly related to cyber vulnerabilities is preferred.

• Experience in the use of common scripting languages such as python to automate job functions.

• Working knowledge of IaC (Infrastructure as Code) concepts especially with AWS.

• Knowledge in the areas of network architecture and engineering and software application development

• Working knowledge of the use of threat intelligence feeds and resources

• Preferred: Experience working with Splunk Qualys WIZ Artifactory AWS Cloudformation

• Preferred: Working knowledge of Amazon AWS services

• Preferred: Home labs security practitioner meetups research we would love to hear it!

JOB TITLE

JOB FAMILY

LOCATION

Not sure you meet 100% of our qualifications Thats ok. If you believe that you could excel in this role we encourage you to apply and welcome a chance to review your background. We are dedicated to building and maintaining a diversified workforce and considering a broad array of candidates with a variety of skill workplace experiences and backgrounds.

As an equal opportunity employer Wellington Management considers all qualified applicants will receive consideration for employment without regard to race color sex sexual orientation gender identity gender expression religion creed national origin age ancestry disability (physical or mental) medical condition citizenship marital status pregnancy veteran or military status genetic information or any other characteristic protected by applicable law. If you are a candidate with a disability or are assisting a candidate with a disability and require an accommodation to apply for one of our jobs please email us at .