Lead Cybersecurity Analyst ( Vulnerability Management and Phishing)
Job Description
At Discover, be part of a culture where diversity, teamwork and collaboration reign. Join a company that is just as employee-focused as it is on its customers and is consistently awarded for both. We’re all about people, and our employees are why Discover is a great place to work. Be the reason we help millions of consumers build a brighter financial future and achieve yours along the way with a rewarding career.
As a Lead Cybersecurity Analyst (Vulnerability Management & Phishing), you will help ensure that our software and infrastructure is implemented and protected to meet or exceed security standards. You will perform vulnerability and threat assessments, among other duties, to help validate the security posture of Discover systems.
Responsibility of the role is as an active participant in developing the Cybersecurity roadmap, and delivering secure systems, cyber applications, technical projects and regulatory and risk requirements. This includes Cybersecurity framework, program optimization, vulnerability remediation, metrics reporting, performance analysis, and mitigation of operational risk in a high velocity culture. Requires high-level critical thinking to perform duties related to projects, compliance, metrics, assurance, vulnerabilities, or threats.
Responsibilities
- Identifies and evaluates potential vulnerabilities and drives the normalization, correlation, and integration of internal and subscription-threat intelligence source. Produces actionable intelligence in the form of reports, notifications, alerts, and briefings. Develops mitigation and countermeasure strategies from collected threat intelligence. Recognizes security violations and take appropriate action to report each incident, as required. Analyzes the organization’s cyber defense procedures and configurations, and evaluates compliance with regulations and organizational directives.
- Performs in-depth analysis of security issues and/or vulnerabilities. Ensures compliance to audit, regulatory, and legal requirements. Builds and maintains effective relationships with peers and internal business partners. Creates effective controls to address security concerns.
- Maintains in-depth knowledge of security trends and threats. Designs and develops security solutions and processes consistent with business goals and risk tolerance. Provides subject matter expertise for supported Cybersecurity technologies.
- Develops metrics and new capabilities to ensure confidentiality, integrity, availability, authentication, and non-repudiation. Measures effectiveness of defense-in-depth architecture against known vulnerabilities. Engages in reporting risk remediation assurance and automation/integration initiatives, and collaborates with stakeholders, at all levels, to ensure remediation is validated, risk is mitigated, and findings are fully closed/resolved.
Minimum Qualifications
At a minimum, here’s what we need from you:
- Bachelor’s Degree in Information Security, Computer Science, Business Administration, Data Analytics, or related field
- 4+ years of experience in Information Security, Computer Science, Business Administration, Data Analytics, or related field
- In lieu of a degree, 6+ years of experience in Information Security, Computer Science, Business Administration, Data Analytics, or related field
Preferred Qualifications:
If we had our say, we’d also look for:
- Experience performing security assessments in a corporate environment
- Experience utilizing vulnerability management tools in a corporate environment
- Demonstrated experience creating phishing campaigns and analyzing user compliance to phishing program
- In-depth experience finding security vulnerabilities (CVEs) and recommending remediation actions.
- Excellent understanding of a diverse range of technologies (such as enterprise applications, middleware, databases, network devices, etc.).
- Good organizational skills with the ability to take the appropriate actions, while also enforcing established security standards.
- Industry certifications (such as CISSP, CISM, GIAC).
#LI-LJ1
The same way we treat our employees is how we treat all applicants – with respect. Discover Financial Services is an equal opportunity employer (EEO is the law). We thrive on diversity & inclusion. You will be treated fairly throughout our recruiting process and without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status in consideration for a career at Discover.