Cyber Security Engineer

---

Job description

THIS IS A FULL TIME ROLE - NO C2C

Location: Marlborough, MA

1-3 years of experience

SYSTEMS ENGINEER

INFORMATION SECURITY

Cybersecurity Engineer

OUR CLIENT

Tracing their roots to 1928, our client is one of the world's largest independent investment management firms. With over US$1.2 trillion in assets under management as of 30 June 2021, they serve as a trusted adviser to institutional clients and mutual fund sponsors in over 55 countries. Their innovative investment solutions are built on the strength of proprietary, independent research and span nearly all segments of the global capital markets, including equity, fixed income, multi-asset, and alternative strategies.

THE POSITION

As a Cybersecurity Engineer on the Threat and Vulnerability Management team, you'll be working with multiple teams across the company to assist in minimization of potential attack surfaces at the firm through aggressive vulnerability management and patching operations. You will work with IT and business partners to provide guidance on vulnerability management for both the on-premises and cloud-based assets. You will also play a key role in the delivery and reporting of critical metrics to application owners to facilitate remediation plans. The Threat and Vulnerability Management Team is looking for a flexible, motivated individual who is eager to make a big impact in this space.

DETAILED RESPONSIBILITIES INCLUDE:

• Review of both internal and open-source threat intelligence sources for recently disclosed vulnerabilities at risk of introduction into the firm's environment.

• Perform assessments of the likelihood of exploitation and potential impact of vulnerabilities to determine the appropriate course of action to mitigate potential risk

• Track weekly vulnerability scan metrics & collaborate with the appropriate teams to provide technical guidance with remediation or mitigation plans based on findings from assessment tools.

• Enhance team capabilities by assisting with the development and implementation of new tools and processes, such as a vulnerability analytics system.

• Contribute to team documentation for updates to existing processes, new processes, assessment tool infrastructure details and workflows.

• Assist users with the integration and onboarding of binary code analysis tools.

• Stay up to date with current and relevant cybersecurity threats as well as any associated countermeasures.

NON-TECHNICAL QUALIFICATIONS:

• BS degree in Information Systems/related discipline or equivalent IT work experience

• Strong analytical, decision-making, and investigative skills

• Ability to self-motivate, with an eagerness to dig into potential risks

• Ability to work with global teams effectively

· Excellent oral and written communication skills with a proven ability to effectively interact with teams representing a wide variety of technical disciplines.

• Ability to work in a team-oriented, fast-paced environment

• Aptitude to provide innovative solutions to problems

• Attentive to detail and self-disciplined

TECHNICAL QUALIFICATIONS

• A demonstrated interest in Cybersecurity and a desire to stay current with the changing threat landscape and evolving attack techniques.

• Previous experience assessing, documenting, and communicating information security risk, particularly related to cyber vulnerabilities is preferred

• Strong interest in public cloud/hybrid models, with previous experience preferable

• Foundational knowledge in the areas of network architecture and engineering and software application development

• Foundational knowledge of threat intelligence feeds and resources

• Working knowledge of vulnerability scanning software/hardware

• Preferred: Scripting experience

• Preferred: Working knowledge of Amazon AWS services

• Familiarity with Amazon Inspector is a plus