Senior Cybersecurity Analyst

Job Description:

This is a cybersecurity role in the Application and Infrastructure Security Product Area within the Enterprise Cybersecurity business unit. Fidelity has hundreds of applications on the Internet that make hundreds of releases a month to production. These applications are the main point of interaction that our 40M+ customers have with Fidelity. It is crucial to Fidelity's reputation, and our customers’ livelihoods, that these applications are secure. This role is part of the Secure Developer Empowerment team who coordinate our security champions program which seeks to scale cybersecurity initiatives throughout the enterprise by training and empowering a select group of developers to improve their cybersecurity knowledge and skills and help them deliver more secure applications

The Expertise & Skills You Bring

• Strong experience in software engineering and development, with a focus on secure coding practices.
• Solid understanding of common application security vulnerabilities, such as OWASP Top 10, and experience with secure coding frameworks and guidelines.
• Excellent technical writing skills and presentation skills
• Proficient in programming languages such as Java, NodeJS, or Python.
• Familiarity with security tools and technologies, including static code analysis, security testing, and vulnerability scanning.
• Excellent communication and interpersonal skills, with the ability to effectively collaborate with diverse teams and stakeholders.
• Strong leadership and mentorship abilities to guide and inspire Security Champions.
• A proactive approach to problem-solving and a willingness to stay updated on emerging security threats and industry trends.

The Value You Deliver

• Develop and contribute to the implementation of the Security Champions Program, including designing the structure, objectives, and ongoing activities.
• Support the creation and delivery of hands-on application security training
• Build out a scalable framework for providing technical guidance to development teams to help enable them to build secure code at an increased time to market
• Provide training and mentorship to Security Champions to enhance their knowledge and understanding of secure coding practices, vulnerability identification, and incident response.
• Foster a culture of security awareness by organizing regular workshops, training, and other educational initiatives.
• Act as a liaison between security teams and engineering teams, ensuring effective communication and alignment of security objectives.
• Stay up-to-date with the latest security trends, vulnerabilities, and industry best practices, and proactively integrate them into the Security Champions Program.
• Collaborate with stakeholders to establish metrics and measurements to evaluate the effectiveness of the program and drive continuous improvement.
• Actively participate in security incident response and contribute to the development of incident response playbooks.
• Help conduct security assessments to identify potential vulnerabilities and recommend remediation actions.
• Work closely with cross-functional teams to integrate security tools and processes into the software development lifecycle.
• Collaborate with engineering teams to identify and recruit Security Champions from different functional areas.

Category: