Senior Analyst, Vulnerability Management at First Bank

Job Identification: 107

Job Objective(s)

• To identify security loopholes and vulnerabilities within the banks information systems.The Vulnerability Senior Analyst will provide input to the Enterprise Vulnerability Management (EVM) strategic direction and to have a focused leadership role on one or more EVM tools.
• This role is responsible for implementing and managing enterprise vulnerability tools and processes to reduce technical risks due to vulnerabilities. This includes identifying and evaluating vulnerabilities and remediation activities for the Bank and entire subsidaries IT asserts.

Duties & Responsibilities

• Conduct regular reviews of Banks network using manual/automated means to ensure that configurations meet best security practices.
• Coordinate and Provide input to the development and implementation of Enterprise Vulnerability Management strategy and processes. This includes penetration testing strategy.
• Ownership of critical EVM vulnerability scanning applications such as tools to scan/evaluate cloud and container infrastructures; infrastructure, operational technology and other devices on the network.
• Interpretation, prioritization, and communication of scanning results to key business partners
• Execution of emergency (e.g. zero day) vulnerability management process including research, coordination of response, and escalation/communication to senior leadership
• Primary IT and Business contact for vulnerability related questions, concerns, and support
• Drive situational awareness to all staff and other stakeholders based on risk identification
• Conduct payment card data discovery scans to ensure security of Card Holder data
• Conduct internal and external Penetration tests on the Bank’s information systems and make recommendations to critical findings
• Engage with vendors and third parties on the identification and remediation of vulnerabilities
• review the security of critical systems (e.g., e-mail servers, Active Directory, applications databases etc.) and changes to sensitive security controls to ensure appropriate security balance and strength across the Bank.
• Provide insight on Security defense and hardening practices
• Research and keep up-to-date with hacking/defense techniques, exploits and countermeasures
• Analyze and evaluate vulnerabilities for exploitability and relevance.
• Engage with stakeholders on timelines for closure of vulnerabilities and advise on appropriateness
• Comply with the principles and policies in the information security hand book

Job Requirements
Education:

• Minimum Education: First Degree in Computer Science/Engineering, Higher Degrees/Professional Certificates

Experience:

• Minimum experience – Working knowledge of PCI DSS
• Working knowledge of ISO 27001
• Knowledge of the Security tools such as Qualys, Burp Suite, etc
• Good Knowledge of Penetration testing tools.
• Good knowledge of MS Windows and Linux
• Good understanding of Best Practices Security architecture.
• Working knowledge of penetration testing.
• Good knowledge of network protocols including UDP/TCP/IP
• Professional level knowledge of Access control lists, NAT, routing and switching
• Ability to review rule sets for firewalls
• Good knowledge of firewalls, IDS and IPS
• Good knowledge of network/application security and encryption models