Lead, Security Engineer V&CM

OVERVIEW

The Company

U.S. Financial Technology (U.S. FinTech) is seeking an experienced Lead, Security Engineer Vulnerability and Configuration Management to join our team of talented professionals. This is a full-time remote opportunity. 

U.S. FinTech built and operates the largest and most advanced mortgage securitization platform in the world, supporting the Uniform Mortgage-Backed Security (UMBS) of Fannie Mae and Freddie Mac.

Supporting 70% of the mortgage-backed securities in the market, U.S. FinTech provides best-in-class single-family issuance, bond administration, disclosure, and tax services. We support a broad portfolio of products for our clients with full lifecycle management.

Our market-leading, cloud-based, end-to-end platform executes transactions on an extraordinary scale which has bolstered liquidity in the secondary mortgage market, one of the largest and most important financial markets in the world. Our unique approach to securitization combines the best minds in financial services with the know-how, flexibility, and innovation of leading technologists.

RESPONSIBILITIES

Job Information

The Lead Vulnerability and Compliance Analyst main responsibilities would be to act as a Subject Matter Expert for all programs within the VCM space. This would include conducting comprehensive vulnerability assessments using tools such as Wiz and Tenable. Leverage strong analytical and problem-solving skills to identify weaknesses in US FinTech’s IT Infrastructure. Communicate findings effectively, via reports/meetings to prioritize vulnerability remediation. Utilize the developed processes to track, prioritize, and ensure remediation of found vulnerability and compliance issues. Continuous monitor US FinTech infrastructure for Vulnerability and Compliance related issues. Make Improvements to monitors, scans, dashboards, and reporting. Ability to work independently and in a team environment, collaborate effectively with other InfoSec Teams and IT Infrastructure teams. Eager to learn and adapt to emerging cloud technologies and tools in a fast-paced environment.

Key Job Functions

• Vulnerability Assessment
• Act as a Subject Matter Expert for the VCM program, processes, and tooling.
• Configure, tune, and maintain vulnerability management tools
• Work with Security Architecture on new build outs, new business, new technologies, new environments to ensure coverage of VCM programs, processes, and tooling.
• Build out new Security baselines for CIS, DISA STIG, and custom baselines.
• Correlate Vulnerabilities with threat intelligence to assess exploitability and risk. Work with Cyber Security Operations Center to ensure mitigations are in place while vulnerabilities are being remediated
• Provide detailed risk assessments for discovered vulnerabilities.
• Enforce remediation timelines in accordance with Standard Operating Procedures.
  • Remediation Tracking & Reporting
• Collaborate with IT and DevOps teams to ensure timely remediation of vulnerabilities
• Conduct regular and ad-hoc vulnerability scans using tools like Wiz or Tenable
• Integrate tools with all cloud environments. Ensure complete coverage of all IT environments.
• Ensure alignment with internal security policies, regulatory requirements (NIST/SOC), and industry best practices.
• Support audits and assessments by providing evidence and documentation.
  • Stakeholder Engagement
• Act as a liaison between security, IT, development, and risk teams
• Provide clear, actionable recommendations tailored to technical and non-technical audiences.
  • Mentor Junior Analysts
• Provide guidance and training to junior members of the VCM team.
  • Process Improvements
• Identify potential gaps in the vulnerability or compliance management programs and propose improvements.
• Develop and maintain Standard Operating Procedures, Frameworks, and Job Aids/HowTos.

QUALIFICATIONS

Education   

• Bachelor's Degree or equivalent required.BA/BS degree in Computer Science, Information Systems, Cyber Security or a related technical field. Master’s Degree is a plus.

Minimum Experience  

• Minimum of 7 years of experience with security engineering and operations, as well as experience managing and supporting large, complex mission-critical systems and with Vulnerability management tools, patching processes and tools, VM operation/workflow, or configuration/Baseline/File-integrity monitoring applications and processes.
• Applicants must be authorized to work in the US without requiring employer sponsorship currently or in the future. U.S. FinTech does not offer H-1B sponsorship for this position.

Specialized Knowledge & Skills     

• Subject matter expert of cloud based critical infrastructure systems and security threats for these systems (AWS Cloud experience required)
• Subject matter expert with cyber security in the domains of vulnerability and compliance management.
• Familiarity with latest security vulnerabilities, advisories, incidents, penetration techniques, understanding of attacks, and determination of countermeasures.
• Subject matter expert of network and system vulnerabilities, malware, networking protocols, multi-tiered applications, and attack methods to exploit vulnerabilities.
• Experience in senior technical security role, including network security, operating system security, Internet or Web security, and vulnerability testing.
• Strong knowledge of networking fundamentals such as TCP/IP and basic packet analysis, network engineering, and local and wide area (LAN/WAN) technologies and topologies.
• Must have experience conducting comprehensive vulnerability assessments with vulnerability monitoring tools (Wiz and Tenable).
• General knowledge and experience in Windows / Linux Operating Systems, baseline security configurations, audit, forensics, Patch Management for these OSs.
• Experience developing Standard Operating Procedures (SOPs), job aids, and hands-on training materials.
• Be able to work in fast paced environment with occasional on-call activities.
• Excellent interpersonal skills, presentation skills, and verbal / written communication skills.
• Self-starter; adaptable to change; motivated to set personal and program goals and pro-actively track performance against goals and initiatives.
• Ability to manage multiple priorities – projects, deliverables, and stakeholders.
• Ability to influence peers and management; ability to team cross-functionally and form relationships to achieve objectives.
• Active in the security industry; equipped with external networking relationships to maintain relevant knowledge of best practices, tactics, strategies and technologies.
• AWS Security, AWS Architect certifications desired.

Pay Range $156,500  to $181,000

U.S. FinTech's pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) a candidate’s qualifications, skills, competencies, and experience, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law. U.S. FinTech offers a competitive total compensation package, which includes a performance bonus, 401k match, healthcare coverage, PTO, and a broad range of other benefits.

Employment

As a condition of employment with U.S. Financial Technology, any successful job applicant will be required to  successfully complete a background investigation, which may also include a credit check for positions in some areas of our business.   

U.S. Financial Technology is an Equal Opportunity Employer.

##LI-Remote