Who Are We Looking For?

The Vestwell CyberSecurity team is looking for an experienced, meticulous and detail-oriented security analyst to be responsible for monitoring the security systems in our organization. The security analyst's responsibilities include securing our infrastructure, filtering for suspicious activity, and finding and mitigating security risks before any breaches can occur. You will work inter-departmentally to identify and correct any flaws in our security systems.

You should have a sound working knowledge of cybersecurity, including intrusion prevention and incident response. You should be detail oriented with strong analytical skills and have good communication, interpersonal, and leadership skills.

What Will You Be Doing?

Manage all day-to-day activities within the Security organization. This would include:

• Management of Anti-Virus and Anti-Malware solutions like CrowdStrike.
• Monitoring and alerting management.
• Confirm infrastructure has most recent patches, updates and libraries.
• Management of 1Password
• Management of vaults and user access for both passwords and keys
• Management of KnowBe4
• Phishing tests and training and response.
• Develop ongoing security posture improvements.
• Evaluate existing and new tooling to confirm customer PII and sensitive corporate data is protected.
• Management of Nightfall DLP solution.
• Evaluate existing Detection Rules.
• Implement detection rules based on growth of the Vestwell platform.
• Action against alerts triggered for DLP leakage.
• Work closely with Engineering to provide guidance and advice on industry best practice security.
• Authentication & Authorization
• Work with stakeholders to continue evolving the A&A platforms at Vestwell to adhere to industry standards and Vestwell growth.
• Support responses to DDQ's or Risk Questionnaires that come in from potential customers.

Day to Day, You May Also Be Expected To:

• Work closely with Legal and Compliance teams to evaluate and improve policies.
• Work closely with the CorpIT team to evolve the onboarding and offboarding process with a focus on Security.

Requirements

The Necessities

• Professional experience in computer science, programming, or related field.
• Professional experience working in computer systems with some specialization in computer security.
• The ability to manage competing deadlines.
• Excellent verbal and written communication skills, interpersonal, and teaching skills.
• Ability to anticipate, analyze, and problem-solve
• The ability to remain current on the latest technology and best practices in information security.
• Proficient, or able to gain proficiency with, a broad array of security software applications and tools.
• Thorough understanding of computer-related security systems including firewalls, encryption, and password protection and authentication.
• Experienced with penetration testing and techniques.
• Understand patch management.

The Extras

• Advanced training certifications may be advantageous.
• CISSP
• Training or experience with SOC audits.
• Training or experience with Financial Regulatory Audits/Compliance (ERISA, SEC, etc.)