Information Security Analyst, Sr

Salary depends on experience
Posted on 07/05/17
5 - 7 years experience
Financial Services
Salary depends on experience
Posted on 07/05/17

Role Description:  Senior Information Security Engineer for the PCI Service Delivery team will focus on classifying, prioritizing, validating and assigning patching and remediation work required to meet regulatory, industry  and/or contractual compliance guidelines which include PCI, GLBA, FFIEC, SSAE16 and Corporate Policy and Procedures. This data triage work includes the in depth analysis and validation security testing of vulnerability scan data and working with multiple technical teams within Fiserv toresolve identified risk items through re-configuration, vendor patches, security updates or mitigating controls.  A person in this role will require a well-rounded technology background as they will be investigating and resolving risk items with network devices (proxies, load balancers), operating systems (Windows, Linux), Active Directory group policy management, VMWare ESX management and patching and other platforms as needed (Databases, midrange/mainframe, AIX, Solaris).  Provide custom vulnerability scanning and analysis and segmentation testing to be done prior to our Qualified Security Assessor Company coming onsite for their annual PCI assessment penetration testing. 

A Senior Information Security Engineer is also expected to:

Provide guidance and direction to staff on technical issues/concerns Assist in 3rd party penetration testing and remediation to ensure timely resolution of gaps/findings. Define alternate solutions, mitigations or workarounds for technical findings for internal and external penetration testing. Perform limited manual vulnerability analyst testing and/or validation of vulnerabilities. Provide technical vulnerability expertise and support for Fiserv platform teams. Participate in regular vulnerability analysis meetings and produce ongoing reports of progress. Validate Exceptions Request and assist in determining False Positives defined by business unit SME’s. Assist in developing and testing out new solutions to effectively track and remediate vulnerabilities. Provide six month segmentation testing for over 50 Fiserv business units. Provide guidance and direction to the team in participation of all Fiserv Internal and External penetration testing.  Technical Testing and Validation of ETG Service offerings.

Required Qualifications:

Education

  • BS in Computer Science, Information Technology, Information Assurance or equivalent required

Certifications:

  • CISM and/or CISSP, OSCP,CEH, GPEN, GSEC, Security+

Job Related Experience:

  • At least 4 years if systems and network security experience
  • At least 2 years of application/device security experience
  • Strong experience and detailed technical knowledge in security engineering, system and network security, authentication and security protocols, cryptography
  • Experience with application of threat modeling and other risk identification techniques
  • Detailed knowledge of risk assessments, threat modeling and fixing vulnerabilities
  • Detailed knowledge of the TCP/IP stack and its related protocols; TCP/IP, UDP, IPSEC, HTTP/HTTPS, routing protocols
  • Excellent written and verbal communications skills
  • Results oriented, self-motivated
  • Ability to support an extensive client base in varied geographical locations

Travel Required:

Willing to travel up to 25% as needed

Job ID 4953401

Not the right job?
Join Ladders to find it.
With a free Ladders account, you can find the best jobs for you and be found by over 20,0000 recruiters.