Cyber Security Analyst II - Vulnerability Management

As a Vulnerability Management Analyst, you will be a key part of a high performing SOC team, with a desire to continually improve andadvance our capabilities to protect SMBC Group. You will bring your passion for Cybersecurity to a team of dedicated professionals andleverage this passion to ensure our vulnerability remediation activities are effective and efficient and that we keep pace with a rapidlychanging threat landscape. You will help protect the Bank's networks, applications, and infrastructure by working with IT owners toidentify and mitigate risks that may be targeted by threat groups.

The Vulnerability Management team is responsible for working with relevant stakeholders to identify, analyze, mitigate, and report onvulnerabilities. The goal is to take a proactive and risk-based approach to identifying and addressing gaps within SMBC to protect theBank's network and data from a cyber-attack and in turn, protect its reputation and the trust of customers.

In this role, you will be responsible for configuring scans, researching the latest threats, conducting risk assessments, coordinatingremediation of identified risks, and reporting on compliance levels and opportunities for improvement across the enterprise. Due to therapidly growing technological footprint and threat landscape, this role requires a quick learner that is proactive, diligent, and organized.
The role will require interaction with various teams to effectively communicate and address risk and promote the use of securetechnologies in line with security standards.
The role offers the opportunity for a security professional to work in a challenging and complex enterprise environment, using leadingedge tools and technologies.

* Triage vulnerability alerts from security tools, external intelligence providers, penetration tests, and user-reported findings toassess impact to the organization
* Configure network, infrastructure, and/or application vulnerability scans and policy checks and conduct manual testing asneeded to validate findings
* Liaise with various business units to conduct vulnerability assessments, consult on risk reduction strategies, and superviseremediation such that vulnerabilities are addressed within required timelines
* Conduct attack surface risk modeling and articulate high-risk areas to stakeholders in collaboration with Threat Intelligence andThreat Hunting functions
* Assist in production of periodic vulnerability management reports and statistics for management
* Tune vulnerability management tools to increase coverage, reduce false positives and false negatives, and improve processes
* Liaise with Optimization team to set up detections and mitigations i.e., Intrusion Prevention Systems, ensuring we havesignatures in place to protect us from relevant threats.
* Support culture of continuous improvement by proactively investigating new risks and opportunities to strengthen Bank'ssecurity posture

* 2+ years of security, IT, compliance, audit, risk management, consulting, or application development experience
* Bachelor of Information Technology, Computer Science, or similar preferable
* Strong understanding of MITRE ATT&CK framework
* In-depth knowledge of network and web-based attacks
* Diligent, proactive, and strong attention to detail
* Ability to work with large datasets, multi-task, and effectively prioritize tasks
* Strong critical analysis and problem-solving abilities
* Strong interpersonal and communication skills (written and verbal)
* Ability to multi-task and remain productive in a service-driven and results oriented environment.
* Demonstrated strong organizational, analytical, and problem-solving skills.
* Ability to script tasks and automate processes is a plus
* Working knowledge of cloud technologies and containerized environments is a plus