Position Name: Senior Cybersecurity Analyst
Process Name: Security Assurance
Shift Timings: 09:30 AM - 06:30 PMABOUT FACTSET
FactSet combines hundreds of databases into a single, powerful information system. It is a one-stop source for financial information and analytics for business analysts, portfolio managers, investment bankers / management firms and other financial professionals to analyze companies, portfolios, markets & economies. Founded in 1978 and operating from 64 locations worldwide employing nearly 10000 people, FactSet has over $1.1 Billion in annual revenues and is headquartered in Norwalk, Connecticut. Our operations extend within North America as well as Europe and the Pacific Rim. Since 1996, the Company has been publicly traded on the New York Stock Exchange under the symbol FDS, and is dual- listed on the NASDAQ under the same symbol -integrated financial and economic information to the investment management and banking industries.VALUES THAT DEFINE OUR CULTURE
We are unified by the spirit of going above and beyond for our clients and each other. We look to foster a globally inclusive culture, enabling our people to be themselves at work and to join in, be heard, contribute, and grow. We continually seek to expand our workforce with diverse perspectives, backgrounds, and experiences. We recognize that our best ideas can come from anyone, anywhere, at any time and help us provide the best solutions for our clients around the globe.
Our inclusive work environment maximizes our diversity values, engagement, productivity, and ultimately makes FactSet a fun place to work.This position will report directly to the Security Assurance and Vulnerability Management Manager.
- Identify potential risks, threats, vulnerabilities and exploits in systems and applications through vulnerability and compliance assessments, and penetration testing
- Define information security policies and standards that support OS Hardening and secure configurations
- Support the automation of security testing and more efficient discovery, tracking, and resolution of security vulnerabilities
- Support the writing and creation of vulnerability database queries and the presentation of vulnerability data in dashboarding technologies
- Educate employees on applying updates and configuration best practices
- 2 - 4 years of experience with scripting/query languages such as SQL and Python
- 2+ years of relevant Systems or Security Engineering
- Bachelors or Masters in Computer Science/Engineering/Security or related field
- Detail-oriented and quality-driven with excellent communication and inter-personal skills
- Strong understanding of network topology
- Experience with SQL and Linux
- A desire to work in a DevOps role
- Able to deliver quality results in a high-energy/high-pressure environment
- Ability to multi-task and manage demands of many projects, issues, and tasks
- Ability to perform duties with minimal supervision
- Experience in security testing for cloud services (AWS, Azure) is a plus
- Experience in vulnerability management is a plus
- Relevant industry training and/or certification is a plus: CSSLP, CISSP, CEH, GPEN, CCNP
Tools and Capabilities:
- MySQL, MSSQL, NoSQL, Postgres
- Perl, Python, Shell Script or PHP
- Cloud Platforms (AWS, Azure)
- TCP/IP, HTTP(S), XMPP and DNS
Professional Position Overview:The Senior Cybersecurity Analyst will be responsible for completing the following tasks:
The Senior Cybersecurity Analyst in this position will spend 60% of their time providing DevOps support to the vulnerability management team. In this role you are expected to:
- Develop, document, and implement process changes that lead to improved efficiency and depth of assessments.
- Demonstrated ability to conduct root cause analysis when identifying problems.
- Proactively monitoring the security, capacity and availability of an enterprise network.
- Assessing security controls in accordance to security standards, frameworks, laws and policies.
- Ability to interpret policies, procedures, standards, guidelines, and regulations to include National Institute of Standards and Technology (NIST) and Federal Information Security Management Act (FISMA).
- Collect, track, and manage security artifacts and documentation.
- Enhancing and maintaining existing scripts and managing the process of asset tracking and scanning in a localized database
- Building out new capabilities related to asset management and tracking
- Reporting, including but not limited to:
- Draft, track and update technical reports
- Creation and maintenance of reporting dashboards to assist teams and leadership
- Organize, analyze and develop detailed asset state and vulnerability reports
The Senior Cybersecurity Analyst in this position will spend 30% of their time providing development and maintenance support of an internal, enhanced vulnerability database. In this role you are expected to:
- Create automation scripts using the vulnerability management platform
- Architect scalable data analysis for assisting and influence engineers with remediation recommendations
- Create compelling and scalable reporting using the vulnerability information from the vulnerability management platform
- Create impactful tools for efficient triaging and resolving tickets
- Analyze the vulnerability findings along with asset information to create impactful decisions and reporting for senior leadership.
The Cybersecurity Engineer in this position will spend 10% of their time focused on process improvement initiatives. In this role you are expected to:
- Conduct vulnerability scans at the network, operating system, database, and application levels on both internal and external systems within FactSet's enterprise
- Generate reports so system owners know what and how to mitigate findings
- Create tickets to report (notify) and track mitigation
- Create exclusions in the vulnerability scanner
- Resolve tickets after findings have been mitigated
- Assist engineers with remediation recommendations needed to resolve identified vulnerabilities
- Assist in the implementation of security tools to security and development environments
- Identify situations where our program is not functioning as expected, EX: failed credentials
- Improve the report process through various means like data exportation or via dashboards
- Assist with the creation and maintenance of internal tools/scripts for security
- Facilitate educational opportunities for patching and configuration practices
- Continuously consider ways to improve the vulnerability management program and our processes
- Look for ways to streamline or improve the jobs of other teams at FactSet