Direkt zum Inhalt

Senior Vulnerability Management and Baseline Management Engineer (Ref. 1323)

Bank J. Safra Sarasin Ltd is a leading sustainable private bank, offering all the advantages of the Swiss banking environment together with dynamic and personalised advisory services focusing on opportunities in international financial markets. The Bank provides a high level of services and expertise when acting as investment advisor and asset manager for private and institutional clients. Financial strength, excellent client services and outstanding quality are therefore key elements of its corporate philosophy.
J. Safra Sarasin’s most valuable capital is its employees. They are essential to the success of the organisation, now and in the future. Their technical expertise, professional qualifications and social skills are highly valued by the Group’s clients, management and business partners. The success of J. Safra Sarasin depends on the enthusiasm and commitment of every one of its employees worldwide.
Chief Operating Officer
Senior Vulnerability Management and Baseline Management Engineer (Ref. 1323)
Function/Position objectives
The Senior Vulnerability Management Engineer will work as a subject matter expert/hunter. He will be the leader of the all vulnerability management program and baseline management program for the group in a security operations center (SOC), and will be responsible in a hands-on position, to analyze vulnerabilities discovered and baseline deviations, and propose security measures to mitigate the origin of the problems. In that sense the senior vulnerability management engineer will interact on a daily basis with information technology (IT), information security and business teams to resolve the vulnerabilities and baseline deviations.
The right candidate will be able to start from scratch a vulnerability management project and baseline management project and organize the relevant program for the Bank, and will lead all process definition regarding integration with a Security Operations Center. As a consultant hat, the vulnerability management engineer will be responsible to define with Business, Information Technologies and Information Security leaders which are most critical vulnerabilities that must be resolved first, and prioritize consequently: Moreover, the vulnerability management and baseline management engineer will follow the resolution of identified vulnerabilities and baseline deviations with IT teams and retest every issue before considering a vulnerability or baseline deviation as resolved.
  • Acts as a IT vulnerabilities hunter and baseline deviations manager; Performs deep-dive vulnerabilities and baseline deviations analysis;
  • Designs, and deploys the vulnerability management infrastructure out of open source tools for the group covering international locations; Determines if a critical system or data set has been impacted; Advises on remediation; Provides support for new analytic methods for detecting threats;
  • Develops, documents and manages vulnerability management projects and baseline projects;
  • Develops as required scripts for automatization of vulnerability management and baseline management;
  • Maintains current knowledge of tools and best-practices in advanced persistent threats; tools, techniques, and procedures of attackers;
  • Be a technical reference for trends in vulnerabilities and attack technics published associated with cyber security;
  • Elaborate processes to integrate vulnerabilities management and baseline management with SOC process; Develop automatization vulnerability framework avoiding to generate false positive;
  • Maintain confidentiality of operations and investigations.
  • Postgraduate degree in information technology (IT) or information security area;
  • At least 10 years' experience in information security specialized in vulnerability management;
  • At least two worldwide recognized of following certifications to prove deep and vast security knowledge: CISSP: Certified Information Systems Security Professional; SANS SEC503: Intrusion Detection In-Depth; SANS SEC504: Hacker Tools, Techniques, Exploits and Incident Handling; SANS FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques; CEH: Certified Ethical Hacker;
  • Previous experience with interacting with a Security Operation Center (SOC); Experience with script language, and programing (Ruby mandatory, and nice to have C, Perl, Bash, Python, JavaScript);
  • Expertise in analysis of TCP/IP network communication protocols (TCP, UDP, DNS, SMTP, FTP, etc.); Knowledge in scanners technology (Nessus as mandatory , and nice to have Openvas, Nmap, etc.);
  • Version control and ticketing tools (GIT, Jira, Github); DevOps skills (Docker, Vserver, LXC, Vmware); Deployment tools (Ansible, Puppet, Chef);
  • Knowledge in regular expression; Team working skills.
Activity rate
100 %
Please send your application to: