Vulnerability Management Consultant- Tenable
For Those Who Work At Home, OH
Location:
For Those Who Work At Home - Various, Ohio 44145The ideal candidate for this position has in-depth knowledge of security and technology, with strong understanding of risk management. The candidate must be able to make decisions based on prior experience in a large enterprise environment and their solid understanding of the technologies and risks involved.
Use skills, experience, and talent to help Key grow an effective vulnerability management program by analyzing, assessing, and proposing solutions for mitigating technical vulnerabilities.
Applicant will work alongside Vulnerability Management team members to ensure technical vulnerabilities across Key’s environment are appropriately identified, risk assessed, and reported out to technology teams for timely remediation. Applicant will also strategize with technology teams on proposed strategies and solutions for addressing more complex vulnerabilities.
Applicant must have a technical background across a wide range of security disciplines and solutions and must have excellent presentation, writing, communication, and customer interface skills.
Essential Job Functions
Abilities:
- Apply cybersecurity principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)
- Proven capability in identifying/assessing potential exploits and mitigants, and assessing impact to diverse technology environments
- Ability to communicate technical findings to an audience with diverse technical backgrounds
- Ability to query and build dashboards in Service Now
- Partner with the PCI (Payment Card Industry) team and Technology teams to ensure our PCI environments are remediating vulnerabilities
Knowledge of:
- Computer networking concepts and protocols, and network security methodologies
- In-depth knowledge of desktop and server operating systems (e.g., Windows, MacOS, Linux)
- GCP, Azure or other cloud solutions
- Cybersecurity and privacy principles
- Specific operational impacts of cybersecurity lapses
- System and application security threats and vulnerabilities
- System administration, network, and operating system hardening techniques
- How traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Information Technology Infrastructure Library [ITIL]
- Cyber attack stages
- Service Now experience (Vulnerability Management Module experience preferred)
- Experience with Tenable or other vulnerability management scanning tool
- Experience with Archer Governance, Risk and Comliance (GRC), specifically the Variance module
- Understanding of PCI
- Subject matter expert level expertise knowledge of both the business and technical aspects of security, including third party security risks
- Strong broad-based technical background (distributed/mainframe, database, web based application development)
- Conducting vulnerability scans and recognizing vulnerabilities
- The use of social engineering techniques
- Ethical hacking principles and techniques
- High level of business acumen, preferably in a regulated/financial industry
- Experience in a governance organization
Tasks:
- Conduct required reviews and prepare reports that identify technical and procedural findings and provide recommended remediation strategies/solutions.
- Partner with technical partners to remediate all findings
- Provide guidance to technology teams for vulnerability remediation
- Present at various meeting with clients and upper management
- Apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
- Partner with the PCI team and Technology teams to ensure our PCI environments are remediating vulnerabilities
- Manage vulnerability scans with Tenable tool
- Maintain knowledge of current vulnerabilities within Key’s network
- Stay current with the ServiceNow Vulnerability Module
- Manage firewall reviews and firewall change approvals
- Review documented exceptions for technologies out of compliance with bank standards to ensure exception receives appropriate risk rating
Required Qualifications
- Bachelor’s degree or equivalent work experience
- Professional security certification desired (CISSP, CISM, CISA, etc.)
- Five to seven + years of security experience including technology-related auditing, consulting, and/or operational banking experience
- Strong understanding of cyber security threats and knowledge of financial industry
- Experience with vulnerability scanning and reporting tools
- Proven ability to identify and implement process improvement opportunities
- Results oriented, a team player, and self-starter with ability to work with general direction
- Strong risk-based analysis and decision-making skills
- Ability to understand and analyze complex business processes and technologies to make sound recommendations
- Assists in the development of team metrics, analyzes data, and takes appropriate action
- Project management experience
- Ability to multitask and manage competing priorities
- Process management, time management and organizational skills
- Excellent interpersonal, customer service and relationship management skills
- Excellent facilitation, negotiation and conflict management skills
- Proven ability to effectively handle challenging clients and difficult political situations
- Excellent written and verbal communication skills
- Ability to create, document and implement new processes, procedures and best practices
COMPENSATION AND BENEFITS
This position is eligible to earn a base salary in the range of $67,000 to $101,000 annually depending on location and job-related factors such as level of experience. Compensation for this role also includes eligibility for short-term incentive compensation and deferred incentive compensation subject to individual and company performance.
Please click here for a list of benefits for which this position is eligible.
Key has implemented a role-based Mobile by Design approach to our employee workspaces, dedicating space to those whose roles require specific workspaces, while providing flexible options for roles which are less dependent on assigned workspaces and can be performed effectively in a mobile environment. As a result, this role may be Mobile or Home-based, which means you may work primarily either at a home office or in a Key facility to perform your job duties.
Job Posting Expiration Date: 06/21/2024KeyCorp is an Equal Opportunity and Affirmative Action Employer committed to building a diverse, equitable and inclusive culture. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status or other protected category.
Qualified individuals with disabilities or disabled veterans who are unable or limited in their ability to apply on this site may request reasonable accommodations by emailing HR_Compliance@keybank.com.
Tags: Application security Audits Azure Banking CISA CISM CISSP Cloud Compliance Ethical hacking Exploits Firewalls GCP Governance ITIL Linux MacOS Mainframe Network security Privacy Risk management Vulnerabilities Vulnerability management Vulnerability scans Windows
Perks/benefits: Career development
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Penetration Tester jobs
- Open Cloud Security Architect jobs
- Open Security Operations Engineer jobs
- Open Principal Security Engineer jobs
- Open Information Security Specialist jobs
- Open Information Security Officer jobs
- Open Senior Cyber Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open Senior Product Security Engineer jobs
- Open Cyber Security Architect jobs
- Open IT Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Cyber Security Specialist jobs
- Open Security Specialist jobs
- Open Senior Network Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Cybersecurity Consultant jobs
- Open Security Consultant jobs
- Open Senior Information Security Analyst jobs
- Open IT Security Analyst jobs
- Open Security Operations Analyst jobs
- Open Manager Pentest H/F jobs
- Open Information Security Architect jobs
- Open Information System Security Officer (ISSO) jobs
- Open Agile-related jobs
- Open Risk assessment-related jobs
- Open SOC-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open GCP-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Threat intelligence-related jobs
- Open DoD-related jobs
- Open Vulnerability management-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open CEH-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open SaaS-related jobs
- Open Malware-related jobs
- Open Kubernetes-related jobs
- Open Java-related jobs
- Open EDR-related jobs
- Open TS/SCI-related jobs