Vulnerability Management Specialist recruitment

This role is responsible for the operations for detecting security vulnerabilities present in platforms, infrastructure, networks and common production applications for the UBS global enterprise.
Working within the global Vulnerability Management team, this role involves the review and risk rating of security vulnerabilities pertinent to the UBS infrastructure, operating the vulnerability management toolkit to detect vulnerabilities and security risks across the enterprise and driving and tracking the security remediation progress across various responsible teams globally.
A key aspect of the role is the ongoing development and maintenance of reports and metrics to provide a visualization of the Bank’s vulnerability management effectiveness and security position, and identify weaknesses in controls in order to drive change and improvements and measure the success of these change initiatives.
This is a technical, hands-on role and the ideal candidate has experience working within a imilar function in a large, distributed environment, with a strong understanding of and nthusiasm for technical security concepts, security threats and vulnerabilities.

Key Responsibilities / Duties:

• Identifying published vulnerabilities affecting UBS and immediately understanding the exposure of the Bank’s assets
• Risk rating applicable vulnerabilities and communicating risks to relevant remediation streams
• Operating vulnerability assessment tools, including network scanners and host-based detection agents to provide continuous monitoring of the estate and detection of vulnerabilities. This includes the liaison and management of 3rd party vendors who provide independent vulnerability assessments of the UBS perimeter
• Ensuring an active assessment capability across all networks and infrastructure. Continuing to monitor the effectiveness of this assessment capability and working with engineering teams to improve the capability where necessary
• Automation and scripting of common tasks to increase efficiency
• The ongoing development of KPIs, reporting and metrics and communication as to the state of vulnerabilities globally.
• Continuous analysis of vulnerability and security data to identify trends and weaknesses with patching effectiveness or a growing number of vulnerabilities in a specific area. Communicating these reports and driving change and targeted improvements.
• Contributes to Security Technology initiatives and projects, such as involvement with the Security Operations Team, Threat Intelligence function and other teams
• Maintain strong working relationships with infrastructure teams and platform teams, communicates vulnerabilities, tracks remediation progress and influences process improvements
• Ensure compliance with relevant external requirements and internal policies and standards.
• Interacts with technology teams as required for the reporting of effective metrics and reports

Key Working Relationships:
• Security Technology teams globally, including close interaction with the Security Operations Centre, Threat Intelligence Function and Security Engineering functions
• Application Security team
• Risk teams globally
• Infrastructure teams, such as networking and platform owners
• Vendors, suppliers and third parties
• Functional professional peers and workgroups.

Key Skills and Attributes:

Essential:
• 8+ years experience working in IT, with at least 5 years experience working within a technical security capacity, specifically a vulnerability management and/or security operations space in a large distributed enterprise. It is expected that the candidate have a strong background in IT technical security, specifically the Vulnerability management space
• A passion and enthusiasm for IT Security. Stays up to date with technology trends, and security threats and vulnerabilities
• Excellent analytical skills, with the ability to breakdown complex problems into actionable steps without over-simplification
• Ability to communicate security-related concepts to a broad-range of technical and non-technical staff in an intelligent, articulate and persuasive manner
• Strong technical and collaboration skills, organizational and time management skills, communications (verbal and written) and interpersonal skills
• A strong understanding and hands-on experience with enterprise vulnerability assessment technologies including enterprise agents and broad-based network scanners.
• A strong understanding of OS hardening and techniques and OS-level vulnerabilities, specifically Windows and Unix systems
• A good understanding of web technologies and web security hardening techniques, including Apache/Tomcat and IIS
• A good understanding of infrastructure-level vulnerabilities, including Cisco devices and wireless technologies
• An understanding of database vulnerabilities and configuration security issues
• A broad knowledge of networking concepts, including subnets, firewalls, IDS, routing, switching. Should be able to analyse a network topology and draw conclusions around security controls and weaknesses
• Excellent SQL and reporting skills and an understanding and appreciation of KPIs and metrics and how they apply to a vulnerability management and security function. The ability to analyse complex sets of data, correlate and aggregate data and draw conclusions, identifying trends and patterns relevant to security control weaknesses and the tracking of vulnerability remediation progress.
• Lateral thinking, passionate, innovative and creative. Has the ability to work under pressure on exciting projects
• Results oriented, ability to influence outcomes with a hands-on attitude

Desirable:

• Highly desirable: experience within the Banking and finance sector. Ideally, having worked in a similar function in a global Bank.
• Some development and scripting experience. Ability to automate tasks.
• Security certifications including CISSP, SANS, etc
• Experience with Mcafee vulnerability management toolkit, incl Foundstone, Policy Auditor, Arcsight SIEM tool, IDS technologies such as Snort
• Application security knowledge, e.g an understanding of OWASP concepts and principles

It starts with you:

We can offer you an exciting, fast-paced working environment, a culture of mutual respect and teamwork and the opportunity to play a vital role in our growth. If you are attracted to joining an organization where every individual's contribution counts and where your talent will impact on our future, please apply for this position. It starts with you.

To read more about this opportunity and to submit your application, please click on the Apply for Job button. You will be redirected to the UBS career website where you can submit your CV. All applications will be reviewed and responded to by the UBS recruitment team.

Disclaimer/ Policy Statement: UBS is an equal opportunity employer. We respect and seek to empower each individual and the diverse cultures, perspectives, skills and experiences within our workforce.