Senior Security Analyst – Manchester or Warsaw

OverviewFitch Group is a leading, global financial information services provider delivering vital credit and risk insights, robust data, and dynamic tools to champion more efficient, transparent financial markets. With over 100 years of experience and colleagues in over 30 countries, Fitch Group’s culture of credibility, independence, and transparency is embedded throughout its structure, which includes Fitch Ratings and Fitch Solutions. With dual headquarters in London and New York, Fitch Group is owned by Hearst. Fitch’s Technology & Data Team is a dynamic department where innovation meets impact, including the Chief Data Office, Chief Software Office, Chief Technology Office, Emerging Technology, Shared Technology Services, Technology, Risk and the Executive Program Management Office (EPMO). Driven by investment in cutting-edge technologies like AI and cloud solutions, Fitch is home to a diverse range of roles and backgrounds united by a shared passion for leveraging modern technology to drive projects that matter to our organization and clients. We’re recognized by Built In as a Best Place to Work in Technology for three years in a row. Whether you’re an experienced professional or just starting your career, Fitch offers an exciting and supportive environment where you can grow, innovate, and make a difference.What You’ll Be Hiring ForFitch is currently seeking a Senior Security Analyst based out of our Manchester or Warsaw office. We are seeking a Senior Security Analyst to join our Vulnerability Management team. The successful candidate will have experience in Application Security and be ready to branch out to vulnerability management across a landscape of application, infrastructure, cloud, and special assessment security observations. This role will be responsible for identifying, assessing, and managing vulnerabilities across our technology landscape. This role involves working closely with infrastructure, application, and cloud engineering teams to provide recommendations for remediating security observations and ensuring timely remediation of security risks and alignment with industry best practices and regulatory requirements.ResponsibilitiesUse existing tools to conduct automated vulnerability assessmentsInterpret and risk assess scan results from software applications, cloud resources, and infrastructure systemsCollaborate with various teams within Fitch to assist with prioritization of vulnerabilities and ensure remediation occurs within the expected timelinesEnsure all detected vulnerabilities, whether from manual or automated testing, are logged and tracked in a ticketing system to facilitate remediation, leadership metrics reporting, and audit readinessBring an AI-first mindset; identify and act upon opportunities to automate vulnerability analysis and prioritization, as well as administrative tasks, while improving the quality of the output to help developers achieve remediation more easilyPerform validation testing of remediated vulnerabilities using automated testing tools and manual testing techniques such as Python scriptingResearch and analyze vulnerabilities to determine their true risk to Fitch, considering exploitability, asset exposure, business impact, and compensating controlsApply cyber risk quantification techniques to analyze vulnerability severitiesCreate and maintain metrics and dashboards using data from the ticketing system or other sources to support reporting to various stakeholders across FitchAssist with security audits and compliance initiatives related to vulnerability managementYou May Be a Good FitProven experience with managing vulnerabilities from automated scanning tools (e.g., SAST, DAST, SCA platforms such as Checkmarx, Veracode, SonarQube, Fortify, Burp Suite, OWASP ZAP, Black Duck, Snyk, etc.)Strong ability to research and analyze vulnerabilities to determine true risk to the organization considering exploitability, asset exposure, business impact, and compensating controlsAbility to perform manual source code reviews with application developersDemonstrated skill in applying cyber risk analysis to prioritize vulnerabilitiesExperience, either in personal life or on the job, leveraging AI-powered security tools or platformsExcellent English language communication skills for both technical and non-technical audiences, with the ability to collaborate across teams and present findings clearlyWhat Would Make You Stand OutExperience in application security, automated scanning tools, cloud applications, reviewing web application penetration testing results, and infrastructure vulnerability scanning conceptsExperience working with security-related and secure coding regulatory requirements and frameworks, including DORA, NIST, ISO 27001 and other standards relevant to financial servicesFamiliarity with audit processes and the ability to translate and respond to client and auditor inquiries related to vulnerability management clearly and accuratelyExperience using Power BI or similar tools to build dashboards and visualizations from Jira or other data sourcesCertifications such as:General security: CISSP, Security+, GSECCloud security: AWS Certified Security – Specialty, Azure Security Engineer Associate, GIAC Cloud Security Essentials (GCLD), GIAC Public Cloud Security (GPCS)Vulnerability management: CompTIA CySA+, GIAC GCIH, CSSLP (Certified Secure Software Lifecycle Professional), GWAPT (GIAC Web Application Penetration Tester), or equivalentDegree in Computer Science, Cybersecurity, Information Systems, or a related field, or equivalent professional experienceWhy Choose FitchHybrid Work Environment: 2 to 3 days a week in office required based on your line of business and locationA Culture of Learning & Mobility: Dedicated trainings, leadership development and mentorship programs designed to ensure that your time at Fitch will be a continuous learning opportunityInvesting in Your Future: Retirement planning, financial wellness and tuition reimbursement programs that empower you to achieve your short and long-term goalsPromoting Health & Wellness: Comprehensive healthcare offerings that prioritize a healthy body & mindSupportive Parenting Policies: Family-first policies, including a generous global parental leave plan, designed to help you balance career and family life effectivelyDedication to Giving Back: Paid volunteer days and support for community engagement initiativesFor more information please visit our websites. Fitch is committed to providing global securities markets with objective, timely, independent and forward-looking credit opinions. To protect Fitch’s credibility and reputation, our employees must take every precaution to avoid conflicts of interests or any appearance of a conflict of interest. Should you be successful in the recruitment process at Fitch Ratings you will be asked to declare any securities holdings and other potential conflicts prior to commencing employment. If you, or your immediate family, have any holdings that may conflict with your work responsibilities, you may be asked to divest yourself of them before beginning work. Fitch is proud to be an Equal Opportunity and Affirmative Action Employer. We evaluate qualified applicants without regard to race, color, national origin, religion, sex, sexual orientation, gender identity, disability, protected veteran status, and other statuses protected by law. #J-18808-Ljbffr