: Cybersecurity Vulnerability Risk Analyst
This position reports to the VP of SR. Staff Specialist Risk Assessment & Controls Testing
The purpose will be to work closely with multiple stakeholders within the Cybersecurity, Technology and Business Units to detect, analyze, and remediate vulnerabilities discovered within the M&T computing environment.
Implement, execute and monitor vulnerability scans using Qualys and Nessus vulnerability tools.
Report findings and state of banking environments, including but not limited to, vulnerability scanning, assessment, and remediation tracking within the Archer Vulnerability Risk Management module.
Further develop, implement and support Enterprise Vulnerability Risk Management program and related processes.
Communicate vulnerability findings to application owners and escalate to Senior Management as required.
Bachelor’s degree in computer information technology, computer engineering, or related degree, or equivalent experience of combined education and experience.
Minimum of four (4) years of hands-on experience with security tools such as scanners, monitoring and detection, malware protection, security analysis tools and compliance tools (both network and host based solutions).
Minimum of four (4) years’ technical experience in the security aspects of multiple computer platforms, operating systems, products, network protocols and system architecture or equivalent training and knowledge through education.
Knowledge, Skills, Abilities
Ability to build scan profiles within vulnerability scanning tools.
Skilled in developing vulnerability management processes and assessment methodology for effective cyber security assessments.
Skilled with configuration and developing processes, procedures and practices for enterprise vulnerability and compliance scanning systems.
Prior experience and ability to demonstrate configuring Qualys, Nessus, etc. scanning tools
Knowledge and understanding in functionality of Archer Governance, Risk Compliance (GRC).
Ideal Qualifications Preferred
Working knowledge of information security components, principles, practices, and procedures.
Skilled with device vulnerability security scanning and interpretation of results.
Experience in vulnerability management, including testing, scanning, and patching.
Basic knowledge and ability to navigate various computing operating systems.
Knowledge of the common types of vulnerabilities and attacks.
Strong verbal and written communication, organizational and interpersonal skills.
Demonstrated ability to clearly communicate information security technical issues & concepts using language and examples, to a wide audience of both technical and non-technical personnel (to include executives, auditors, end users, and engineers.)
Proficient in MS Office tools such as Word, Excel, and familiarity with SharePoint.
Must be a team player and willing to work in a rapidly changing and growing environment.
Ability to be flexible, proactive, and understand situations quickly.
Candidate must have the ability to work independently and as part of a team.
Willingness to share information and provide cross-training.
Excellent time management skills, and the ability to prioritize and multi-task.
Ability to work efficiently and independently with minimal supervision (i.e. self-motivated and willing to adapt to meet important deadlines).
Working knowledge of Archer (GRC) Vulnerability Risk Management module.
Collaborate on multiple projects at a given time.
Candidate has technical writing ability and can document Policies, Procedures and Processes.
Familiarity with regulatory and legal requirements (e.g., SOX, PCI).
Knowledge of security & risk frameworks, standards, and best practices (i.e. NIST, PCI, CIS).
Preferable certifications CISSP, CISM, CEH.
Financial or Bank industry experience desirable.
Program or project management experience is desirable, MS project.
: New York-Amherst-Commerce Drive
: Information Technology