Principal Technology Risk Analyst - 1606043
Company: Fidelity Investments
Location: Merrimack, NH
Posted on: June 17, 2016
Job Description:
Duties: Serve as a member of Enterprise Cybersecurity (ECS)
Penetration Testing (Pen Test) team. ECS Pen Test's mission is to protect
Fidelity's assets, brand and our customers, from identifying
vulnerabilities in our systems and gaps in our processes through enabling business
units to resolve these vulnerabilities, in a positive, collaborative,
innovative environment. The Principal Technology Risk Analyst will provide
technical leadership to the team, mentoring to new members, and business
partnership to internal business units. Will be responsible for leading
and conducting penetration testing and security evaluations of
multiple products and platforms (Web applications, mobile applications
and platforms, wireless infrastructure, sensor network
infrastructure); serving as the designated internal Subject Matter Expert (SME) for web
security and Android mobile security; creating technical documentation and
performing hands-on assistance for onboarding new members; and working with
internal business units to enable them to efficiently fix security
findings. Primary responsibilities: • Develop technical solutions for streamlining and
maximizing automation of security testing. • Lead the evaluation, development and implementation of
security products, standards, procedures and guidelines for multiple
platforms and diverse systems environment (e.g., company-wide, distributed,
Client Server systems, and e-applications). • Lead and perform penetration tests on web applications and
mobile applications to identify security vulnerabilities, including
cross-site scripting, cross-site request forgery, SQL injection,
information leaking, session mismanagement, authorization vulnerabilities and
information leakage. • Develop and publish penetration testing guidance pertaining to
the development, implementation and support of technology
solutions. • Provide intelligence on application security metrics to
inform management decisions. • Provide risk management support and vulnerability
remediation training to clients. • Provide mentoring and onboarding training to new members of
the team. Requirements: Bachelor’s degree (or foreign education
equivalent) in Engineering, Information Systems, Information Technology,
Computer Science, Mathematics, a Physical Science discipline or a closely related
field and five (5) years of experience in the job offered or five (5)
years of experience in network and application development within a
financial services environment; or, alternatively, Master’s degree (or
foreign education equivalent) in Engineering, Information Systems,
Information Technology, Computer Science, Mathematics, a Physical Science
discipline or a closely related field and three (3) years of experience in the
job offered or three (3) years of experience in network and
application development within a financial services environment. Candidate
must also possess: Demonstrated Expertise (DE) in penetration testing of:
internal and external web applications using vulnerability scanners
(NMAP, Nessus, SQLMap), intrusion testers (Core Impact, Metasploit) and web
application scanners (AppScan, Burp Suite Pro); mobile applications for the
Android (MobSF, drozer, adb) and iOS platform; and, network
infrastructure, including sensor networks; DE in data analysis, manipulation and
mining within an Oracle environment; DE in integration of application
security within an Agile development environment; DE in enterprise web
application development. To apply, visit http://jobs.fidelity.com and search for Job
Number 1606043.
Keywords: Fidelity Investments, Nashua , Principal Technology Risk Analyst - 1606043 , Finance , Merrimack, NH, New Hampshire