Vulnerability Security Consultant in Brooklyn, OH at Key Bank- Corporate

Date Posted: 4/3/2018

Job Snapshot

Job Description


This role involves administering and maintaining Key’s enterprise vulnerability scanning tool, including managing asset groups, troubleshooting problems, researching discovered vulnerabilities, and producing scan reports as required by Key’s Vulnerability Management program with a focus on PCI compliance. The ideal candidate has experience in the information security and/or information technology fields. The candidate will perform security related PCI functions using current tools and will need to be proficient with the various tools to ensure effective and valid results. The candidate has solid technical background across a wide range of security disciplines and solutions. The candidate must have presentation, report writing and customer interface skills.

From a more general perspective, the candidate will be able to analyze and assess security risk and facilitate the development and implementation of effective compensating controls. This candidate will function within the Corporate Information Security team, but will ideally be effective across the entire security spectrum and able to analyze complex security issues and explain them in standard business language. Functional knowledge of both technical and business aspects of security is highly desirable.


- Utilize industry leading scanning tools and solutions to effect enhanced security posture for the company (especially in the area of vulnerability scanning/vulnerability management)
- Perform analysis of vulnerabilities to determine risk posture and findings requiring resolution from a security and business perspective.
- Broad understanding of network, server and desktop vulnerabilities and potential threat or attack vectors
-Works under limited direction/supervision; more autonomy
-Identifies and analyzes security risks, communicates risks to appropriate parties and ensures mitigation to enable risk-based business decision making
-Understanding of security and technology strategies, related security controls and processes, and general business/financial knowledge
-Strong security, networking and technical skills; solid and demonstrable comprehension of security including tools, controls, policies, threats and attacks
-Solid presentation development; thoughtful organization of content; takes audience into account; solid writing skills; can cohesively present and organize information in support of conclusions/findings; identifies and fills gaps in documentation
-Supports leadership and team; strong background and expertise in Information Security, understand the risks and issues facing Key from a security perspective; ability to tailor options to the client
- Will act as resource for incident response related activities. Collaborate with technical teams for security incident remediation and communication
- Create documentation of processes and ongoing associated enhancements
- Utilize industry leading tools and solutions to effect enhanced security posture for the company
- Interacts with partners as needed to explain vulnerability/incident response techniques, methodology and results to ensure appropriate business value
- Provides technical security consulting support to address business and technology projects and requests
- Interfaces with technology partners and line of business areas
- Acts as single point of contact for assigned work
- Escalates problems in a timely manner
- Acts as a backup for other team members with a focus toward PCI related rule creation and content management


- Bachelors degree or equivalent work experience
- 3+ years of information security, incident response and/or information technologies experience
- Strong understanding of incident response and/or networking/PC concepts
- Proven ability to understand and analyze complex issues, then apply experience and judgment to develop sound recommendations especially as related to malware, eDiscovery, current threats/attacks and/or vulnerability management.
- Strong research and writing skills.
- Ability to work with little or no supervision after initial briefing.
- Knows when to notify management when deadlines are at risk.
- Experience in leading a team or significant project.
- Act as influencer of peers and management.
- Ability to communicate concisely, effectively and directly to executive management.

KeyCorp's roots trace back 190 years to Albany, New York. Headquartered in Cleveland, Ohio, Key is one of the nation's largest bank-based financial services companies, with assets of approximately $134.5 billion at March 31, 2017. Key provides deposit, lending, cash management, insurance, and investment services to individuals and businesses in 15 states under the name KeyBank National Association through a network of more than 1,200 branches and more than 1,500 ATMs. Key also provides a broad range of sophisticated corporate and investment banking products, such as merger and acquisition advice, public and private debt and equity, syndications, and derivatives to middle market companies in selected industries throughout the United States under the KeyBanc Capital Markets trade name. KeyBank is Member FDIC.

Key Technology and Operations (KTO) is Key Bank’s shared services organization for technology, operational, and servicing functions supporting business partners and clients across all lines of business. Within the overall organization, KTO provides efficient, reliable and secure technology; creates an effective variable cost technology delivery model that maximizes the return on IT spend; orchestrates the efficient use of corporate information and technology assets; and supports innovation that creates competitive distinction. KTO is effective and efficient in payment and deposit servicing, loan servicing, exception and dispute processing, investment and support services, sourcing and procurement, as well as enterprise-wide fraud prevention, investigations and operational support to human resources and the Bank’s BSA/AML program.


KeyCorp is an Equal Opportunity and Affirmative Action Employer committed to engaging a diverse workforce and sustaining an inclusive culture. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.

JobID: 28430BR