Threat & Vulnerability Engineer – First Republic Bank – New York, NY
At First Republic, we care about our people. Founded in 1985, we offer extraordinary client service in private banking, private business banking and private wealth management. We believe that personal connections are everything and our success is driven by the relationships we form with our colleagues and clients. You’ll always feel empowered and valued here.
Incredible teams doing exceptional work, every day.
Information Security supports the business’ objectives by implementing state of the art cybersecurity technologies and practices so that we are well-prepared to protect Company’s systems and data from cyber-attacks and other unplanned disruptions.
The Threat and Vulnerability Security Engineer provides security oversight to First Republic Bank’s computing environment.
Oversight is achieved by monitoring and investigating potential security vulnerabilities and threats as reported by FRB’s security tools; performing security data analytics; identifying and addressing potential data loss channels; and staying apprised of potential security challenges through the gathering and processing of cyber intelligence.
The position will work closely with other Network Security Engineers and Information Services personnel to ensure appropriate controls are in place, and to ensure that security policies are being effectively employed.
Responsibilities And Duties
- Information Security Threat and Vulnerability Management
- Responsible for configuring vulnerability assessment tools, as well as performing scans, researching and analyzing vulnerabilities, identifying relevant threats, corrective action recommendations, summarizing and reporting results.
- Analyze penetration test results and engage with technology partners and business units in order to resolve identified vulnerabilities within SLAs.
- Approaches for addressing vulnerabilities include system patching, deployment of specialized controls, code or infrastructure changes, and changes in development processes.
- Identify and resolve any false positive findings in assessment results.
- Information Security Threat and Vulnerability
- Reporting Produce metrics and reporting on the state of system security, threat, vulnerability and patch management.
- Design and deliver actionable Information Security dashboards and scorecards.
- Analyze data sources and recommend optimal data sources to provide relevant reporting.
- Provide IT Governance metrics and reporting
- Oversee Remediation Activities:
- Manage tracking and remediation of vulnerabilities by leveraging agreed-upon action plans and timelines with responsible technology developers and support teams.
- Recommend appropriate policy, standards, process, and procedural updates as part of comprehensive remediation solutions.
- Validate remediation by reviewing application updates or deployed mitigations to verify resolution.
You could be a great fit if you have:
- BS in Computer Science or equivalent
- Technical network (e.g. CCNA, CCNP Security) and security certifications highly desirable (e.g. CISA, CISSP, GCIH).
- Understanding of controls (e.g. access control, auditing, authentication, encryption, integrity, physical security, and application security).
- Must be well versed in operating systems such as Linux as well as Windows environments, Active Directory, VPN systems, encryption schemas and algorithms, various authorization and authentication mechanisms/software, network monitoring and sniffing, TCP/IP networks and vulnerability and threat management tools (including network based scanners).
- Experience with vulnerability scanners, vulnerability management systems, patch management, and host based security systems. Host Based Security Systems, patch management.
- Beneficial if experienced in Database Activity Monitoring Systems (DAM), and Web Application Firewalls (WAF).
- Ability to provide quality deliverables on time and on budget.
Need Security Training? Certifications at Your Own Pace
- IBM Cybersecurity Analyst Professional CertificateIntroduction to Cybersecurity Tools & Cyber Attacks by IBM
- Generative Adversarial Networks (GANs) Specialization from DeepLearning.AI
- Agile Leadership Specialization from the University of Colorado
- International Cyber Conflicts from the State University of New York (SUNY)
- IT Fundamentals for Cybersecurity Specialization by IBM
- Google Cloud Security Professional Certificate from Google Cloud
- Google Cloud Networking Professional Certificate from Google Cloud
- Introduction to Blockchain Specialization from Association of International Certified Professional Accountants
Own your work and your career – apply now
Are you willing to take initiative and make decisions? Are you willing to go the extra mile because you love what you do and how you can contribute as a team? Do you want the freedom to grow and the opportunity to take charge of your own career? If so, then come join us.
We want hard working team players. You’ll have the independence to learn, lead and drive change. A culture of extraordinary service, empowerment and stability – that’s the First Republic way. Come join us!
This job description is not intended to be all-inclusive. Employee may perform other related duties as assigned to meet the ongoing needs of the organization. The Company is an equal opportunity employer. In this regard, the Company makes reasonable accommodations for qualified applicants and employees with disabilities in order to enable them to perform all essential job functions, unless doing so creates an undue hardship.
First Republic is subject to federal laws that restrict the employment of individuals with certain types of criminal histories, including FDIA Section 19 and FINRA. To the extent not inconsistent with our obligations under those federal laws and regulations, First Republic will consider qualified candidates with criminal histories in a manner consistent with the Los Angeles and San Francisco ban-the-box laws.