Senior Analyst I- Vulnerability Management

About the OpportunityJob Type: Permanent

Application Deadline: 30 June 2025

Job Description

                                                                                                

Title                 (Vulnerability Management - Senior Analyst I)

Department      (Global Cybersecurity & Information Security)

Location          (Dalian, China)

Reports To       (Technical Manager - Vulnerablity Management)

Level                (Security Analyst - 2)

We’re proud to have been helping our clients build better financial futures for over 50 years. How have we achieved this? By working together - and supporting each other - all over the world. So, join our Vulnerability Management Team and feel like you’re part of something bigger.

About your team

(The global cybersecurity & Information security(GCIS) department is a part of the Global Technology department.  The Technology function provides IT services to the Fidelity International business, globally.  These include the development and support of business applications that underpin our revenue, operational, compliance, finance, legal, and marketing and customer service functions.  The broader organisation incorporates Infrastructure services that the firm relies on to operate on a day to day basis including data centre, networks, proximity services, security, voice, incident management and remediation. )

About your role
(As part of the GCIS group, the Vulnerability Management team is responsible for assessing and reporting on the security posture of FIL’s technology infrastructure, against known threats and vulnerabilities, and according to FIL’s internal policies and standards. The team is responsible for vulnerability scanning/reporting/tracking, patch compliance scanning/reporting/tracking, security event level 1 response, website filtering administration, and infrastructure configuration compliance assessments/reporting and tracking. The successful candidate will be responsible for performing vulnerability management operational tasks. The role includes vulnerability analysis, advisory creation, vulnerability detection, and vulnerability remediation tracking and reporting. The candidate will need to have a good working knowledge of various infrastructure technologies, platforms and operating systems, in order to work with the various technical engineering and support teams on appropriate vulnerability remediation activities. The job role involves the management and operation of various security tools used to detect and report on vulnerabilities across FIL technology infrastructure and applications..)

About you

(Key Responsibilities

•           Deliver - efficiently

•           Triage publicly disclosed vulnerabilities of vendor software/hardware products

•           Identify prioritize and draft mitigation guidance for vulnerabilities impacting FIL.

•           Develop remediation plan along for identified vulnerabilities with platform and application teams

•           Monitor and report the progress on agreed remediation plans.

•           Continuously expand and rationalize the vulnerability scan coverage.

•           Conduct open source research to identify and analyze known and unknown vulnerabilities

•           Analyze known issues with vendor fixes and contact vendor for solution

•           Represent team in different forums.

          Engage - productively

•           With stakeholders for information gathering, sharing and increasing awareness about VM best practices

•           Work with platform / application teams at regular basis to increase sensitivity for addressing vulnerabilities

•           Work proactively with IT Infrastructure partners with for strategic and tactical plans for remediating vulnerabilities

•           Communicate with Subject Matter Experts to determine expected impact and likelihood of loss events

•           Publish easy to understand reports and dashboards.

Experience Required

•  3+ years of diverse experience in cyber security vulnerability assessments, or equivalent combination of education and work experience.

•  Experience with applying knowledge of Common Weakness Enumeration (CWE), Common Vulnerability Scoring System (CVSS), Common Vulnerabilities and Exposures (CVE) while analysing vulnerabilities and applying contextual risks to the organization under consideration.

•   Understanding of lifecycle of cyberspace threats, attack vectors, and exploitation methods.

•   Knowledge of IT Security best practices and standards (such as CIS, PCI DSS, etc.).

•  Broad knowledge of diverse infrastructure technologies, including various distributed server hardware platforms, operating systems, system software and tools.

•   Hands on experience with vulnerability scanning tools (i.e. Microsoft TVM, Rapid7-Nexpose/InsightVM etc.).

•  Ability to quickly grasp new technology concepts, new infrastructure components and their impact on the overall infrastructure topology.

•  Experience managing vulnerabilities on cloud (AWS /Azure) - cloud security certifications would be an added advantage.

•   Good English communication and presentation skills both verbal and written.

•   Basic understanding of ServiceNow platform.

Desirable qualifications

•           Bachelor’s degree in Computer Sciences or related field

•           Demonstrated ability to work independently and excellent communication skills and problem solving ability.

•           Security related certifications and training (such as CEH/CISSP/Security+) would be advantageous.)

.

Feel rewarded

For starters, we’ll offer you a comprehensive benefits package. We’ll value your wellbeing and support your development. And we’ll be as flexible as we can about where and when you work – finding a balance that works for all of us. It’s all part of our commitment to making you feel motivated by the work you do and happy to be part of our team. For more about our work, our approach to dynamic working and how you could build your future here, visit careers.fidelityinternational.com.

For more about our work, our approach to dynamic working and how you could build your future here, visit careers.fidelityinternational.com.