Fidelity TalentSource is your destination for discovering your next temporary role at Fidelity Investments. We are currently sourcing for a Cybersecurity Analyst to work within Fidelity's Enterprise Cybersecurity Division in Westlake, TX!
The mission of the Secure Software Development Lifecycle (SSDLC) team is to protect Fidelity's assets and our customers’ livelihoods from the threat of exploitation by malicious adversaries.
The SSDLC team does this by providing secure software development training, static and dynamic application scanning, software composition analysis and secrets scanning tooling services aimed at preventing vulnerabilities from being introduced into code and ensuring that deployed code is scanned routinely and identified vulnerabilities are addressed, working with the software development teams in a positive, collaborative, and innovative manner.
Our Vision
- We aspire to be a best-in-class team, with fully engaged, passionate members.
- Producing high-quality work in a consistent, effective, efficient, customer-oriented manner.
- Providing competitive advantage to the firm and serving as a differentiator in the marketplace.
- Serving as a role model for others across the Enterprise and wider industry.
- And driving advancement and research in the cybersecurity space.
Fidelity has a large and diverse portfolio of products. This provides a varied and interesting role giving the team the opportunity to work on a multitude of different areas of the business.
Collaborating with our learning team, this role will develop and upkeep a hands-on app security training program using a top industry platform.
The Expertise We’re Looking For
- Bachelor’s degree or equivalent experience
- 5+ years of IT experience with at least 2 of these being in a hands-on application security role
- Strong understanding of common application security vulnerabilities such as the OWASP Top 10 for Web, API and Mobile applications
- Intermediate development experience with a language such as Java, .Net or Node.js would be advantageous
- Experience working within an Agile development or DevOps/DevSecOps team would be a plus
- Preferred: Experience using a SAST / DAST assessment tool
- Preferred: Hands-on industry security certification such as eLearnSecurity, Portswigger, Offensive Security, CSSLP, AWS/Azure, SANS
The Purpose of Your Role
- Support the broad Fidelity business via execution of security scan execution, analysis and review.
- Using our security champions program, collaborate with key business units to promote and embed standard methodologies for security within their team’s development processes
- Stay current on security standard methodologies and vulnerabilities.
The Skills You Bring
- Working knowledge of secrets management and remediation
- Understanding of OWASP Top 10
- Strong knowledge of application security mechanisms such as authentication and authorization techniques, data validation, and the proper use of encryption
- Technical knowledge of, and the ability to recognize, various types of application security vulnerabilities
- Experience with SAST and DAST tools
- Intermediate knowledge of a programming or scripting language such as C, C#, Python, Objective C, Java, Javascript, SQL,
- Proven analytical and problem-solving skills, as well as the desire to assist others in solving issues
- Excellent interpersonal skills with a strong interest in the application security domain
- Excellent communication and presentation skills and a proven ability to communicate threats and facilitate progress towards long-term remediation
- Highly motivated with the willingness to take ownership / responsibility for their work and the ability to work alone or as part of a team.
The Value You Deliver
Fidelity provides key financial services to a wide variety of demographics. In many instances we are managing our customers financial future and savings. This is something we take very seriously. Protecting our customers and their data is of paramount importance to us. This role plays a key part in helping to protect the livelihoods of our customers around the world and plays a significant part in preventing real-world cyberattacks.
How Your Work Impacts the Organization
The Automated Application Vulnerability Detection (AAVD) team forms part of Application Security product line within Enterprise Cybersecurity (ECS). The goal of the application security product line is to proactively identify and remediate vulnerabilities in Fidelity’s applications and infrastructure. We work very closely with key Business Units to ensure that they remain secure while they deliver key projects to advance the firm.
Dynamic Working – Post Pandemic
Fidelity’s working model blends the best of working offsite with maximizing time together in person to meet associate and business needs. Currently, most hybrid roles require associates to work onsite all business days of their assigned two full weeks.