Job Description:
The mission of the Vulnerability Detection and Analysis Team is to protect Fidelity's assets and our customers' livelihoods from the threat of exploitation by malicious adversaries. The Vulnerability Detection and Analysis Team does this by proactively monitoring emerging publicly disclosed vulnerabilities and rapidly researching and analyzing them to determine their impact to Fidelity. The team serve as subject matter experts to enable the business units to mitigate applicable issues in a positive, collaborative, innovative manner. The role requires collaboration with teams such as Cyber Threat Intelligence, Penetration Testing, Red Team, the Security Operations Centre, Vulnerability Remediation as well as key stakeholders across the enterprise.
Want more jobs like this?
Get jobs delivered to your inbox every week.
Our Vision
- We aspire to be a best-in-class vulnerability analysis team, with fully engaged, passionate members.
- Producing high-quality work in a consistent, effective, efficient, customer-oriented manner.
- Providing competitive advantage to the firm and serving as a differentiator in the marketplace.
- Serving as a role model for others across the Enterprise and wider industry.
- Driving advancement and research in the cybersecurity space.
The Expertise You Have and The Skills You Bring
- 5+ years of IT experience, 4+ years in a hands-on cybersecurity role
- Preferred: Experience with vulnerability management tools such as Burp Suite, Qualys, Nessus, Wiz or equivalent
- Preferred: Experience in web or network-based penetration testing
- Preferred: Hands on cybersecurity certification such as those from eLearnSecurity and Offensive Security
- Be able to manage a dynamic workload shifting priorities based on risk and as business need evolves
- Ability to demonstrate manual testing experience including all of OWASP Top 10
- Advanced knowledge of security mechanisms such as authentication and authorization techniques, data validation, and the proper use of encryption
- Technical knowledge of and the ability to recognize various types of application and infrastructure security vulnerabilities
- Monitor for and research emerging vulnerabilities to understand the requirements for exploitation and impact
- Replicate the actual techniques and tools used by malicious attackers to model potential external threats.
- Intermediate knowledge of a programming or scripting language such a C, C#, Python, Objective C, Java, JavaScript, SQL
- Proven analytical and problem-solving skills, as well as the desire to assist others in solving issues
- Excellent social skills with a strong interest in the application security domain
- Superb communication and presentation skills and a demonstrable ability to communicate threats and facilitate progress towards long-term remediation
- Highly motivated with the willingness to take ownership / responsibility for their work and the ability to work alone or as part of a team.
Certifications:
Category:
Information Technology
Fidelity's hybrid working model blends the best of both onsite and offsite work experiences. Working onsite is important for our business strategy and our culture. We also value the benefits that working offsite offers associates. Most hybrid roles require associates to work onsite every other week (all business days, M-F) in a Fidelity office.
Please be advised that Fidelity's business is governed by the provisions of the Securities Exchange Act of 1934, the Investment Advisers Act of 1940, the Investment Company Act of 1940, ERISA, numerous state laws governing securities, investment and retirement-related financial activities and the rules and regulations of numerous self-regulatory organizations, including FINRA, among others. Those laws and regulations may restrict Fidelity from hiring and/or associating with individuals with certain Criminal Histories.