Sr. Cyber Security Specialist - Threat and Vulnerability Management
Johnston, Rhode Island
You’ll quickly learn that we’re not like other property insurance companies. We’re guided by the belief that most losses can be prevented. So we do everything we can to understand your business needs and reduce your risk.
What makes a successful Candidate at FM Global? Check out the traits we’re looking for and see if you have the right mix.
- Client/Customer Focus
- Decision Quality
- Collaboration and Teamwork
- Ensures Accountability
- Change Agent
- Communicates Effectively
Hear what our employees have to say about working at FM Global
employee since 2008
WHEN YOU'RE INVESTED IN SOLVING CHALLENGES, IT HELPS TO BE WITH A COMPANY THAT INVESTS IN YOUR SUCCESS.
My parents have always instilled in me the concept of working hard, having fun, thinking long term and planning for the future. FM Global is exciting, innovative and dynamic, and with so many professional opportunities here, it's also a company where you can spend your whole career and never get bored. I remember back during one of my initial interviews with FM Global, a manager shared that over 80% of the office staff had been with the company since they graduated college. That kind of longevity is one of the reasons I decided to work at FM Global. I'm proud to work for a company that invests in its employees and trains them to be the best. The willingness to learn is universal, the exposure to knowledge is infinite and the different career paths are endless. The opportunities to think long term don't get much broader.
See how FM Global and East Kentucky Power Cooperative partner to manage boiler and machinery risk.
FM Global Named One of America’s Best Employers by Forbes
Your financial goals are important to us, so we offer retirement programs that reflect local policy and custom.
Your time at FM Global should be valuable and enriching, with plenty of opportunities for skills development and career growth.
Eligible employees participate in an incentive plan based on the company achieving its annual financial goals.
More information about this job:
FM Global is a leading property insurer of the world's largest businesses, providing more than one-third of FORTUNE 1000-size companies with engineering-based risk management and property insurance solutions. FM Global helps clients maintain continuity in their business operations by drawing upon state-of-the-art loss-prevention engineering and research; risk management skills and support services; tailored risk transfer capabilities; and superior financial strength. To do so, we rely on a dynamic, culturally diverse group of employees, working in more than 100 countries, in a variety of challenging roles.
FM Global is continuing to invest in cyber security and the Cyber Threat Operations and Engineering team is growing. We are looking for an experienced and dedicated senior level cyber professional to complement our existing team.
The Cyber Threat Operations and Engineering team is responsible for the implementation, operation, maintenance, and growth of technology solutions intended to mitigate cyber security threats. These solutions range from network security technologies like firewalls, URL filters, intrusion detection/prevention systems, advanced threat prevention technologies, and web application firewalls to server and endpoint solutions such as filesystem monitoring, filesystem encryption, vulnerability management and malware detection/prevention agents. This team is also responsible for ensuring that documented standards and processes for all aforementioned capabilities exist and are consistently followed. The right candidate will take pride in the quality of their work, and the effectiveness of the cyber security controls for which they are responsible.
The primary focus of this position is Threat and Vulnerability management. As a security engineer, candidate will assist in providing security oversight to FM Global’s computing environment. Oversight is achieved by monitoring and investigating potential security vulnerabilities and threats as reported by FM Global's security tools; performing security data analytics and staying apprised of potential security challenges through the gathering and processing of cyber intelligence. The position will work closely with other Security Engineers and Information Services personnel to ensure appropriate controls are in place, and to ensure that security policies are being effectively employed.
Common daily tasks include:
- Information Security Threat and Vulnerability Management
- Configuring vulnerability assessment tools, as well as performing scans, researching and analyzing vulnerabilities, identifying relevant threats, corrective action recommendations, summarizing and reporting results.
- Approaches for addressing vulnerabilities include system patching, deployment of specialized controls, code or infrastructure changes, and changes in development processes.
- Identify and resolve any false positive findings in assessment results.
- Produce metrics and reporting on the state of system security, threat, vulnerability and patch management.
- Design and deliver actionable Information Security dashboards and scorecards.
- Manage tracking and remediation of vulnerabilities by leveraging agreed-upon action plans and timelines with responsible technology developers and support teams.
- Recommend appropriate policy, standards, process and procedural updates as part of comprehensive remediation solutions.
Secondary responsibilities may include day to day operation and administration of security infrastructure technologies (such as Firewall, AV/EDR, DLP) used to prevent or detect security threats. These operational and systems engineering activities include maintaining and continually advancing the scope and effectiveness of existing security controls as well as responding to incident tickets received from the service desk. Processes change requests and handles escalations from junior team members ensuring resolution of technology issues.
- Bachelor’s Degree in Information Security / Assurance, Computer Science, Information Technology, or a related discipline, or equivalent work experience or technical training with a non-related degree. (Related certifications such as CVA, CISSP, GCIH a plus)
- Minimum of five (5) years of experience in information technology, security administration, business analysis, risk, audit, compliance, computer forensics, network perimeter security or other related discipline.
- Strong verbal and written communication skills.
- Solid Interpersonal skills.
- Ability to coordinate activities with team members and other stakeholders.
- Excellent customer service skills.
- Must have a strong work ethic, great time management skills and a positive attitude.
- Ability to multi-task and change priorities with effective results.
- Strong knowledge of at least one of the following areas: operating systems, databases, systems, networks, application development.
- Strong knowledge of computer vulnerabilities, hacker methodologies and other threats.
- Scripting and API integration experience: Powershell, VB, REST API, Python
- Strong MS Excel and reporting skills required. Experience using PowerBI strongly preferred.
- Ability to leverage various trusted sources of information (articles, webinars, Internet, etc.) to gain accurate knowledge of current security threats, vulnerabilities, mitigating strategies to address them and then recommend and implement appropriate solutions for the FM Global organization.
- Comprehensive understanding of at least one security, technical, or risk discipline.
- Experience working with vendors and resellers, handling vendor/reseller relationships, and bringing available resources to bear to solve problems or realize opportunities.
- Experience managing/leading projects and ability to produce any necessary artifacts.
- Experience with one or more of the following is preferred:
McAfee, Cylance, Bromium, Symantec, Varonis, Vormetric, Tenable, Rapid7, Qualys
- Understanding of controls (e.g. access control, auditing, authentication, encryption, integrity, physical security, and application security).
- Must be well versed in operating systems such as Linux as well as Windows environments, Active Directory, VPN systems, encryption schemas and algorithms, various authorization and authentication mechanisms/software, network monitoring and sniffing, TCP/IP networks and vulnerability and threat management tools (including network based scanners).
- Experience with vulnerability scanners, vulnerability management systems, patch management, and host based security systems. Host Based Security Systems, patch management.