A Japanese leading financial service company is looking for an experienced Security Analyst (Vulnerability Management) in its Tokyo, office. The successful candidate will be working at management of shared service team at the group Security Control Department. The team needs to deliver two main tasks as below.
The Vulnerability Analyst role sits inside the SOC and Reporting function whose role is to oversee the effective operation of security controls. Most of this effort is towards the actual operation of shared security capabilities delivered through centrally run services. These are centered around vulnerability management, asset management, logging & monitoring and awareness training.
As the technical lead for an area that exists as a Global Shared Service, the expectations of the role also extends to the deployment and evolution of the vulnerability management capability and standard tooling. This includes supporting the primary technical expert in driving further integration of the globally standard service and ensuring the correct integration and ongoing operation of the tooling.
The Vulnerability Management Analyst will be responsible for overseeing the vulnerability identification tooling across the globally via the deployment of a collection of tools that actively monitor thousands of endpoints worldwide.
- Manage the toolset to drive the execution of the Vulnerability PKIs
- Ensure that the toolset is generating the expected visibility on vulnerability information
- Create a global visibility of vulnerabilities: Collect the output and form meaningful reports
- Integrate toolsets that exist in established businesses with the global toolset to deliver a unified view on vulnerabilities across the business (e.g. GRC and SEIM tooling)
- Advise and guide remediation activity
Note that this role is NOT designated to simply finding vulnerabilities. Rather, to coordinate a sustained program of activity to identify, categorize, report and oversee the remediation of a constant pipeline of new issues uncovered.
The role of the Vulnerability Management Analyst will be to tune the scope and nature of regular assessments in order to identify whether or not known weaknesses exist. Once identified, to evaluate their impact, assign remediation and track the progress of the remediation itself (including reporting on specific and overall performance towards this goal).
【Duties and Responsibilities】
- Work under the direction of the Director of SOC and Reporting function
- Manage effective working relationships with all stakeholders and customer organizations
- Ensure flexible, efficient and cost-effective vulnerability management strategies are defined
- Ensure effective team working relationships within all areas of the IT group.
- Advise (based on vulnerabilities detected) on technical and operational means to address the matter as well as the underlying problem that caused it
- Be capable of creating functional reports to foster understanding of the situation as well as help drive meaningful change
- Provide support to the audit or compliance team with regards to the demonstration of the vulnerability management controls that are in place and also supporting any investigation that require information contained in the platform
- Engaging various teams locally and abroad, ensuring collaboration towards vulnerability assessment and treatment
【会社概要 | Company Details】
Founded as a leasing company, a major Japanese financial services company that is constantly growing, creating new value and new markets through finance and services.
【就業時間 | Working Hours】
9:00 - 18:00（Mon - Fri）
【休日休暇 | Holidays】
Saturday, Sunday, and National Holidays, Year-end and New Year Holidays, Paid Holidays, Other Special Holidays
【待遇・福利厚生 | Services / Benefits】
Social insurance, Commuting allowance, No indoor smoking (designated smoking area) etc.
- A clear understanding of on-premises and cloud-oriented Vulnerability Management and Endpoint security technology, managed services and management practices
- Working knowledge with Rapid7, Qualys, ServiceNow
- A strong understanding of vulnerability rating and cataloging standards (such as CVEs)
- A very strong technical background especially in matters of server, endpoint and network infrastructure configuration.
- A practical approach to security whereby both the technical objectives as well as the functional and economic impacts are considered towards effective outcomes
- Good communication skills (written and verbal) to be capable of engaging both technical and operational staff and vendors in explaining findings and required actions
- Sound knowledge of business operational processes with regards to change management, operational management and quality control.
- Demonstrated understanding of technically implementing controls in cloud platforms (IaaS, PaaS), 3rd party SaaS providers, 3rd party vendors as well in on premises data centers, office environments and mobile workforces.
- Security Certifications: GIAC, CEH, CompTIA Securityy+, CISSP, CISA, CISM, CREST, SABSA and CSA ▪