Principal Technical Risk Analyst – 1200601

Company: Fidelity Investments
Location: Merrimack, New Hampshire
Posted on: February 3, 2012

Job Description:

Position Overview:

Under the direct supervision of Director, Technology Risk, will serve as

the security groups' liaison for the firm-wide application security program

by representing the security group to various different business units and

development teams, including external third party vendors. Will be

responsible for the penetration testing and security evaluation of multiple

products and platforms (eg. Web applications, mobile applications and

platforms, wireless infrastructure, sensor network infrastructure). Will be

responsible for architecture and technical design contributions to the core

vulnerability tracking tool in use by the security group. Will provide

valuable risk management support to clients. Will participate in the

evaluation, development and implementation of security products, standards,

procedures and guidelines for multiple platforms and diverse systems

environment (company-wide, distributed, Client Server systems, and e-

applications). Will provide valuable intelligence on application security

metrics to inform management decisions.

Primary Responsibilities:

• Recommend actions that would normally prevent serious

vulnerabilities from existing in production code.

• Work within all business units to provide guidance to business and

systems personnel on vulnerability mitigation.

• Influence business and systems personnel to implement and maintain

acceptable levels of controls around change to safeguard assets and

reputation

• Investigate deviations from control procedures or violations of

change policies, procedures, or practices and recommends remediating

actions

• Provide accurate and timely management and business unit reporting

including metrics that measure KPIs.

• For each service offered by the security group in question

contribute to the service level agreement definition; definition of level

of quality; and, adoption of meaningful metrics to measure the quality of

these services.

• Build collaborative relationships across the enterprise to solicit

feedback on the level of service provided.

• Evangelize and promote adoption and development of efficient shared

set of common services and components

• Work with many of Fidelity's business units including retail

brokerage, 401k, institutional brokerage to provide authentication

solutions enabling critical transactions like trading, bill pay, and money

movement.

• Manage and communicate identified risks to the effected business

units.

• Research emerging vulnerabilities in the mobile application space

and share this knowledge with the security group and the enterprise.

Requirements: Bachelor of Science degree in Engineering, Information

Systems, Computer Science, Mathematics (willing to accept foreign education

equivalent) as well as 5 years of experience in job offered or 5 years

experience in network and application development of online financial

transaction processing and trading applications, or in the alternative, MS

(or foreign education equivalent) in Engineering, Information Systems,

Computer Science, Mathematics and 2 years of experience in job offered or 2

years of experience in network and application development of online

financial transaction processing and trading applications. Also requires

experience with: Demonstrated Expertise (DE) in penetration testing of:

internal and external web applications using vulnerability scanners (NMAP,

Nessus), intrusion testers (Core Impact, Metasploit) and web application

scanners (AppScan); mobile applications for the Android and iOS platform;

and, network infrastructure, including sensor networks; DE in data

analysis, manipulation and mining within an Oracle environment; DE in

integration of application security within an Agile development

environment. Fidelity Investments is willing to accept a suitable

combination of education, training and experience to satisfy the

requirements.

To apply, visit http://jobs.fidelity.com and search for Job Number 1200601.

Keywords: Fidelity Investments, Boston , Principal Technical Risk Analyst – 1200601, Finance , Merrimack, New Hampshire, Massachusetts