Senior Associate, Technology Control Management – Cyber Security Analyst
At BNY, our culture empowers you to grow and succeed. As a leading global financial services company at the center of the world's financial system we touch nearly 20% of the world's investible assets. Every day around the globe, our 50,000+ employees bring the power of their perspective to the table to create solutions with our clients that benefit businesses, communities and people everywhere.
We continue to be a leader in the industry, awarded as a top home for innovators and for creating an inclusive workplace. Through our unique ideas and talents, together we help make money work for the world. This is what #LifeAtBNY is all about.
We're seeking a future team member for the role of Senior Associate, Technology Control Management to join our Cyber Security Operations team. Job location of this role is in Pune, Maharashtra - HYBRID.
In this role, you'll make an impact in the following ways:
3 years+ experience in a SOC environment
Strong communication and collaboration skills
Fast high paced environment with the ability to work with strict timed deadlines
Strong prioritization and an ability to handle multi-tasking situations
A positive and enthusiastic attitude to investigate and find solutions to security problems
Hands on experience in the operation of security systems, including firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, content filtering, vulnerability management, etc.
Technical working knowledge of security systems including:
Network and application firewalls reviews and approvals
IDS/IPS systems
Web Proxies and Content Filtering
Endpoint security including antivirus, host-based firewalls and execution control (Trend Micro an advantage)
Authentication technologies (Active Directory)
Network Access Management.
Privilege Access Management (CyberArk would be an advantage)
VMWare including VDI
Vulnerability Management tools. (Qualys VMDR, CSAM and/or Asset management would be an advantage)
Endpoint Detection Response (EDR)
Pen-test write up and remediation
Forensics investigations
Cloud security in MS Azure
Experience of participating in security incident response including identification, preservation and interpretation of computer evidence
Familiarity with database and operating system security
Threat hunting
Defence in Depth techniques
Previous experience working in a technical information security role with similar responsibilities to the above
Experience in being a key stakeholder in projects with proof of concept
Experience in being 2nd line incident responder when liaising with MSSP
Experience in being on-call and escalate where necessary
Security Certification (e.g. CISSP, SANS, CEH)
Advantageous (not essential)
Cloud Secrets Management (Cloud Vaults / Key Management & Rotation / MFA / Passwords).
Scripting tool such as Python etc.
API Security
To be successful in this role, we're seeking the following:
Developing a familiarity with new tools and best practices for security operations
Defining, implementing and maintaining operational security processes
Reviewing and maturing the Identity and Access Management process in line with industry best practice
Reviewing incoming SOC requests/incidents
Assisting in the investigation of SIEM alarms, reported by the MSSP and performing on call once a month
Assisting in the operational support for the SIEM MSSP
Helping to develop and fully document new SIEM use cases including how to respond to alarms
Performing Cloud Security operations related checks
Developing and maintaining operational Security KRIs/KPIs
Maintaining technical documentation of operational security controls
Providing 1/2nd line security incident response capabilities within the Insight SOC
Creating schedules, writing up Pen-test findings from the report and following through mitigations/remediation plans
Assisting in the development of new and changes to existing security policies and standards
Supporting internal and external audits evidence gathering of cyber security
Chairing Vulnerability management meetings and following through on reports and remediation with the tech teams. Performing risk analysis on when vulnerability management incidents
Being integral to projects related to Security Operations
Staying up to date with the latest threat intelligence and threat hunting methodologies to recommend improvements to current processes and security controls
Performing DSAR requests
At BNY, our culture speaks for itself. Here's a few of our awards:
America's Most Innovative Companies, Fortune, 2024
World's Most Admired Companies, Fortune 2024
Human Rights Campaign Foundation, Corporate Equality Index, 100% score, 2023-2024
Best Places to Work for Disability Inclusion , Disability: IN – 100% score, 2023-2024
"Most Just Companies", Just Capital and CNBC, 2024
Dow Jones Sustainability Indices, Top performing company for Sustainability, 2024
Bloomberg's Gender Equality Index (GEI), 2023
Our Benefits and Rewards:
BNY offers highly competitive compensation, benefits, and wellbeing programs rooted in a strong culture of excellence and our pay-for-performance philosophy. We provide access to flexible global resources and tools for your life's journey. Focus on your health, foster your personal resilience, and reach your financial goals as a valued member of our team, along with generous paid leaves, including paid volunteer time, that can support you and your family through moments that matter.
BNY is an Equal Employment Opportunity/Affirmative Action Employer - Underrepresented racial and ethnic groups/Females/Individuals with Disabilities/Protected Veterans.
BNY Mellon is an Equal Employment Opportunity/Affirmative Action Employer. Minorities/Females/Individuals With Disabilities/Protected Veterans.
Our ambition is to build the best global team – one that is representative and inclusive of the diverse talent, clients and communities we work with and serve – and to empower our team to do their best work. We support wellbeing and a balanced life, and offer a range of family-friendly, inclusive employment policies and employee forums.
