Senior Analyst I - VAPT

As one of the world’s leading asset managers, Invesco is dedicated to helping investors worldwide achieve their financial objectives. By delivering the combined power of our distinctive investment management capabilities, we provide a wide range of investment strategies and vehicles to our clients around the world.

If you're looking for challenging work, smart colleagues, and a global employer with a social conscience, come explore your potential at Invesco. Make a difference every day!

Job Description

Team:

The team comprises of 4 people, performing vulnerability assessments against the various infrastructure and networks on prem and cloud.

Role:

This role will perform vulnerability assessments against risk-prioritized infrastructure and applications. This position will serve as a security subject matter expert working with technology, and business partners in managing vulnerabilities and implementing adequate security controls to protect Invesco data and network.

You Will Be Responsible For:

• Perform vulnerability assessment on various types of technologies and infrastructure using tools (preferably Qualys). This may include:
  • Network infrastructure and wireless networks
  • Servers, platforms, containers, hosting infrastructure and services
  • Application technologies (APIs, middleware, database, enterprise service bus, etc.)
  • Cloud security controls and applications
  • High value assets and critical infrastructure
• Review and analyze security vulnerability data to identify applicability and false positives.
• Assist with ongoing assessment of Invesco perimeter assets to identify exposures and weaknesses.
• Assist with red team assessments to identify security exposures and to evaluate effectiveness of security controls and response.
• Assist with producing high-quality papers, presentations, recommendations, and findings for Senior Level Management and Enterprise Technology Leaders
• Execute vulnerability triaging, escalation, and management workflows through innovation and continuous improvement.
• Provide internal remediation support through the design, implementation and integration of network infrastructure and information security controls.
• Participate in vulnerability management projects. Track deliverables and provide periodic updates to the leadership team. Escalate security and projects risk timely.
• Respond appropriately to cyber risk incident, the related investigations, managing situations with discretion, sensitivity, and objectivity, and with due consideration of chain-of-custody.
• Have a thorough understanding of technological requirements for Invesco’s systems and provide guidelines to effectively mitigate security risks.
• Have understanding on security compliance and can perform compliance scans through various tools on the IVZ Infrastructure.
• Review/Analyze the compliance scan reports and help the teams in the remediation activities.
• Respond timely to ServiceNow tickets as needed.
• Keep current with industry best practices.
• Other duties as assigned.

The Experience You Bring:

• Five plus years of Information Security or relevant experience
• Three plus years of Pen Testing or Vulnerability Assessment experience.
• Cloud vulnerability assessment or pen testing experience preferred
• Experience with security issues in large networks
• Able to demonstrate experience, knowledge and skills in utilizing common penetration testing and vulnerability assessment tools and techniques
• Hands on experience with firewalls, routers, bridges, switches and gateway devices, appliances and software
• Knowledge of security industry best practices (e.g. SANS, NIST, CIS)

Technical Skills Required:

• Good understanding of security controls and common threats and vulnerabilities
• Knowledge of penetration testing frameworks
• Knowledge of security industry best practices (e.g. SANS, NIST, CIS)
• Understanding of common penetration testing methodologies (e.g. OSSTMM, OWASP)
• Ability to write scripts/tools to assist in automation is preferred
• Understanding of encryption technologies and common network protocols
• Ability to review and analyze security vulnerability data to identify applicability and false positives
• Patch management technologies and processes
• Wireless protocols and services
• Sound understanding of security principles, such as infrastructure security, identity and access management, vulnerability management, and secure coding.
• A keen analytical mind for problem solving, abstract thought, and offensive security tactics.

License / Registration / Certification:

Preferred certification: Security +, Qualys VM certification, Pentest +, AWS Cloud Practitioner

Full Time / Part Time

Full time

Worker Type

Employee

Job Exempt (Yes / No)

No

Workplace Model

At Invesco, our workplace model supports our culture and meets the needs of our clients while providing flexibility our employees value. As a full-time employee, compliance with the workplace policy means working with your direct manager to create a schedule where you will work in your designated office at least three days a week, with two days working outside an Invesco office. 

Why Invesco

In Invesco, we act with integrity and do meaningful work to create impact for our stakeholders. We believe our culture is stronger when we all feel we belong, and we respect each other’s identities, lives, health, and well-being. We come together to create better solutions for our clients, our business and each other by building on different voices and perspectives. We nurture and encourage each other to ensure our meaningful growth, both personally and professionally. 

We believe in diverse, inclusive, and supportive workplace where everyone feels equally valued, and this starts at the top with our senior leaders having diversity and inclusion goals. Our global focus on diversity and inclusion has grown exponentially and we encourage connection and community through our many employee-led Business Resource Groups (BRGs).  

What’s in it for you? 

As an organization we support personal needs, diverse backgrounds and provide internal networks, as well as opportunities to get involved in the community and in the world. 

Our benefit policy includes but not limited to: 

• Competitive Compensation 
• Flexible, Hybrid Work 
• 30 days’ Annual Leave + Public Holidays 
• Life Insurance 
• Retirement Planning 
• Group Personal Accident Insurance 
• Medical Insurance for Employee and Family 
• Annual Health Check-up 
• 26 weeks Maternity Leave 
• Paternal Leave 
• Adoption Leave 
• Near site Childcare Facility 
• Employee Assistance Program 
• Study Support 
• Employee Stock Purchase Plan 
• ESG Commitments and Goals 
• Business Resource Groups 
• Career Development Programs 
• Mentoring Programs 
• Invesco Cares 
• Dress for your Day 

In Invesco, we offer development opportunities that help you thrive as a lifelong learner in a constantly evolving business environment and ensure your constant growth. Our AI enabled learning platform delivers curated content based on your role and interest. We ensure our manager and leaders also have many opportunities to advance their skills and competencies that becomes pivotal in their continuous pursuit of performance excellence. 

To know more about us 

About Invesco: https://www.invesco.com/corporate/en/home.html 

About our Culture: https://www.invesco.com/corporate/en/about-us/our-culture.html 

About our D&I policy: https://www.invesco.com/corporate/en/our-commitments/diversity-and-inclusion.html 

About our CR program: https://www.invesco.com/corporate/en/our-commitments/corporate-responsibility.html 

Apply for the role @ Invesco Careers: https://careers.invesco.com/india/