Vulnerability Management Specialist recruitment

This role is responsible for the operations for detecting security vulnerabilities present in platforms, infrastructure, networks and common production applications for the UBS global enterprise.
Working within the global Vulnerability Management team, this role involves the review and risk rating of security vulnerabilities pertinent to the UBS infrastructure, operating the vulnerability management toolkit to detect vulnerabilities and security risks across the enterprise and driving and tracking the security remediation progress across various responsible teams globally.
A key aspect of the role is the ongoing development and maintenance of reports and metrics to provide a visualization of the Bank’s vulnerability management effectiveness and security position, and identify weaknesses in controls in order to drive change and improvements and measure the success of these change initiatives.
This is a technical, hands-on role and the ideal candidate has experience working within a imilar function in a large, distributed environment, with a strong understanding of and nthusiasm for technical security concepts, security threats and vulnerabilities.

Key Responsibilities / Duties:

• Identifying published vulnerabilities affecting UBS and immediately understanding the exposure of the Bank’s assets
• Risk rating applicable vulnerabilities and communicating risks to relevant remediation streams
• Operating vulnerability assessment tools, including network scanners and host-based detection agents to provide continuous monitoring of the estate and detection of vulnerabilities. This includes the liaison and management of 3rd party vendors who provide independent vulnerability assessments of the UBS perimeter
• Ensuring an active assessment capability across all networks and infrastructure. Continuing to monitor the effectiveness of this assessment capability and working with engineering teams to improve the capability where necessary
• Automation and scripting of common tasks to increase efficiency
• The ongoing development of KPIs, reporting and metrics and communication as to the state of vulnerabilities globally.
• Continuous analysis of vulnerability and security data to identify trends and weaknesses with patching effectiveness or a growing number of vulnerabilities in a specific area. Communicating these reports and driving change and targeted improvements.
• Contributes to Security Technology initiatives and projects, such as involvement with the Security Operations Team, Threat Intelligence function and other teams
• Maintain strong working relationships with infrastructure teams and platform teams, communicates vulnerabilities, tracks remediation progress and influences process improvements
• Ensure compliance with relevant external requirements and internal policies and standards.
• Interacts with technology teams as required for the reporting of effective metrics and reports

Key Working Relationships:
• Security Technology teams globally, including close interaction with the Security Operations Centre, Threat Intelligence Function and Security Engineering functions
• Application Security team
• Risk teams globally
• Infrastructure teams, such as networking and platform owners
• Vendors, suppliers and third parties
• Functional professional peers and workgroups.

Key Skills and Attributes:

Essential:
• 8+ years experience working in IT, with at least 5 years experience working within a technical security capacity, specifically a vulnerability management and/or security operations space in a large distributed enterprise. It is expected that the candidate have a strong background in IT technical security, specifically the Vulnerability management space
• A passion and enthusiasm for IT Security. Stays up to date with technology trends, and security threats and vulnerabilities
• Excellent analytical skills, with the ability to breakdown complex problems into actionable steps without over-simplification
• Ability to communicate security-related concepts to a broad-range of technical and non-technical staff in an intelligent, articulate and persuasive manner
• Strong technical and collaboration skills, organizational and time management skills, communications (verbal and written) and interpersonal skills
• A strong understanding and hands-on experience with enterprise vulnerability assessment technologies including enterprise agents and broad-based network scanners.
• A strong understanding of OS hardening and techniques and OS-level vulnerabilities, specifically Windows and Unix systems
• A good understanding of web technologies and web security hardening techniques, including Apache/Tomcat and IIS
• A good understanding of infrastructure-level vulnerabilities, including Cisco devices and wireless technologies
• An understanding of database vulnerabilities and configuration security issues
• A broad knowledge of networking concepts, including subnets, firewalls, IDS, routing, switching. Should be able to analyse a network topology and draw conclusions around security controls and weaknesses
• Excellent SQL and reporting skills and an understanding and appreciation of KPIs and metrics and how they apply to a vulnerability management and security function. The ability to analyse complex sets of data, correlate and aggregate data and draw conclusions, identifying trends and patterns relevant to security control weaknesses and the tracking of vulnerability remediation progress.
• Lateral thinking, passionate, innovative and creative. Has the ability to work under pressure on exciting projects
• Results oriented, ability to influence outcomes with a hands-on attitude

