Threat and Vulnerability Management Engineer
Posted on Aug 5, 2019 by First Republic
Incredible teams doing exceptional work, every day
Information Security supports the business' objectives by implementing state of the art cybersecurity technologies and practices so that we are well-prepared to protect Company's systems and data from cyber-attacks and other unplanned disruptions.
Common goals, uncommon potential
The Threat and Vulnerability Security Engineer provides security oversight to First Republic Bank's computing environment.
Oversight is achieved by monitoring and investigating potential security vulnerabilities and threats as reported by FRB's security tools; performing security data analytics; identifying and addressing potential data loss channels; and staying apprised of potential security challenges through the gathering and processing of cyber intelligence.
The position will work closely with other Network Security Engineers and Information Services personnel to ensure appropriate controls are in place, and to ensure that security policies are being effectively employed.
What you'll do as a Threat and Vulnerability Management Engineer:
* Information Security Threat and Vulnerability Management
* Responsible for configuring vulnerability assessment tools, as well as performing scans, researching and analyzing vulnerabilities, identifying relevant threats, corrective action recommendations, summarizing and reporting results.
* Analyze penetration test results and engage with technology partners and business units in order to resolve identified vulnerabilities within SLAs.
* Approaches for addressing vulnerabilities include system patching, deployment of specialized controls, code or infrastructure changes, and changes in development processes.
* Identify and resolve any false positive findings in assessment results.
* Information Security Threat and Vulnerability
* Reporting Produce metrics and reporting on the state of system security, threat, vulnerability and patch management.
* Design and deliver actionable Information Security dashboards and scorecards.
* Analyze data sources and recommend optimal data sources to provide relevant reporting.
* Provide IT Governance metrics and reporting
* Oversee Remediation Activities:
* Manage tracking and remediation of vulnerabilities by leveraging agreed-upon action plans and timelines with responsible technology developers and support teams.
* Recommend appropriate policy, standards, process and procedural updates as part of comprehensive remediation solutions.
* Validate remediation by reviewing application updates or deployed mitigations to verify resolution.
You could be a great fit if you have:
* BS in Computer Science or equivalent
* Technical network (e.g. CCNA, CCNP Security) and security certifications highly desirable (e.g. CISA, CISSP, GCIH).
* Understanding of controls (e.g. access control, auditing, authentication, encryption, integrity, physical security, and application security).
* Must be well versed in operating systems such as Linux as well as Windows environments, Active Directory, VPN systems, encryption schemas and algorithms, various authorization and authentication mechanisms/software, network monitoring and sniffing, TCP/IP networks and vulnerability and threat management tools (including network based scanners).
* Experience with vulnerability scanners, vulnerability management systems, patch management, and host based security systems. Host Based Security Systems, patch management.
* Beneficial if experienced in Database Activity Monitoring Systems (DAM), and Web Application Firewalls (WAF).
* Ability to provide quality deliverables on time and on budget.
* Must be able to review and analyze data reports and manuals; must be computer proficient.
* Must be able to communicate effectively via telephone and in person.
Own your work and your career - apply now
Are you willing to go the extra mile because you love what you do and how you can contribute as a team? Do you want the freedom to grow and the opportunity to take charge of your own career? If so, then come join us.
We want hard working team players. You'll have the independence to learn, lead and drive change. A culture of extraordinary service, empowerment and stability - that's the First Republic way.
Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records, to the extent consistent with applicable federal and/or state law.