Threat and Vulnerability Management Analyst

Who We Are
Apex Fintech Solutions (AFS) powers innovation and the future of digital wealth management by processing millions of transactions daily, to simplify, automate, and facilitate access to financial markets for all. Our robust suite of fintech solutions enables us to support clients such as Stash, Betterment, SoFi, and Webull, and more than 20 million of our clients' customers.

Collectively, AFS creates an environment in which companies with the biggest ideas in fintech are empowered to change the world. As a global organization, we have offices in Austin, Dallas, Chicago, New York, Portland, Belfast, and Manila.

If you are seeking a fast-paced and entrepreneurial environment where you'll have the opportunity to make an immediate impact, and you have the guts to change everything, this is the place for you.

AFS has received a number of prestigious industry awards, including:

• 2021, 2020, 2019, and 2018 Best Wealth Management Company - presented by Fintech Breakthrough Awards
• 2021 Most Innovative Companies - presented by Fast Company
• 2021 Best API & Best Trading Technology - presented by Global Fintech Awards

About This Role
Apex Fintech Solutions (AFS) is seeking a
Threat and Vulnerability
Management (TVM)
Analyst
who will serve as a member of our Security Operations Team. The TVM Analyst will play a crucial role in protecting the organization by identifying, assessing, reporting on, and helping to manage and remediate security vulnerabilities across the diverse technology landscape. The analyst will work with other teams on plans to prioritize and mitigate vulnerabilities that pose a risk to the organization, helping to reduce the attack surface and enhance the overall security posture. The role will also work closely with the Security Operation Center and provide support when required on day-to-day security threat monitoring, alerting triage, analysis, and response.

Duties/Responsibilities

• Perform regular vulnerability scanning, analysis and reporting across infrastructure, applications and cloud environments using available tooling.
• Analyze vulnerability data, threat intelligence, and contextual information to accurately assess, prioritize and validate findings.
• Collaborate with IT, systems, networks, engineering and business system owners to track, support and verify timely remediation of identified vulnerabilities according to SLAs.
• Responsible for the creation, documentation, assigning, updating and follow-ups on vulnerability tickets.
• Assist in the development, documentation, and maintenance of the vulnerability management program, including policies, procedures and standards.
• Stay up to date with the latest cyber threats, attack vectors, vulnerability disclosures, and exploitation techniques.
• Investigate, document, and report on threats and emerging trends.
• Analyze and respond to undisclosed, zero-day, & discovered software and hardware vulnerabilities.
• Create clear and actionable vulnerability reports and metrics for various stakeholders, including management and technical teams.
• Help provide risk assessments relating to vulnerability findings.
• Contribute to the continuous improvement of the TVM program by identifying opportunities for process enhancement, automation and new tooling.
• Work within the Security Operation Center (SOC) team to provide support when required, investigating alerts and triaging.
• Provide Incident Response (IR) support when analysis confirms an actionable incident.

Education And/or Experience

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field (or equivalent work experience) required
• 2+ years of professional experience in vulnerability management, information security or similar field.
• Proven experience with vulnerability scanning and management platforms.
• GCIA, GCIH, GCFE, GCFA, Security+, CCNA CyberOps, OSCP, GPEN, GWAPT, CEH, qualifications preferred

Required Skills/Abilities

• Excellent analytical and problem-solving skills with the ability to assess and prioritize vulnerabilities based on risk, impact and exploitability.
• Excellent communication skills, both written and verbal, with the ability to articulate technical vulnerabilities and remediation steps to diverse audiences, both technical and non-technical.
• Strong understanding of network protocols (TCP/IP, DNS, HTTP, FTP, SSH, SSL/TLS), operating systems, web application security and cloud security vulnerabilities.
• Knowledge of common vulnerability scoring systems, CVSS, EPSS.
• Knowledge of technical security solutions (such as but not limited to firewalls, SIEM, NIDS/NIPS/HIDS/HIPS, EDR, DLP, SOAR, proxies, network behavioural analytics, orchestration, automation and cloud security).
• Knowledge of network, infrastructure, cloud and application system technologies and practices
• Ability to communicate effectively by contributing significantly to the development and delivery of a variety of written and visual documents for diverse audiences.
• Ability to change and demonstrate adaptability by adjusting priorities or processes and approaching as needs dictate.
• Ability to work independently as a team representative of Information Security as well as showing excellent teamwork skills.
• Ability to develop thorough documentation and reports on threats and vulnerabilities.
• Ability to work independently with minimal supervision and as a proactive member of a team in a fast-paced, evolving environment.
• Desire for continual learning of new technologies and developing knowledge / skills.

Work Environment

• This job operates in a hybrid, office environment 2 days per week.

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties, or responsibilities required of the employee for this job. Duties, responsibilities, and activities may change at any time with or without notice.
Our Rewards
We offer a robust package of employee perks and benefits, including a market-leading salary with an annual bonus, 20 days of vacation leave plus regular and special non-working holidays, and a training and development budget. Our benefits also cover private health insurance for medical and dental, as well as life insurance. We emphasize work-life balance with flexible working hours, parental leave, a modern city center office, and a hybrid work schedule that allows for greater flexibility by partially working from home. Additional perks include monthly team lunch-outs, unlimited drinks and snacks, and company recognition & rewards.

EEO Statement
Apex Fintech Solutions is an equal opportunity employer that does not discriminate on the basis of race, color, religion, sex (including pregnancy, sexual orientation, and gender identity), national origin, age, disability, veteran status, marital status, or any other protected characteristic. Our hiring practices ensure that all qualified applicants receive fair consideration without regard to these characteristics.

Disability Statement
Apex Fintech Solutions is committed to creating an inclusive and accessible workplace for all candidates, including those with disabilities. We are dedicated to ensuring equal employment opportunities and providing reasonable accommodations to qualified individuals with disabilities. If you require reasonable accommodations to participate in the application or interview process, please submit your request via the Candidate Accommodation Requests Form. We will work with you to provide the necessary accommodations to ensure your full participation in our hiring process.