Share this Job

Assistant Manager - Technology Services

Date Posted: Nov 10, 2021

Location: Noida, IN, 0

Company: MetLife

Assistant Manager - Technology Services

Position Summary

 

This candidate would be responsible to contribute to the overall cyber risk efforts and would play a key role in maintaining and continuing to enhance the cyber risk framework for MetLife. This will include working closely with offshore partners to develop and perform cyber risk assessments. Will have opportunity working across multiple security disciplines, organization functions and departments.

 

Will have expert knowledge in managing and remediating vulnerabilities across the network environment

 

Must have experience in conducting Infra & Application Level audits, conducting Information Security audits, vendor risk assessments, and regulatory compliance audits.

 

The candidate must be able to clearly communicate both written and orally, and present products and ideas in a business-like manner.

 

Strong interpersonal skills are required due to continual interaction with clients, managers, and users with varying technical backgrounds in a fast-paced work environment.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Job Responsibilities

 

Essential Functions

  1. Minimum 5+ years’ experience in understanding of vulnerabilities, threats, risk and attack vectors to identify areas for potential attacks and systemic security issues
  2. Use the QualysGuard Vulnerability Management Connector to import vulnerability scan information into Kenna
  3. Use Kenna to analyzes and prioritizes application vulnerabilities to determine which pose the most risk
  4. Use Splunk for analyzing complex threats as well use case creation, dashboards tuning, and log source configuration
  5. Run daily queries on Splunk and report out for identify Pan Threat “Domains”, Filenames, Ransomware
  6. Use intelligence collection and reporting tools and frameworks to produce vulnerabilities reports/scorecards (Kenna/Qualys/Splunk/Cycognito)
  7. Analyze scans/reports from security scanning tools and other internal security tools related to risk and vulnerability
  8. Ability to develop and implement security procedures and controls
  9. Recommend enhancements or remediation for identified infrastructure vulnerabilities/findings
  10. Support in timely mitigation of compliance and operational risks
  11. Interact with different regional security teams daily in context to suspicious activities reported for compromised assets for containment
  12. Prepare and present research findings in both client and public settings
  13. Monitor the cyber threat environment to incorporate trends in potential attack activities
  14. Prepare reports by collecting, analyzing, and summarizing data and trends on cyber-threats and convey potential impact
  15. Prioritize remediation activities with operational teams through risk ratings of vulnerabilities and assets
  16. Generate coherent visualized data
  17. Maintain vulnerability scanning toolset
  18. Configure, manage, and monitor Palo Alto Networks firewalls using the web interface, CLI, and API management interface
  19. Firewall configuration assessment
  20. Firewall configurations at host level
  21. Firewall vulnerability/assessments
  22. Firewall rules review
  23. Firewall security features monitoring

Knowledge, Skills and Abilities

 

Education

  • IT Graduate
  • A Bachelor's degree/Diploma in Computer Science / Information Technology

Experience

  • 5 years of experience in IT Risk & Security as well operational experience in administering Firewalls
  • Must have networking TCP/IP routing protocol experience
  • Must have a working experience of Kenna, Qualys, Symantec, Splunk & Cycognito tools
  • Experience with Agile and the ability to work with at least one of the common frameworks
  • Must process problem solving, planning, and analytical skills to drive continuous improvements
  • Experience analyzing scans/reports from security scanning tools and other internal security tools related to risk and vulnerability

Knowledge and skills (general and technical)

