Lead Vulnerability Management Analyst at Discover
Discover. A more rewarding way to work.
At Discover Financial Services, you’ll find yourself in the company of some of the industry’s smartest and most reliable professionals. And at a company that rewards dedication, values innovation and supports growth.
Thrive in an environment that promotes teamwork and shared success. Build on a foundation of mutual respect. Join the company that understands rewarding careers like no other, with this exceptional opportunity:
At Discover, be part of a culture where diversity, teamwork and collaboration reign. Join a company that is just as employee-focused as it is on its customers and is consistently awarded for both. We’re all about people, and our employees are why Discover is a great place to work. Be the reason we help millions of consumers build a brighter financial future and achieve yours along the way with a rewarding career.
As a Lead Cybersecurity Analyst (Vulnerability Management), you will help ensure that our software and infrastructure is implemented and protected to a high level of security standards. You will perform threat analysis, vulnerability assessments, and system configuration analysis among other duties to help validate the security posture of Discover systems and infrastructure. You will work closely with operations and engineering teams to enhance our security posture.
Responsibility of the role is as an active participant in developing the Cybersecurity roadmap, and delivering secure systems, cyber applications, technical projects and regulatory and risk requirements. This includes Cybersecurity framework, program optimization, vulnerability remediation, metrics reporting, performance analysis, and mitigation of operational risk in a high velocity culture. Requires high-level critical thinking to perform duties related to projects, compliance, metrics, assurance, vulnerabilities, or threats.
- Identifies and evaluates potential vulnerabilities and drives the normalization, correlation, and integration of internal and subscription-threat intelligence source. Produces actionable intelligence in the form of reports, notifications, alerts, and briefings. Develops mitigation and countermeasure strategies from collected threat intelligence. Recognizes security violations and take appropriate action to report each incident, as required. Analyzes the organization’s cyber defense procedures and configurations, and evaluates compliance with regulations and organizational directives.
- Performs in-depth analysis of security issues and/or vulnerabilities. Ensures compliance to audit, regulatory, and legal requirements. Builds and maintains effective relationships with peers and internal business partners. Creates effective controls to address security concerns.
- Maintains in-depth knowledge of security trends and threats. Designs and develops security solutions and processes consistent with business goals and risk tolerance. Provides subject matter expertise for supported Cybersecurity technologies.
- Develops metrics and new capabilities to ensure confidentiality, integrity, availability, authentication, and non-repudiation. Measures effectiveness of defense-in-depth architecture against known vulnerabilities. Engages in reporting risk remediation assurance and automation/integration initiatives, and collaborates with stakeholders, at all levels, to ensure remediation is validated, risk is mitigated, and findings are fully closed/resolved.
At a minimum, here’s what we need from you:
- Bachelor’s Degree in Information Security, Computer Science, Business Administration, Data Analytics, or related field
- 4+ years of experience in Information Security, Computer Science, Business Administration, Data Analytics, or related field
- Must have experience using vulnerability management tools in a corporate environment
- In lieu of a degree, 6+ years of experience in Information Security, Computer Science, Business Administration, Data Analytics, or related field
If we had our say, we’d also look for:
- In-depth experience finding security vulnerabilities (CVEs) and recommending remediation actions.
- Excellent understanding of a diverse range of technologies (such as enterprise applications, middleware, databases, network devices, etc.).
- Good organizational skills with the ability to take the appropriate actions, while also enforcing established security standards.
- Industry certifications (such as CISSP, CISM, GIAC).
Discover Financial Services is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran status, among other things, or as a qualified individual with a disability.
So, what are you waiting for? Apply today!