This candidate will join the Commercial Vulnerability Management team as an Operations analyst. The team is primarily responsibile for timely analysis of CVEs relevant to technology products in use by the Firm. Candidate needs to be proficient with CVSS scoring and have experience accounting for the existence of compensating controls to re-factor scores. Candidate needs to be comfortable escalating vulnerabilities to the Firm CISO and Technology & Operations Risk management and initiating requests for immediate action and triage of critical severity items. Analyst will be responsible for a segment of products associated with a particular silo of the technology organization and therefore needs to form effective working relationships with technology owners in order to influence remediation priorities. Performance of daily functions will require the ability to derive information from various related Splunk views and indexes.

Desired Characteristics / Skills

- 4-6 years of technology experience with 2 or more years in a technology risk function, security vulnerability or patch management preferred

- Experience with vulnerability scanning tools

- Understanding of application, network and operating system security and cyber exploit techniques commonly used against each

- Understanding of technology components, interaction between layers and services for applications and infrastructure in an enterprise environment

- Experience CVSS scoring of vulnerabilities in an enterprise IT environment

- Experience with an enterprise reporting platform (Splunk preferred)

- Strong organizational, communication, and professional skills

- Hands on OS operations, development, or penetration testing experience a plus