The Senior Cybersecurity Specialist will be a member of a team that focuses on systemic remediation programs such as Application, Infrastructure and Vendor security as well as efforts focused on supporting other cyber policy and operational programs. The goal is to ensure that Enterprise Cybersecurity (ECS) has effective operational, monitoring and oversight processes in place to minimize cyber risk and ensure that gaps are identified and remediated.
Collaborate within a team of cybersecurity professionals that can assess and assist in remediation efforts while holding accountable owners responsible for addressing gaps
Work with the ECS Penetration Test and Red Teams (referred to subsequently as AppSec findings) to understand and triage security vulnerabilities (findings) identified during a Penetration Test or Red Team campaign
Identify AppSec finding owner(s), work with Business Unit (BU) and application development teams to remediate or reduce the risk of those vulnerabilities and provide guidance and support to finding owners throughout the remediation process
Ensure solutions and remediation timeframes balance risk, cost, and capacity
Ensure monitoring processes are working effectively; strive for continuous improvement
Partner with the ISO Team to ensure proper escalation and remediation occurs according to policy and commitments
The Expertise You Have and The Skills You Bring
Understanding of Cloud and SaaS security concepts, configurations, and operations.
Exposure to Security Posture Management on SaaS/Cloud/Data/Applications is highly desired.
Bachelor's degree in a technology discipline (Cybersecurity/Computer Science/IT).
Proven knowledge of cybersecurity concepts, security controls, policy, risk management, and common application security vulnerabilities
Understanding of Vulnerability Remediation
Working knowledge of on-prem and cloud (AWS and/or Azure) environments and their key components
Understanding of Compensating Controls and when to apply them
Balance and drive multiple responsibilities and bodies of work across multiple teams
Familiarity and/or practical experience with API security concepts
Secure Application Development and Architecture
Security testing tools and frameworks
Preferred Skills
Cybersecurity certifications: CISSP, CISM, Security + and similar credentials
Security centered knowledge of at least one leading SaaS Platforms (e.g. M365/Salesforce/Service Now/Snowflake).
Programming knowledge in Python or equivalent
Experience with DevOps
Knowledge of third-party governance, risk & compliance tools, processes and systems
Web application development experience
Understanding security tools and reference guides (Burp Suite, Zap, OWASP Top 10)
Security operations experience
Enterprise-centric project management experience; PMI or Agile certification
Familiarity/experience with developing Business Intelligence for Security data
The Team
The Cyber Remediation team oversees the remediation of foundational or systemic cybersecurity policy, program, or risk standards and monitor for drift over time. We are part of the Cyber Operations & Analytics unit within Enterprise Cybersecurity and partner with each area to ensure an improved risk posture across the cyber environment to reduce the security risk to Fidelity Investments and ensure our customers can depend on us to lead the industry in securing their valuable information and financial assets they trust us to protect. Together, we can and do make a difference.
Certifications: