Who we are looking for
State Street seeks to recruit a Senior Analyst Vice President to support the Fusion and Security Operations Advanced Threat Operational Reporting and Remediation Analysis Program. This is a very technical role in which the employee will analyze red team, pen testing, and other Advanced Threat related findings and perform immediate risk reduction actions, root cause analysis, and risk and controls reporting to the respective risk committees and the Head of Fusion and Security Operations.
What you will be responsible for
As a Senior Analyst VP, you will assess the risk of Advanced Threat findings, identify areas for immediate risk reduction, produce risk-based reporting, and validate remediation activities of Advanced Threat findings. You will help translate the findings into business impact and risk and identify opportunities to immediately reduce the risks identified. In addition, you will contribute to Risk Committee reporting for the Advanced Threat and Fusion & Security Operations portfolio, contribute to other assurance activity such as reporting and measurement of control effectiveness, and reporting for Key Performance Indicators / Key Risk Indicators. Key responsibilities include:
1. Trace the attack path of a penetration test and analyze the exploited vulnerabilities to understand the key exploitation points along the kill chain
2. Conduct root cause analysis to determine technical, procedural, and behavioral gaps or vulnerabilities uncovered during testing
3. Discern between the highest risk vulnerabilities identified during testing and articulate the impact to the underlying system or infrastructure
4. Identify the most critical remediation activities system owners or business process owners can take to disrupt the kill chain used in penetration tests
5. Document results of the analysis in the team’s workflow tool
6. Identify key stakeholders for remediation and assign findings accordingly
Reports to: MD, Head of Fusion Advanced Threat Operational Reporting and Remediation
What we value
These skills will help you succeed in this role
7. 5 or more years in a security engineering role, vulnerability assessment/management role, or penetration testing role
8. Ability to communicate technical topics surrounding vulnerabilities to a broad audience with varying technical proficiencies and at varying levels of management
9. Excellent interpersonal and communication skills (written and verbal)
10. Excellent problem-solving abilities and organizational/time management skills.
11. Strong attention to detail and willingness to "roll up sleeves"
12. Ability to work independently as well as collaboratively across silos
13. Intellectually curious and willing to invest time in researching areas outside current knowledge base/skill set
Education & Preferred Qualifications
14. Bachelor’s degree with 5 years relevant experience
15. Expertise in network security architecture and application security
16. Understanding of threat actor tactics, techniques, and procedures
Additional requirements
17. Previous experience in banking industry a plus
18. Previous experience with producing evidence in support of regulatory inquiries a plus