<p>Who We are Looking For:</p> <p>This role will be a member of the Enterprise Patch Vulnerability Management Team.</p> <p>We are seeking a highly skilled and experienced individual to join our team as a Middleware Vulnerability Lead. In this role, you will be responsible for overseeing the identification, assessment, and remediation of vulnerabilities within our organization's Middleware & Messaging systems. Your expertise will be critical to ensure the security and integrity of our middleware platforms.</p> <p>What you will be responsible for:</p> <p>The right person for this role will have strong program management experience, strong communication skills, the ability to deliver multiple high priority projects simultaneously, the ability to drive negotiations across teams with competing priorities and be an advocate for risk management.</p> <p>Job Responsibilities:</p> <ul> <li> <p>Lead the Middleware vulnerability management program, focusing on identifying, assessing, and remediating vulnerabilities across various middleware and messaging platforms, including but not limited to WebSphere, Jboss, Tomcat, WebLogic, IBM HTTP Server, MQ Series, Kafka, Managed File Transfer.</p> </li><li> <p>Analyze vulnerability scan results and prioritize vulnerabilities based on severity, potential impact, and risk to the organization's data assets.</p> </li><li> <p>Collaborate with middleware and messaging administrators, system administrators, and IT security teams to develop and implement remediation plans for identified vulnerabilities.</p> </li><li> <p>Work closely with software development teams to address vulnerabilities in applications and ensure secure coding practices.</p> </li><li> <p>Implement and maintain middleware security best practices, including access controls, encryption, and data masking, to mitigate the risk of exploitation.</p> </li><li> <p>Monitor middleware patch management processes and ensure timely deployment of security patches and maintenance updates to address known vulnerabilities.</p> </li><li> <p>Provide guidance and support to middleware, messaging administrators and other stakeholders on secure configuration, hardening, and maintenance practices.</p> </li><li> <p>Stay current on emerging threats, vulnerabilities, and best practices related to middleware and messaging security through industry sources, vendor advisories, and professional networks.</p> </li><li> <p>Document processes, procedures, policies, standards related to middleware and messaging vulnerability management activities.</p> </li><li> <p>Ensure the Patching & Compliance Program satisfies remediation of cyber risks identified by Global Cyber Security, Corporate Audit, Technology Risk Management and Internal/External Regulators.</p> </li><li> <p>Drive Continuous Service Improvement by looking at lesson learns and gap analysis and implement improvement plans to automate, document, update and improve daily operation procedures</p> </li><li> <p>Develop reports using data that is hosted in multiple sources/tools (e.g., spreadsheets, dashboards) and communicate clearly to leadership.</p> </li></ul> <p>Education & Preferred Qualifications</p> <ul> <li> <p>Bachelor's degree in computer science, information technology, or related field.</p> </li><li> <p>10+ years of experience in middleware administration and web services production support production environment, with a focus on vulnerability management and patch remediation.</p> </li><li> <p>Ability to effectively coordinate and communicate between technical teams and business stakeholders with varying technical proficiencies</p> </li><li> <p>Strong understanding of middleware technologies, including application servers, web servers, messaging systems, and integration platforms.</p> </li><li> <p>Experience with vulnerability assessment tools, such as ServiceNow Security Ops Module, Qualys, Nessus,etc. patch management systems (Tanium, Ansible Tower), and scripting languages for automation (e.g., Python, PowerShell).</p> </li><li> <p>Knowledge of industry standard security frameworks, (NIST, COBIT, DORA, CIS, etc.) security principles, threat modeling, and common vulnerabilities affecting middleware applications and environments.</p> </li><li> <p>Excellent analytical and problem-solving skills with the ability to prioritize and manage multiple tasks in a dynamic environment.</p> </li><li> <p>Industry certifications such as Certified Information Systems Security Professional (CISSP), CISM, CISA</p> </li></ul> <p>This position offers the opportunity to play a key role in maintaining the security and resilience of our middleware infrastructure through proactive vulnerability management and patch remediation efforts. If you are passionate about middleware security and possess the technical expertise to address vulnerabilities effectively, we encourage you to apply.</p> <p>Salary Range:</p> <p>$125,000 - $200,000 Annual</p> <p>The range quoted above applies to the role in the primary location specified. If the candidate would ultimately work outside of the primary location above, the applicable range could differ.</p> <p>Job Application Disclosure:</p> <p>It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.</p> <p>State Street's Speak Up Line</p>