• US Citizen

• Green Card

• EAD (OPT/CPT/GC/H4)

• H1B Work Permit

• Corp-Corp

• W2-Permanent

• W2-Contract

• Contract to Hire

• Consulting/Contract

• UG :- - Not Required

• PG :- - Not Required

• No of position :- ( 1 )

• Post :- 21st Oct 2023

Natixis is looking for a Cyber Security Analyst specializing in vulnerability and patch management (VPM).  The VPM specialist will play a key role in producing regular metrics, KPMs and working with KRIs.  They will interact regularly with our vulnerability management data, systems and staff as well as create and follow, on a regular basis, plans of action and milestones.  The Cyber Security Analyst will also be responsible for maintaining process and procedure documentation on all aspects of the VPM program.
 

Essential duties and responsibilities
 

Ability to focus on our strategic vision and demonstrate a track record to successfully deliver business objectives.

Provide strong and regular reporting for VPM related topics

Coordinate with global and local teams address plans of action and milestones

Calculate and respond to key performance indicators – track mitigations to improve performance metrics.

Participate in vulnerability assessments and remediation activities, track software and system updates, and strengthen compliance around the use of approved tools and best practices - secure coding guides.

Network security architecture skills are required.

Familiarity with security and IT Risk frameworks (COBIT, ISO, NIST as well as FFIEC handbooks)

Familiarity with Incident response and crisis management programs

Strong knowledge of SPLUNK, Qualys, Excel and Power Platform for data analytics

Must be a team player who can work with and cooperate with head office and local cyber security teams (first line of defense) and Information Security Group/Compliance (Second Line of defense) to share information and create a global view of security status.

Provide backup support for cyber security projects, incidents, action plans, remediation of findings, and audit points.

Off-hour availability may be required to address emergent threats

Supervisory responsibilities (if applicable):

Description of duties which require licensing

Required education and/or experience:

BA/BS in information Security and at least 5-years’ experience.

At 2-5 years of demonstrated experience in vulnerability management reporting including the oversite of “Plans of Action and Milestones (POAM).

Experience with SPLUNK

Experience with vulnerability assessment products: Qualys

Knowledge of system security vulnerabilities and remediation techniques, including penetration testing and the ability to unit test remediations with exploits tools.

Experience reporting and analysis tools – PowerBI, Advanced Excel/PowerQuery.

Candidate must possess experience creating management level presentation materials

Knowledge of network and web-related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, BGP etc.)

Excellent teamwork skills, ability to collaborate with local staff as well as Paris based staff

Strong sense of ownership and drive

Strong organizational and time management skills, attention to detail and ability to manage priorities.

Able to proactively identify risk and drive remediation, assist with automation and efficient controls design.

Develop and manage metrics and performance through tracking, reporting and active engagement with management for continuous improvement of our security landscape.  Develop horizontal view of risk posture across multiple technology domains.

The position will operate transversely across multiple departments - Strong communication and analytic skills are absolutely required.

Training/skills required (i.e. specific language, systems or database knowledge)

SPLUNK, Qualys, clear understanding of key network devices (routers, switches, firewalls, proxies, web gateway, NAC, IDS tools etc), Application Security related OWASP knowledge,  Candidate must have strong presentation skills and a business centric view of information security.