Desirable:

• Highly desirable: experience within the Banking and finance sector. Ideally, having worked in a similar function in a global Bank.
• Some development and scripting experience. Ability to automate tasks.
• Security certifications including CISSP, SANS, etc
• Experience with Mcafee vulnerability management toolkit, incl Foundstone, Policy Auditor, Arcsight SIEM tool, IDS technologies such as Snort
• Application security knowledge, e.g an understanding of OWASP concepts and principles

It starts with you:

We can offer you an exciting, fast-paced working environment, a culture of mutual respect and teamwork and the opportunity to play a vital role in our growth. If you are attracted to joining an organization where every individual's contribution counts and where your talent will impact on our future, please apply for this position. It starts with you.

To read more about this opportunity and to submit your application, please click on the Apply for Job button. You will be redirected to the UBS career website where you can submit your CV. All applications will be reviewed and responded to by the UBS recruitment team.

Disclaimer/ Policy Statement: UBS is an equal opportunity employer. We respect and seek to empower each individual and the diverse cultures, perspectives, skills and experiences within our workforce.

• Admin

  New
  • Log in

• Recent Jobs

  • Full Stack Engineer
  • Senior Full Stack Developer
  • Software Developer Engineer
  • iOS/Android Developer
  • DevOps for Connected Heating Systems
  • IT Architect
  • Agile Scrum Coach
  • HTML5 Front End Developer
  • .Net Developer (Switzerland)
  • Software Testers

• Categories

  • Financial
  • General
  • Healthcare
  • Technology

• Archives

  • February 2016
  • January 2016
  • December 2015
  • November 2015
  • October 2015
  • September 2015
  • August 2015
  • July 2015
  • June 2015
  • May 2015
  • April 2015
  • March 2015

• Tags

  Accounting & Finance careers in the Australia Accounting & Finance careers in the Hong Kong SAR Accounting & Finance careers in the Singapore Accounting & Finance careers in the UK Accounting & Finance careers in the USA Accounting) Alabama Us Alberta Canada Arizona Us Asset Management Asset Management careers in the Hong Kong SAR Asset Management careers in the UK Asset Management careers in the USA Associate AVP Baden Württemberg Germany Bayern Germany Business Analyst California Us Call Centres Capital Markets Capital Markets careers in the UK Colorado Us Commodities Commodities careers in the UK Compliance Connecticut Us Consultancy Corporate Banking Credit Debt Derivatives Director District Of Columbia Us Driver Equities Equities careers in the UK Fixed Income) Fixed Income careers in the UK Florida Us Foreign Exchange F recruitment Georgia Us Home Counties Uk Ile Of France France Illinois Us Indiana Us Information Technology careers in the Hong Kong SAR Information Technology careers in the Singapore Information Technology careers in the UK Information Technology careers in the USA Investment Banking Iowa Us Kansas Us Kentucky Us Legal London recruitment London Uk Louisiana Us M & A careers in the UK Manager Maryland Us Massachusetts Us Michigan Us Midlands Uk Minnesota Us Missouri Us Money Markets New Jersey Us New South Wales Australia New York Us Noord Holland Netherlands Nordrhein-Westfalen Germany North Carolina Us North West Uk Ohio Us Oklahoma Us Ontario Canada Operations careers in the UK Oregon Us Pennsylvania Us Private Banking Project Manager Queensland Australia Risk Management careers in the UK South Australia Australia South Carolina Us Southern Uk South West Uk Tennessee Us Texas Us UK Victoria Australia Virginia Us VP Washington Us Western Australia Australia Wisconsin Us Yorkshire Uk Zuid Holland Netherlands

• Links

  • Name.ly
  • Who-El.se?

• RSS

  • Entries (RSS)
  • Comments (RSS)