Senior Information Security Analyst Vitech Systems Group
New York, NY

Job Description

Position: Senior Information Security Analyst

Location: New York, NY

About Vitech

Vitech is one of the world's leading providers of financial and benefit administration software. We serve insurance, retirement and investment organizations and our over 100 clients include the premier entities in each of our markets. Our software, V3, is a unique administration platform specifically designed to address the unique needs of group benefits and alternative asset administration.

We are headquartered in New York City with staff and clients located across the United States and around the world. We provide the V3 software, implementation and support services and offer cloud-based solution hosting. We employ over 1000 full time employees experienced in both enterprise software technology and the specific business domains in which we work.

We are dedicated to helping our clients improve their market agility, raise their service levels and streamline their operations while consolidating and modernizing their legacy administration platforms. Our clients collectively administer over $1 trillion in coverage and serve nearly 20 million individuals.

Here's your chance to join a dynamic, global team of technology and domain subject matter experts, developers, quality assurance experts and business analysts who are helping shape the future of technology. We offer a competitive compensation package and a comprehensive benefits program to ensure employees' health, well-being and financial security.

Overview:

The Senior Information Security Analyst is responsible for ensuring the overall security of Vitech's Infrastructure/Networks and Applications are secure from vulnerabilities. The analyst will be instrumental in creating a vulnerability management program for the organization. This is a hands-on role with tremendous growth potential and the opportunity to interface with senior leadership.

Responsibilities:

* Responsible for configuring vulnerability assessment tools, as well as performing internal and external vulnerability scans and penetration tests on systems, applications, networks, and databases.
* Analyze penetration test results and engage with technology partners and business units to resolve identified vulnerabilities within SLAs.
* Manage tracking and remediation of vulnerabilities by leveraging agreed-upon action plans and timelines with responsible technology developers and support teams.
* Recommend appropriate policy, standards, process and procedural updates as part of comprehensive remediation solutions.
* Validate remediation by reviewing application updates or deployed mitigations to verify resolution.
* Identify and resolve any false positive findings in assessment results.


* Contribute to building and delivering services, solutions and processes that enable security defects to be found, fixed or avoided before applications are released to production.
* Manage tracking and remediation of vulnerabilities by creating agreed-upon action plans and timelines with responsible software developers and support teams.
* Explain the significance and risk associated to discovered vulnerabilities.
* Create metrics and reporting on the state of the company's security stack, threats, vulnerabilities and patch management. Design and deliver actionable Information Security dashboards and scorecards.
* Organize and manage external third-party assessments (e.g., penetration tests, social engineering assessments, targeted assessments).
* Regularly review SIEM logs and initiate incident management procedures for suspicious activity.
* Track public and privately released vulnerabilities and oversee the triage process including: identification, criticality evaluation, remediation planning, communication, and resolution.
* Keep up with the changing nature of security threats and researches and investigates new and emerging vulnerabilities and participate in external security communities.

Skills and Qualifications:

* Ability to perform vulnerability assessments and penetration testing using manual testing techniques, scripts, commercial and open source tools
* Must be able to work in a highly fast-paced environment and across organization boundaries
* Minimum 2 years of hands-on experience with Splunk
* Minimum 2 years of hands-on experience with InsightVM (Rapid 7)
* Hands-on experience with AWS is highly desired
* Understanding of Oracle and/or Postgres highly desired
* Technical network (e.g. CCNA, CCNP Security) and security certifications highly desirable (e.g. CISA, CISSP, GCIH)
* Understanding of security controls (e.g. access control, authentication, encryption, integrity, and application security)
* Hands-on experience with Linux as well as Windows environments
* Must be extremely knowledgeable with Active Directory, VPN systems, encryption schemas and algorithms, various authorization and authentication mechanisms/software, network monitoring and sniffing, TCP/IP networks and vulnerability and threat management tools.
* Must possess excellent communication skills (written, verbal).
* Must be able to work with technical and non-technical individuals alike.

Vitech Systems Group is an equal opportunity employer (EOE) and strongly supports diversity in the workforce.