Sr. Staff - Vulnerability Remediation Analyst

Apply Now    
Job ID:
20170921-4879
Job Category:
Information Technology
Relevant Work Experience:
IT-Other Specialty Engineering-6+ yrs
Current Licenses / Certifications:
None
Position Located In:
AZ - Phoenix
Education:
BA/BS
Job Type:
Full Time
Description:

We believe that, when done right, investing liberates people to create their own destiny. We are driven by our purpose to champion every client’s goals with passion and integrity. We respect and appreciate the diversity of our employees, our clients, and the communities we serve. We challenge conventions strategically to create value for our clients, our firm and the world. We live and bring to life the concept of ‘own your tomorrow’ every day. We champion our employee strengths, guide their development, and invest in their long-term success. We hire optimistic, results-oriented, curious, innovative, and adaptable people with the desire to help our clients and one another succeed.

As a company, we were established by Chuck over 40 years ago to champion Main Street over Wall Street, and to help Americans transform themselves from earners to owners. Through advocacy and innovation, we work to make investing more affordable, accessible and understandable for all.  As we enter our fifth decade, we are looking for talented, innovative and driven people who believe they can help themselves, and our clients, create a better future.

Our Opportunity:

The Senior Vulnerability and Risk Analyst will assist with day-to-day operations to ensure that the requirements of the Schwab Information Security Policy are carried out for any technology functions related to vulnerability and threat risk management: identification, remediation, mitigation, and reporting. 

What you’ll do:

Vulnerability Identification and Analysis

  • Manage the enterprise vulnerability assessment program, which will include conducting regular patch & configuration vulnerability assessments against core infrastructure via commercial scanning tools (i.e. Rapid7, Nessus, TripWire, Qualys, etc)
  • Research & Evaluate threats and vulnerabilities to assist in prioritization of remediation actions
  • Investigation of conflicting compliance reports (failed patches, patch supersedence, failed GPO application, etc)
  • Monitor for compliance & drift against corporate security standards
  • Provide real time decision making for ongoing information security incidents as they occur
  • Maintain current knowledge of all Schwab configuration security baselines and patch standards
  • Optimize and ensure the continued & effective operation of the information security control process life-cycle, including release dates, severity patch timelines, burn-in cycles, & corporate infrastructure freezes.

Remediation & Mitigation 

  • Partner with currency teams and application owners to ensure remediation of identified vulnerabilities occurs within noted  timeframes and in adherence with corporate change control policies
  • Ensure proper system owners are filing exceptions within Archer, when requested
  • Develop and maintain methods to validate identified vulnerabilities are resolved
  • Develop escalation procedures for all vulnerabilities not remediated within set guidelines

Reporting

  • Creation of metrics highlighting current infrastructure compliance ratings
  • Creation of compliance trending reports
  • Develop and deliver communications to senior management regarding strategic security risks and threats 
  • Partner with appropriate groups to help ensure all system information is current and accurate in CMDB
  • Develop reports highlighting current ‘at risk’ asset groups

Consultation

  • Provide consultative services to department management and IT project teams to help raise awareness of Information Security issues and concerns affecting the corporation 
  • Provide oversight and guidance to less experienced team members 
  • Act a mentor to less experienced colleagues 

What you have:

  • Bachelor’s degree (BS preferred) or equivalent experience
  • Working knowledge and experience with diverse IT architectures and enterprise IT data centers, external hosted services and cloud computing environments.
  • Knowledge and experience with physical and virtual server configurations and implementations.
  • Experience with configuration management, change control processes, problem determination, root cause analysis, risk assessment, & exception management.
  • Working knowledge of CIS Baselines, NIST, vendor security guidelines, etc.
  • 2+ years technical operations providing system/platform support

Technical Skills:

  • Working knowledge and comfortable with programming in at least one “interpreted language” (i.e. Perl, Python, Java, JavaScript, etc.).
  • Working knowledge of both windows and nix based operating systems
  • Advanced knowledge of elements of information technology stack ( i.e. network, operating system,     sub-system, display/application) and inter-relationships between the various functional components

