FactSet combines hundreds of databases into a single, powerful information system. It is a one-stop source for financial information and analytics for business analysts, portfolio managers, investment bankers / management firms and other financial professionals to analyze companies, portfolios, markets & economies. Founded in 1978 and operating from 64 locations worldwide employing nearly 10000 people, FactSet has over $1.1 Billion in annual revenues and is headquartered in Norwalk, Connecticut. Our operations extend within North America as well as Europe and the Pacific Rim. Since 1996, the Company has been publicly traded on the New York Stock Exchange under the symbol FDS, and is dual- listed on the NASDAQ under the same symbol -integrated financial and economic information to the investment management and banking industries.
VALUES THAT DEFINE OUR CULTURE
We are unified by the spirit of going above and beyond for our clients and each other. We look to foster a globally inclusive culture, enabling our people to be themselves at work and to join in, be heard, contribute, and grow. We continually seek to expand our workforce with diverse perspectives, backgrounds, and experiences. We recognize that our best ideas can come from anyone, anywhere, at any time and help us provide the best solutions for our clients around the globe.
Our inclusive work environment maximizes our diversity values, engagement, productivity, and ultimately makes FactSet a fun place to work.
FactSet is currently seeking a Cybersecurity Advisor, experienced in vulnerability management, development and remediation, to join the global Security team.The ideal candidate will have a background in vulnerability management, penetration testing and most importantly system remediation.You will coordinate activities with talented individuals in Network Engineering, Systems Engineering, Client Services, and of the Security Team to drive holistic change within FactSet focused on remediation. Duties involve prolonged direct communication with internal clients and stakeholders, thus a highly organized individual with project management skills, tenacity, good communication, and interpersonal skills are a must.
This position will report directly to the Vulnerability Management Manager.
Focused on managing remediation efforts of potential risks, threats, vulnerabilities and exploits in systems and applications
Support the creation of applicable remediation strategies
Support the automation of security testing and more efficient discovery, tracking, and resolution of security vulnerabilities
Support the writing and creation of vulnerability database queries and the presentation of vulnerability data in dashboarding technologies
Educate employees on applying updates and configuration best practices
4+ years of relevant Security Engineering/Analysis with a focus on Vulnerability Management, Penetration Testing or Security Assurance
Bachelors or Masters in Computer Science/Engineering/Security or related field
Detail-oriented and quality-driven with excellent communication and inter-personal skills
Extensive experience in systems administration and system hardening
Experience with Systems Management Software Products for Windows and Linux
Knowledge of common operating system and software vulnerabilities, such as the Bluekeep, Spectre, WannaCry, Heartbleed, etc.
Strong understanding of network topology
Experience in security testing for cloud services (AWS, Azure) is a plus
Experience with Data Visualization tools is a plus
Experience with scripting/query languages such as SQL and Python is a plus
Understanding of vulnerability scanning tools Nexpose or Nessus
Relevant industry training and/or certification is a plus: CSSLP, CISSP, CEH, GPEN, CCNP
Able to deliver quality results in a high-energy/high-pressure environment
Ability to multi-task and manage demands of many projects, issues, and tasks
Ability to perform duties with minimal supervision
Tools and Capabilities:
Nexpose, Nessus, nmap, Metasploit
WSUS, SCCM, ksplice, yum
MySQL, MSSQL, NoSQL
Perl, Python, Shell Script or PHP
Cloud Platforms (AWS, Azure)
Professional Position Overview:
The Cybersecurity Advisor will be responsible for completing the following tasks:
Analyze and prioritize risk assessments and security testing as part of the Risk Management Framework (RMF) Assessment and Authorization (A&A) Process.
Develop, document, and implement process changes that lead to improved efficiency and depth of assessments.
Demonstrated ability to conduct root cause analysis when identifying problems.
Proactively monitoring the security, capacity and availability of an enterprise network.
Assessing security controls in accordance to security standards, frameworks, laws and policies.
Ability to interpret policies, procedures, standards, guidelines, and regulations to include National Institute of Standards and Technology (NIST) and Federal Information Security Management Act (FISMA).
Collect, track, and manage security artifacts and documentation.
Reporting, including but not limited to:
Draft, track and update technical reports
Creation and maintenance of reporting dashboards to assist teams and leadership
Organize, analyze and develop detailed asset state and vulnerability reports
The Cybersecurity Advisor in this position will spend 50% of their time providing vulnerability tracking and reporting.In this role you are expected to:
Analyzing vulnerability scans at the network, operating system, database, and application levels on both internal and external systems within FactSet's enterprise
Coordinating with the applicable infrastructure teams to ensure remediation activities are tested, planned and implemented efficiently
Generate reports so system owners know what and how to mitigate findings
Create tickets to report (notify) and track mitigation
Identify and prove false positive findings document and create exclusions in the vulnerability scanner
Resolve tickets after findings have been mitigated
Assist engineers with remediation recommendations needed to resolve identified vulnerabilities
Assist in the implementation of security tools to security and development environments
The Cybersecurity Advisor in this position will spend 40% of their time providing development and maintenance support of an internal, enhanced vulnerability database.In this role you are expected to:
Architect scalable data analysis for assisting and influence engineers with remediation recommendations
Design compelling and scalable reporting using the vulnerability information from the vulnerability management platform
Design impactful tools for efficient triaging and resolving tickets
Analyze the vulnerability findings along with asset information to create impactful decisions and reporting for senior leadership.
The Cybersecurity Advisor in this position will spend 10% of their time focused on process improvement initiatives.In this role you are expected to:
Identify situations where our program is not functioning as expected, EX: failed credentials
Collaborate with team members to create/improve automation scripts using the vulnerability management platform
Improve the report process through various means like data exportation or via dashboards
Assist with the creation and maintenance of internal tools/scripts for security
Facilitate educational opportunities for patching and configuration practices
Continuously consider ways to improve the vulnerability management program and our processes
Look for ways to streamline or improve the jobs of other teams at FactSet