  • Excellent command of cybersecurity organization practices, operations risk management processes, principles, architectural requirements, engineering threats and vulnerabilities, including incident response methodologies
  • Strong understanding of the following: networking fundamentals (all OSI layers, protocols), Windows/Linux/Unix/Mac operating systems, OS and software vulnerably and exploitation techniques
  • Expertise within the Infrastructure domain to support a culture of risk identification, escalation and timely mitigation of compliance and operational risks
  • Deep understanding of Not Permitted Technology, infrastructure patching, middleware, Data Center migrations and other infrastructure risk activities impacting the application teams
  • Extensive knowledge of standards of intelligence collection and analysis research methods
  • Extensive knowledge of Firewall and Networking
  • Ability to configure, manage, and monitor Palo Alto Networks firewalls using the web interface, CLI, and API management interface
  • Knowledge and hands on experience in Whitelisting & blacklisting user access
  • Reviewing Firewalls to ensure that business and compliance requirements are clearly defined
  • Application Infrastructure Diagrams and technology used behind the application development
  • Complete understanding on all phases of application SDLC cycle
  • Experience with Agile and the ability to work with at least one of the common frameworks
  • Must communicate clearly and effectively about infrastructure risks and provide viable remediation options as needed
  • Hands on experience in vulnerability management tools like Kenna and Qualys
  • Understanding of CVE/CVSS
  • Qualys Appliances / Scanners management
  • Symantec LCPs and devices logs issue handling
  • Knowledge of eGRC tools like Archer 5.x
  • Should be MS Excel expert (Pivots, VLOOKUP, Macros, Automation etc.)
  • Knowledge on standards like ISO 27001, PCI-DSS, HIPAA, SSAE 16, SOX 404
  • Knowledge on CobIT and NIST framework
  • Certifications like MCSE/CISSP/CEH/CISA/CRISC/ISO27001/CISM
  • Communication skills - should be able to read, interpret business documents
  • Possesses positive attitude to create an “easy to do business with" environment for MetLife internal/external customers
  • Escalate issues if required
  • Team work / Managing Self / Adaptability
  • Ability to work successfully in production driven environment
  • Adaptability to change
  • Customer Service Orientation - Possess desire and focus efforts on discovering, meeting and exceeding the customer or client’s needs
  • Preferred Knowledge of Power BI development and at Analytics skills

 

Other Requirements (licenses, certifications, specialized training – if required)

  • Should have knowledge on ISO 27001, PCI-DSS, HIPAA, SSAE 16, SOX 404, NIST & CobIT framework
  • Must have performed application level ITGC based audits
  • Must have at least Certification in one - CEH, CISA, CISM, ISO 27001 would be an added advantage
  • Firewall Certification – Checkpoint Security, Palo Alto Security or CISCO ASA Security will be an added advantage

 

Working Relationships

Internal Contacts

(and purpose of relationship):

 

  • TL/AM/UM/Manager for the purpose of reporting performance, escalation handling, clarifying concerns, seeking feedback, monthly evaluation of performance and support
  • Administrators & Engineers for the purpose of seeking cooperation & clarification on process-related matters & providing assistance and support when required
  • Subject Matter Expert for the purpose of work thread related issues and escalated transactions
  • Trainers for the purpose of pre-process and process training

External Contacts

(and purpose of relationship) – If Applicable

 

  • Stateside Team SME’s for the purpose of training, queries, feedback and audit
  • MetLife (US) Supervisors
  • MetLife Application Developers & Project Managers

 

MetLife:

 

MetLife, through its subsidiaries and affiliates, is one of the world’s leading financial services companies, providing insurance, annuities, employee benefits and asset management to help its individual and institutional customers navigate their changing world. Founded in 1868, MetLife has operations in more than 40 countries and holds leading market positions in the United States, Japan, Latin America, Asia, Europe and the Middle East.

 

We are ranked #44 on the Fortune 500 list for 2019. In 2019, we were named to the Dow Jones Sustainability Index (DJSI) for the fourth year in a row. DJSI is a global index to track the leading sustainability-driven companies.      

 

MetLife is committed to building a purpose-driven and inclusive culture that energizes our people. Our employees work every day to help build a more confident future for people around the world.

 

MetLife is a proud Equal Employment Opportunity and Affirmative Action employer dedicated to attracting, retaining, and developing a diverse and inclusive workforce. All qualified applicants will receive consideration for employment at MetLife without regards to race, color, religion, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity or expression, age, disability, national origin, marital or domestic/civil partnership status, genetic information, citizenship status, uniformed service member or veteran status, or any other characteristic protected by law.