Associate, Vulnerability Management

Associate, Vulnerability Management

Country: United States of America

Your Journey Starts Here:

Santander is a global leader and innovator in the financial services industry. We believe that our employees are our greatest asset. Our focus is on fostering an enriching journey that empowers you to explore diverse career opportunities while nurturing your personal growth. We are committed to creating an environment where continuous learning and development are prioritized, enabling you to thrive both professionally and personally. Here, you will find ample opportunities to connect and collaborate with talented colleagues from around the world, sharing insights and driving innovation together. Join us at Santander, where you are supported by a culture of engagement and a commitment to your success.

An exciting journey awaits, if you are interested in exploring the possibilities We Want to Talk to You!

The Difference You Make:
The Associate, Information Security designs implements and monitors Financial/Accounting/Operational processes. The incumbent is responsible for detecting threats and vulnerabilities in target systems, networks, and applications by conducting systems, network and web vulnerability assessment / security testing. The Consultant, Information Security identifies the security flaws and weaknesses in the systems that can be exploited to cause business risk, and provides crucial insights into the most pressing issues, suggesting how to prioritize security resources.

• Conducts Penetration Testing (e.g., internal, external, wireless, physical, social, etc.); Post vulnerability assessment, work with various stakeholders to provide remediation to the identified risks and bring the same to closure.
• Conducts walk-through of the assessment report to the stakeholders and help define remediation plan.
• Follows a standard methodology to identify and/or detect threats to the IT infrastructure, applications and other information assets.
• Works with various teams to follow a pre-assessment plan/ and assessment schedule for every assessment, conduct threat assessment, and deliver an assessment report.
• Performs technical security assessments (e.g., Windows, UNIX, firewalls, routers, oracle, SQL server, etc.).
• Performs web application security assessments (e.g., exploiting web app vulnerabilities such as SQL injection, cross-site scripting, parameter manipulation, session hijacking, etc.
• Conducts vulnerability assessment on the target IT Infrastructure, applications and related information assets.
• Directs managers and a senior technical team to deliver security change in a global organization
• Provides direction and act as an escalation point on projects and issues to other team members
• Interacts with partners as needed to explain work product, security techniques, methodology and results to ensure appropriate business value
• Acts as senior resource for incident response related activities. Collaborate with technical teams for security incident remediation and communication.
• Acts as influencer of peers and management.
• Oversees management and deployment of security infrastructure including Vulnerability Management, WAF, Network Monitoring, Logging correlation, DDOS prevention and IPS/IDS.
• Provides technical security consulting support to address complex business and technology projects and requests.
• Contributes to strategic planning to evaluate, deploy or update security technologies.
• Analyzes and implements security solutions to meet customer requirements.
• Conducts risk assessments to evaluate the effectiveness of existing controls and determine the impact of proposed changes to business processes, applications and systems.
• Promotes cross-department collaboration and communication to ensure appropriate processes, procedures and tools are installed, monitored, and effectively operating and alerting
• Allocates and prioritizes security resources efficiently within the organization managing both resources and budgets
• Conducts security research on threats and remediation methods.
• Develops and maintains a set of operational and forward looking security metrics
• Conducts proof of concepts, vendor comparisons and recommend solutions in line with business requirements
• Oversees daily monitoring of security reports to identify issues and follow these issues to resolution
• Oversees security projects and the security testing of new and existing applications.
• Prepares system security reports by collecting, analyzing, and summarizing data and trends; presents reporting for management review.

What You Bring:
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Bachelor's Degree or equivalent work experience: Computer Science or equivalent field.

5+ Years Experience in information security, governance, IT audit, or risk management.
5+ Years SAS experience.

• Experience with risk assessments and compliance with major regulatory initiatives (e.g.  SOX, GLBA).
• Bilingual in English/Spanish is a plus.
• Protects the Company, customers and employees by mitigating and identifying technology threats to Santander.
• Create vulnerability scanning schedule and perform scans on a periodic and on an ad Hoc basis to identify vulnerabilities.
• Conducts vulnerability assessment on the target IT Infrastructure, applications and related information assets.
• Build a monthly scan plan for the vulnerability scanning team to ensure that vulnerability scans are performed on all assets noted in Configuration Management Database (CMDB).
• Identify vulnerabilities to be analyzed and prioritized based on the Common Vulnerability Scoring System (CVSS)
• Identify and monitor threats and vulnerabilities using threat intelligence.
• Experience with cyber security and information security program management and frameworks (e.g., NIST CSF, ISO/IEC 27000, etc.).
• Working knowledge of security systems or tools such as Qualys/Nessus and Systems management tools Microsoft SCCM, Red Hat satellite, Service Now (SNOW)
• Possess the ability to perform in a continuously dynamic environment.
• A hunger to learn and take on challenging opportunities contributing to the success of information security team.
• Possess a highly developed sense of personal accountability and follow-through with an ability to effectively prioritize multiple tasks and projects.
• Proven ability to work in team environment.
• Must take ownership, demonstrate a sense of urgency, and ensure accuracy and quality.

It Would Be Nice For You To Have:
Established work history or equivalent demonstrated through a combination of work experience, training, military service, or education.

What Else You Need To Know:

The base pay range for this position is posted below and represents the annualized salary range. For hourly positions (non-exempt), the annual range is based on a 40-hour work week. The exact compensation may vary based on skills, experience, training, licensure and certifications and location.

Base Pay Range

Minimum:

$80,625.00 USD

Maximum:

$132,500.00 USD

Link to Santander Benefits:

Santander Benefits - 2025 Santander OnGoing/NH eGuide (foleon.com)

Risk Culture:

We embrace a strong risk culture and all of our professionals at all levels are expected to take a proactive and responsible approach toward risk management.

EEO Statement:

At Santander, we value and respect differences in our workforce. We actively encourage everyone to apply. Santander is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, genetics, disability, age, veteran status or any other characteristic protected by law.

Working Conditions:

Frequent minimal physical effort such as sitting, standing and walking is required for this role. Depending on location, occasional moving and lifting light equipment and/or furniture may be required.

Employer Rights:

This job description does not list all of the job duties of the job. You may be asked by your supervisors or managers to perform other duties. You may be evaluated in part based upon your performance of the tasks listed in this job description. The employer has the right to revise this job description at any time. This job description is not a contract for employment and either you or the employer may terminate your employment at any time for any reason.

What To Do Next:

If this sounds like a role you are interested in, then please apply.

We are committed to providing an inclusive and accessible application process for all candidates. If you require any assistance or accommodation due to a disability or any other reason, please contact us at TAOps@santander.us to discuss your needs.