Information Security Knowledge:

  • Experience in overseeing the implementation, maintenance and compliance with government/industry information security regulations/frameworks (SOX, FDIC, FFIEC, NIST, and ISO) 
  • Experience using and supporting commercial vulnerability and compliance scanning products (e.g. Qualys, Rapid7, TripWire, Foundstone, nCircle, Nessus)

Personality & Capabilities:

  • Self-motivated
  • Able to work effectively
  • Manage multiple priorities, requests and tasks with minimal supervision

You demonstrate these behaviors:

Curious: Constantly learns more about our clients, competitors, industry and the broader market to drive insights and decisions

Innovative: Defines a compelling vision of the future, and develops breakthrough ideas, whether big or small, that support that vision

Overcomes Barriers: Takes responsibility for addressing obstacles that hinder our people and our business

Delivers Results: Delivers positive results regardless of circumstances, utilizing the right mix of analysis, judgment, agility and urgency

What you’ll get:

 

  • Comprehensive Compensation and Benefits package
  • Financial Health: 401k Match, Employee Stock Purchase Plan, Employee Discounts, Personalized advice, Brokerage discounts
  • Work/Life Balance: Sabbatical, Paid Parental Leave, New Mothers returning to work Program, Tuition Reimbursement Programs, Time off to volunteer, Employee Matching Gifts Program
  • Everyday Wellness: Health and Lifestyle Wellness Rewards, Onsite Fitness Classes, Healthy Food Choices, Wellness Champions
  • Inclusion: Employee Resource Groups, Commitment to diversity, Strategic partnerships
  • Not just a job, but a career, with an opportunity to do the best work of your life

Learn more about Life@Schwab.

Charles Schwab & Co., Inc. is an equal opportunity and affirmative action employer committed to diversifying its workforce. It is Schwab's policy to provide equal employment opportunities to all employees and applicants without regard to race, color, religion, sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), gender identity or expression, national origin, ancestry, age, disability, legally protected medical condition, genetic information, marital status, sexual orientation, protected veteran status, military status, citizenship status or any other status that is protected by law.


Job Specifications
Relocation Offered?: No
Work Schedule: Days
Languages: English - spoken
Current Licenses / Certifications: None
Relevant Work Experience: IT-Other Specialty Engineering-6+ yrs
Position Located In: AZ - Phoenix
Education: BA/BS
Job Type: Full Time

Category:Information Technology
Activation Date: Thursday, October 19, 2017
Expiration Date: Saturday, December 30, 2017
Apply Here
Apply Now    
Link for schema

Brokerage Products: Not FDIC Insured • No Bank Guarantee • May Lose Value

Charles Schwab & Co., Inc. is an equal opportunity and affirmative action employer committed to diversifying its workforce. It is Schwab's policy to provide equal employment opportunities to all employees and applicants without regard to race, color, religion, sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), gender identity or expression, national origin, ancestry, age, disability, legally protected medical condition, genetic information, marital status, sexual orientation, protected veteran status, military status, citizenship status or any other status that is protected by law. Schwab also does not discriminate against applicants or employees because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant.

At Schwab, we believe that every employee, through their diverse abilities and experiences, can contribute to our growth, innovation and client loyalty. We embrace diversity and are committed to providing equal opportunity to all employees and applicants. If you have a disability, and require reasonable accommodations in the application process, call Human Resources at 800-725-3535. We will be happy to assist you. Schwab will only share your accommodation request with those individuals who have a specific need to know. The request for an accommodation will not affect Schwab’s hiring decisions. All other submissions should be performed online.

The Charles Schwab Corporation provides a full range of securities, brokerage, banking, money management, and financial advisory services through its operating subsidiaries. Its broker-dealer subsidiary, Charles Schwab & Co., Inc. (“Schwab”), Member SIPC , offers investment services and products, including Schwab brokerage accounts. Its banking subsidiary, Charles Schwab Bank (member FDIC and an Equal Housing Lender), provides deposit and lending services and products.