What does a successful Senior Information Security Professional do?
As a Senior Information Security Professional, you will be responsible for ensuring vulnerabilities are accurate, prioritized, tracked and remediated across the enterprise application landscape, while collaborating across teams. The ideal candidate has a strong background in application security best practices and a proven ability to drive the remediation of security findings across multiple engineering and IT teams.
What you will do:
Application Security: Act as the subject-matter expert for application security, providing guidance to developers on secure coding practices and design principles throughout the SDLC.
Vulnerability Tracking: Monitor and enforce the execution of security testing, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA).
Issue and Mitigation Action Plan Management: Manage the entire lifecycle of security issues, from initial discovery and analysis to final remediation. This includes vulnerabilities identified from testing, audits, and security incidents.
Remediation Guidance: Collaborate with engineering and IT teams to prioritize and track the remediation of vulnerabilities. Translate technical findings into actionable guidance.
Process Automation: Develop and implement automation scripts and API integrations using tools like Python, PowerShell, or Bash to streamline security workflows and automate reporting.
Tool Management: Leverage security tools (e.g., SAST, DAST, SCA) and issue-tracking platforms (e.g., ServiceNow Vulnerability Response or Jira) to support the application and issue management programs.
Reporting and Metrics: Report on key security metrics, such as remediation timelines and vulnerability trends, to provide risk visibility to management and stakeholders.
What you will need to have:
Bachelor's degree in Computer Science, Information Security, or a related field; a Master's degree is a plus.
5+ years of experience in cybersecurity, with a significant focus on application security and vulnerability management.
Knowledge of security standards and frameworks, such as OWASP, NIST, and ISO.
Hands-on experience with application security testing tools like SAST, DAST, and SCA (e.g., Fortify, Sonatype, Snyk, Tenable, or Qualys).
Demonstrable experience with issue management and workflow platforms such as ServiceNow Vulnerability Response or Jira.
Proficiency in scripting languages like Python, PowerShell, or Bash for automation and reporting purposes.
Strong understanding of secure SDLC practices and integrating security testing into CI/CD pipelines.
Excellent communication, interpersonal, and project management skills with the ability to work with technical and non-technical stakeholders.
What would be nice to have:
CISSP, CSSLP, CISM, or GIAC (Candidates without these certifications must demonstrate a commitment to earning one within 12 months of hire).
Perks at Work:
We’re #FiservProud of our commitment to your overall well-being with a growing offering of physical, mental, emotional, and financial benefits from day one.
Maintain a healthy work-life balance with paid holidays, generous time off policies, including Recharge & Refuel time for qualifying associates, and free counseling through our EAP.
Plan for your future with competitive salaries, the Fiserv 401(k) Savings Plan, and our Employee Stock Purchase Plan.
Recognize and be recognized by colleagues with our Living Proof program where you can exchange points for a variety of rewards.
Prioritize your health with a variety of medical, dental, vision, life and disability insurance options and a range of well-being resources through our Fuel Your Life program.
Advance your career with training, development, certification, and internal mobility opportunities.
Join Employee Resource Groups that promote our diverse and inclusive culture where associates can share perspectives, exchange ideas, and elevate careers.
R-10370471
