Senior Security Analyst - Manchester or Warsaw

As a leading, global financial information services provider, Fitch Group delivers vital credit and risk insights, robust data, and dynamic tools to champion more efficient, transparent financial markets. With over 100 years of experience and colleagues in over 30 countries, Fitch Group’s culture of credibility, independence, and transparency is embedded throughout its structure, which includes Fitch Ratings, one of the world’s top three credit ratings agencies, and Fitch Solutions, a leading provider of insights, data and analytics. With dual headquarters in London and New York, Fitch Group is owned by Hearst.

Fitch's Technology & Data Team is a dynamic department where innovation meets impact. Our team includes the Chief Data Office, Chief Software Office, Chief Technology Office, Emerging Technology, Shared Technology Services, Technology, Risk and the Executive Program Management Office (EPMO). Driven by our investment in cutting-edge technologies like AI and cloud solutions, we’re home to a diverse range of roles and backgrounds united by a shared passion for leveraging modern technology to drive projects that matter to our organization and clients. We are also proud to be recognized by Built In as a Best Place to Work in Technology 3 years in a row. Whether you're an experienced professional or just starting your career, we offer an exciting and supportive environment where you can grow, innovate, and make a difference.

Want to learn more about a career in technology and data at Fitch? Visit: https://careers.fitch.group/content/Data-and-Technology/

Fitch Group is currently seeking a Senior Security Analyst based out of our Manchester or Warsaw office. We are seeking a Senior Security Analyst to join our Vulnerability Management team. The successful candidate will have experience in Application Security and be ready to branch out to vulnerability management across a landscape of application, infrastructure, cloud, and special assessment security observations. This role will be responsible for identifying, assessing, and managing vulnerabilities across our technology landscape. This role involves working closely with infrastructure, application, and cloud engineering teams to provide recommendation for remediating security observations and ensuring timely remediation of security risks and alignment with industry best practices and regulatory requirements.

How You’ll Make an Impact:

• Use existing tools to conduct automated vulnerability assessments
• Interpret and risk assess scan results from software applications, cloud resources, and infrastructure systems
• Collaborate with various teams within Fitch to assist with prioritization of vulnerabilities and ensure remediation occurs within the expected timelines
• Ensure all detected vulnerabilities either from manual or automated testing process are accurately logged and tracked in a ticketing system to facilitate remediation, leadership metrics reporting, and audit readiness
• Bring an AI-first mindset; be able to identify and act upon opportunities to automate vulnerability analysis and prioritization, as well as administrative tasks, while improving the quality of the output to help developers achieve remediation as easily as possible.
• Perform validation testing of remediated vulnerabilities using automated testing tools and manual testing techniques such as with python scripting or otherwise
• Research and analyze vulnerabilities to determine their true risk to Fitch, considering factors such as exploitability, asset exposure, business impact, and compensating controls
• Apply cyber risk quantification techniques to analyze vulnerability severities
• Create and maintain metrics and dashboards using data from the ticketing system or other sources to support reporting to various stakeholders across Fitch
• Assist with security audits and compliance initiatives related to vulnerability management

You May be a Good Fit if:

• Proven experience with managing vulnerabilities from automated scanning tools (e.g., SAST, DAST, SCA platforms such as Checkmarx, Veracode, SonarQube, Fortify, Burp Suite, OWASP ZAP, Black Duck, Snyk, etc.)
• Strong ability to research and analyze vulnerabilities to determine true risk to the organization considering exploitability, asset exposure, business impact, and compensating controls
• Ability to perform manual source code reviews with application developers
• Demonstrated skill in applying cyber risk analysis to prioritize vulnerabilities 
• Experience, either in personal life or on the job, leveraging AI-powered security tools or platforms
• Excellent English language communication skills for both technical and non-technical audiences, with the ability to collaborate across teams and present findings clearly

 What Would Make You Stand Out:

• Experience in application security, automated scanning tools, cloud applications, reviewing web application penetration testing results, and infrastructure vulnerability scanning concepts
• Experience working with security-related and secure coding regulatory requirements and frameworks, including DORA, NIST, ISO 27001 and other standards relevant to financial services
• Familiariy with audit processes and the ability to translate and respond to client and auditor inquiries related to vulnerability management clearly and accurately
• Experience using Power BI or similar tools to build dashboards and visualizations from Jira or other data sources
• Certifications such as:
  • General security: CISSP, Security+, GSEC
  • Cloud security: AWS Certified Security – Specialty, Azure Security Engineer Associate, GIAC Cloud Security Essentials (GCLD), GIAC Public Cloud Security (GPCS)
• Vulnerability management: CompTIA CySA+, GIAC GCIH, CSSLP (Certified Secure Software Lifecycle Professional), GWAPT (GIAC Web Application Penetration Tester), or equivalent
• Degree in Computer Science, Cybersecurity, Information Systems, or a related field, or equivalent professional experience

Why Choose Fitch:

• Hybrid Work Environment: 2 to 3 days a week in office required based on your line of business and location

• A Culture of Learning & Mobility: Dedicated trainings, leadership development and mentorship programs designed to ensure that your time at Fitch will be a continuous learning opportunity
• Investing in Your Future: Retirement planning, financial wellness and tuition reimbursement programs that empower you to achieve your short and long-term goals
• Promoting Health & Wellness: Comprehensive healthcare offerings that prioritize a healthy body & mind
• Supportive Parenting Policies: Family-first policies, including a generous global parental leave plan, designed to help you balance career and family life effectively
• Dedication to Giving Back: Paid volunteer days and support for community engagement initiatives

For more information please visit our websites:   

www.fitch.group | www.fitchratings.com | www.fitchsolutions.com 

Fitch is committed to providing global securities markets with objective, timely, independent and forward-looking credit opinions. To protect Fitch’s credibility and reputation, our employees must take every precaution to avoid conflicts of interests or any appearance of a conflict of interest. Should you be successful in the recruitment process at Fitch Ratings you will be asked to declare any securities holdings and other potential conflicts prior to commencing employment. If you, or your immediate family, have any holdings that may conflict with your work responsibilities, you may be asked to divest yourself of them before beginning work.

Fitch is proud to be an Equal Opportunity and Affirmative Action Employer. We evaluate qualified applicants without regard to race, color, national origin, religion, sex, sexual orientation, gender identity, disability, protected veteran status, and other statuses protected by law.