Sr.Analyst I-VAPT

Job Purpose (Job Summary): 

This role will perform vulnerability assessments against risk-prioritized infrastructure and applications. This position will serve as a security subject matter expert working with technology, and business partners in managing vulnerabilities and implementing adequate security controls to protect Invesco data and network.

Key Responsibilities / Duties:

• Perform vulnerability assessment on various types of technologies and infrastructure using tools (preferably Qualys). This may include:
• Network infrastructure and wireless networks
• Servers, platforms, containers, hosting infrastructure and services
• Application technologies (APIs, middleware, database, enterprise service bus, etc. )
• Cloud security controls and applications
• High value assets and critical infrastructure
• Review and analyze security vulnerability data to identify applicability and false positives.
• Assist with ongoing assessment of Invesco perimeter assets to identify exposures and weaknesses.
• Assist with red team assessments to identify security exposures and to evaluate effectiveness of security controls and response.
• Assist with producing high-quality papers, presentations, recommendations, and findings for Senior Level Management and Enterprise Technology Leaders
• Execute vulnerability triaging, escalation, and management workflows through innovation and continuous improvement.
• Provide internal remediation support through the design, implementation and integration of network infrastructure and information security controls.
• Participate in vulnerability management projects. Track deliverables and provide periodic updates to the leadership team. Escalate security and projects risk timely.
• Respond appropriately to cyber risk incident, the related investigations, managing situations with discretion, sensitivity, and objectivity, and with due consideration of chain-of-custody.
• Have a thorough understanding of technological requirements for Invesco s systems and provide guidelines to effectively mitigate security risks.
• Have understanding on security compliance and can perform compliance scans through various tools on the IVZ Infrastructure.
• Review/Analyze the compliance scan reports and help the teams in the remediation activities.
• Respond timely to ServiceNow tickets as needed.
• Keep current with industry best practices.
• Other duties as assigned.

Work Experience / Knowledge:

• Five plus years of Information Security or relevant experience
• Three plus years of Pen Testing or Vulnerability Assessment experience.
• Experience in the tool Splunk for vulnerability management automation capabilities.
• Cloud vulnerability assessment or pen testing experience preferred
• Experience with security issues in large networks
• Able to demonstrate experience, knowledge and skills in utilizing common penetration testing and vulnerability assessment tools and techniques
• Hands on experience with firewalls, routers, bridges, switches and gateway devices, appliances and software
• Knowledge of security industry best practices (e. g. SANS, NIST, CIS)

Technical Skills Required:

• Good understanding of security controls and common threats and vulnerabilities
• Knowledge of penetration testing frameworks
• Knowledge of security industry best practices (e. g. SANS, NIST, CIS)
• Understanding of common penetration testing methodologies (e. g. OSSTMM, OWASP)
• Ability to write scripts/tools to assist in automation is preferred
• Understanding of encryption technologies and common network protocols
• Ability to review and analyze security vulnerability data to identify applicability and false positives
• Patch management technologies and processes
• Wireless protocols and services
• Sound understanding of security principles, such as infrastructure security, identity and access management, vulnerability management, and secure coding.
• A keen analytical mind for problem solving, abstract thought, and offensive security tactics.

Other Skills Required:

• Good interpersonal skills (written and oral communication) and ability to articulate complex issues to executives and customers
• Make fact-based decisions using individual judgement and problem solving.
• Ability to communicate technical information clearly and concisely, commensurate with the audience
• Strong analytical skills with ability to define, collect, analyze data, establish facts, draw valid conclusions, and make fact-based decisions.
• Conceptual thinking and communication skills the ability to conceptualize complex business and technical requirements into comprehensible models and templates.
• Good communicator (written and verbal) and listener.
• Must be a team player and motivated self-starter with ability to work independently and remotely with limited supervision.
• Possesses diplomacy and cooperative style necessary to interface effectively with all personalities and across functional disciplines.
• Must be assertive, methodical and detail oriented
• Maintain strict confidentiality of all security issues including legal investigations, Compliance, and HR data requests