Vulnerability Management - Risk and Mitigations Analyst

About The Position

Requirements

• 3+ years of information security experience
• Ability to consider short term and long term implications of a recommended solution
• Ability to make difficult decisions in unique situations, present recommendations under pressure to senior leadership and to cross-functional teams that may have conflicting positions
• Knowledge and understanding of structuring complex data across varied data sources
• Strong organizational, task switching, and prioritizing skills
• Ability to work independently and solve challenging problems while collaborating with stakeholders
• Advanced communication skills, both orally and written, including at a senior executive level.
• Knowledge of IT architecture and operations (computing, network, storage & cloud)
• Ability to collaborate and influence within a geographically dispersed organisation.
• Proven expertise in vulnerability scanning tools, including interpreting scan results based on detection logic.
• Strong knowledge of patch management processes, covering prioritization and deployment strategies.
• An understanding of networking fundamentals, including TCP/IP, common network protocols, firewalls, subnetting, routing, and switching.
• Experience with Linux and Windows operating systems, including system hardening and troubleshooting.
• Comprehensive understanding of common vulnerabilities and mitigation techniques to ensure secure environments.

Nice To Haves

• Familiarity with cloud and AI platforms.
• Scripting skills are a plus for automation and process optimization.

Responsibilities

• Maintain situational awareness, collaborate, influence and lead initiatives across the enterprise
• Work closely with business units to understand people, process, and technology in order to build effective vulnerability management strategies
• Analyze vulnerability assessments and remediation plans
• Synchronize with Cyber Defense Center to monitor and research information sources to assess risk to the enterprise
• Update and maintain vulnerability management runbooks and playbooks
• Maintain operational effectiveness
• Update and communicate operational metric
• Researching vulnerability risk scenarios, including Common Vulnerabilities and Exposures (CVE), tactics, techniques and procedures (TTPs) and attack chains.

Benefits

• Employees are eligible to participate in State Street’s comprehensive benefits program, which includes: our retirement savings plan (401K) with company match; insurance coverage including basic life, medical, dental, vision, long-term disability, and other optional additional coverages; paid-time off including vacation, sick leave, short term disability, and family care responsibilities; access to our Employee Assistance Program; incentive compensation including eligibility for annual performance-based awards (excluding certain sales roles subject to sales incentive plans); and, eligibility for certain tax advantaged savings plans.
• For a full overview, visit https://hrportal.ehr.com/statestreet/Home.