Vulnerability Management Consultant- Tenable

Location:

For Those Who Work At Home - Various, Ohio 44145

The ideal candidate for this position has in-depth knowledge of security and technology, with strong understanding of risk management. The candidate must be able to make decisions based on prior experience in a large enterprise environment and their solid understanding of the technologies and risks involved.

Use skills, experience, and talent to help Key grow an effective vulnerability management program by analyzing, assessing, and proposing solutions for mitigating technical vulnerabilities.

Applicant will work alongside Vulnerability Management team members to ensure technical vulnerabilities across Key’s environment are appropriately identified, risk assessed, and reported out to technology teams for timely remediation. Applicant will also strategize with technology teams on proposed strategies and solutions for addressing more complex vulnerabilities.

Applicant must have a technical background across a wide range of security disciplines and solutions and must have excellent presentation, writing, communication, and customer interface skills.

Essential Job Functions

Abilities:                

• Apply cybersecurity principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)
• Proven capability in identifying/assessing potential exploits and mitigants, and assessing impact to diverse technology environments
• Ability to communicate technical findings to an audience with diverse technical backgrounds
• Ability to query and build dashboards in Service Now
• Partner with the PCI (Payment Card Industry) team and Technology teams to ensure our PCI environments are remediating vulnerabilities 

Knowledge of:    

• Computer networking concepts and protocols, and network security methodologies
• In-depth knowledge of desktop and server operating systems (e.g., Windows, MacOS, Linux)
• GCP, Azure or other cloud solutions
• Cybersecurity and privacy principles
• Specific operational impacts of cybersecurity lapses
• System and application security threats and vulnerabilities
• System administration, network, and operating system hardening techniques
• How traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Information Technology Infrastructure Library [ITIL]
• Cyber attack stages
• Service Now experience (Vulnerability Management Module experience preferred)
• Experience with Tenable or other vulnerability management scanning tool
• Experience with Archer Governance, Risk and Comliance (GRC), specifically the Variance module
• Understanding of PCI
• Subject matter expert level expertise knowledge of both the business and technical aspects of security, including third party security risks
• Strong broad-based technical background (distributed/mainframe, database, web based application development)
• Conducting vulnerability scans and recognizing vulnerabilities
• The use of social engineering techniques
• Ethical hacking principles and techniques
• High level of business acumen, preferably in a regulated/financial industry
• Experience in a governance organization

Tasks:     

• Conduct required reviews and prepare reports that identify technical and procedural findings and provide recommended remediation strategies/solutions.
• Partner with technical partners to remediate all findings
• Provide guidance to technology teams for vulnerability remediation
• Present at various meeting with clients and upper management
• Apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
• Partner with the PCI team and Technology teams to ensure our PCI environments are remediating vulnerabilities
• Manage vulnerability scans with Tenable tool
• Maintain knowledge of current vulnerabilities within Key’s network
• Stay current with  the ServiceNow Vulnerability Module
• Manage firewall reviews and firewall change approvals
• Review documented exceptions for technologies out of compliance with bank standards to ensure exception receives appropriate risk rating

Required Qualifications

• Bachelor’s degree or equivalent work experience
• Professional security certification desired (CISSP, CISM, CISA, etc.)
• Five to seven + years of security experience including technology-related auditing, consulting, and/or operational banking experience
• Strong understanding of cyber security threats and knowledge of financial industry
• Experience with vulnerability scanning and reporting tools
• Proven ability to identify and implement process improvement opportunities
• Results oriented, a team player, and self-starter with ability to work with general direction
• Strong risk-based analysis and decision-making skills
• Ability to understand and analyze complex business processes and technologies to make sound recommendations
• Assists in the development of team metrics, analyzes data, and takes appropriate action
• Project management experience
• Ability to multitask and manage competing priorities
• Process management, time management and organizational skills
• Excellent interpersonal, customer service and relationship management skills
• Excellent facilitation, negotiation and conflict management skills
• Proven ability to effectively handle challenging clients and difficult political situations
• Excellent written and verbal communication skills
• Ability to create, document and implement new processes,  procedures and best practices

COMPENSATION AND BENEFITS

This position is eligible to earn a base salary in the range of $67,000 to $101,000 annually depending on location and job-related factors such as level of experience. Compensation for this role also includes eligibility for short-term incentive compensation and deferred incentive compensation subject to individual and company performance.

Please click here for a list of benefits for which this position is eligible.

Key has implemented a role-based Mobile by Design approach to our employee workspaces, dedicating space to those whose roles require specific workspaces, while providing flexible options for roles which are less dependent on assigned workspaces and can be performed effectively in a mobile environment. As a result, this role may be Mobile or Home-based, which means you may work primarily either at a home office or in a Key facility to perform your job duties.

Job Posting Expiration Date: 06/21/2024

KeyCorp is an Equal Opportunity and Affirmative Action Employer committed to building a diverse, equitable and inclusive culture. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status or other protected category.

 

Qualified individuals with disabilities or disabled veterans who are unable or limited in their ability to apply on this site may request reasonable accommodations by emailing HR_Compliance@keybank.com.

#LI-Remote