US Citizen
Green Card
EAD (OPT/CPT/GC/H4)
H1B Work Permit
Corp-Corp
W2-Permanent
W2-Contract
Contract to Hire
Consulting/Contract
UG :- - Not Required
PG :- - Not Required
No of position :- ( 1 )
Post :- 21st Oct 2023
Natixis is looking for a Cyber Security Analyst specializing in vulnerability and patch management (VPM). The VPM specialist will play a key role in producing regular metrics, KPMs and working with KRIs. They will interact regularly with our vulnerability management data, systems and staff as well as create and follow, on a regular basis, plans of action and milestones. The Cyber Security Analyst will also be responsible for maintaining process and procedure documentation on all aspects of the VPM program.
Essential duties and responsibilities
Ability to focus on our strategic vision and demonstrate a track record to successfully deliver business objectives.
Provide strong and regular reporting for VPM related topics
Coordinate with global and local teams address plans of action and milestones
Calculate and respond to key performance indicators – track mitigations to improve performance metrics.
Participate in vulnerability assessments and remediation activities, track software and system updates, and strengthen compliance around the use of approved tools and best practices - secure coding guides.
Network security architecture skills are required.
Familiarity with security and IT Risk frameworks (COBIT, ISO, NIST as well as FFIEC handbooks)
Familiarity with Incident response and crisis management programs
Strong knowledge of SPLUNK, Qualys, Excel and Power Platform for data analytics
Must be a team player who can work with and cooperate with head office and local cyber security teams (first line of defense) and Information Security Group/Compliance (Second Line of defense) to share information and create a global view of security status.
Provide backup support for cyber security projects, incidents, action plans, remediation of findings, and audit points.
Off-hour availability may be required to address emergent threats
Supervisory responsibilities (if applicable):
Description of duties which require licensing
Required education and/or experience:
BA/BS in information Security and at least 5-years’ experience.
At 2-5 years of demonstrated experience in vulnerability management reporting including the oversite of “Plans of Action and Milestones (POAM).
Experience with SPLUNK
Experience with vulnerability assessment products: Qualys
Knowledge of system security vulnerabilities and remediation techniques, including penetration testing and the ability to unit test remediations with exploits tools.
Experience reporting and analysis tools – PowerBI, Advanced Excel/PowerQuery.
Candidate must possess experience creating management level presentation materials
Knowledge of network and web-related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, BGP etc.)
Excellent teamwork skills, ability to collaborate with local staff as well as Paris based staff
Strong sense of ownership and drive
Strong organizational and time management skills, attention to detail and ability to manage priorities.
Able to proactively identify risk and drive remediation, assist with automation and efficient controls design.
Develop and manage metrics and performance through tracking, reporting and active engagement with management for continuous improvement of our security landscape. Develop horizontal view of risk posture across multiple technology domains.
The position will operate transversely across multiple departments - Strong communication and analytic skills are absolutely required.
Training/skills required (i.e. specific language, systems or database knowledge)
SPLUNK, Qualys, clear understanding of key network devices (routers, switches, firewalls, proxies, web gateway, NAC, IDS tools etc), Application Security related OWASP knowledge, Candidate must have strong presentation skills and a business centric view of information security.