Overview

Fitch Group is a leading, global financial information services provider delivering vital credit and risk insights, robust data, and tools to champion more efficient, transparent financial markets. With over 100 years of experience and colleagues in over 30 countries, Fitch Group values credibility, independence, and transparency across its structure, which includes Fitch Ratings and Fitch Solutions. With dual headquarters in London and New York, Fitch Group is owned by Hearst.

Fitch's Technology & Data Team is a dynamic department where innovation meets impact. Our team includes the Chief Data Office, Chief Software Office, Chief Technology Office, Emerging Technology, Shared Technology Services, Technology Risk, and the Executive Program Management Office (EPMO). We invest in cutting-edge technologies like AI and cloud solutions and offer a diverse range of roles and backgrounds united by a shared passion for leveraging modern technology to drive projects that matter to our organization and clients. We are recognized by Built In as a Best Place to Work in Technology for three years in a row. Whether you’re an experienced professional or just starting your career, Fitch offers an exciting and supportive environment to grow, innovate, and make a difference.

Want to learn more about a career in technology and data at Fitch? Visit the data & technology career page at Fitch.

Fitch Group is currently seeking a Senior Security Analyst based out of our Manchester or Warsaw office. We are seeking a Senior Security Analyst to join our Vulnerability Management team. The successful candidate will have experience in Application Security and be ready to branch out to vulnerability management across a landscape of application, infrastructure, cloud, and special assessment security observations. This role will be responsible for identifying, assessing, and managing vulnerabilities across our technology landscape. This role involves working closely with infrastructure, application, and cloud engineering teams to provide recommendations for remediating security observations and ensuring timely remediation of security risks and alignment with industry best practices and regulatory requirements.

Responsibilities

• Use existing tools to conduct automated vulnerability assessments
• Interpret and risk assess scan results from software applications, cloud resources, and infrastructure systems
• Collaborate with various teams within Fitch to assist with prioritization of vulnerabilities and ensure remediation occurs within the expected timelines
• Ensure all detected vulnerabilities, from manual or automated testing, are logged and tracked in a ticketing system to facilitate remediation, leadership metrics reporting, and audit readiness
• Bring an AI-first mindset; identify and act upon opportunities to automate vulnerability analysis and prioritization, as well as administrative tasks, while improving the quality of the output to help developers achieve remediation easily
• Perform validation testing of remediated vulnerabilities using automated testing tools and manual testing techniques
• Research and analyze vulnerabilities to determine true risk to Fitch, considering exploitability, asset exposure, business impact, and compensating controls
• Apply cyber risk quantification techniques to analyze vulnerability severities
• Create and maintain metrics and dashboards using data from the ticketing system or other sources to support reporting to stakeholders across Fitch
• Assist with security audits and compliance initiatives related to vulnerability management

Qualifications

• Proven experience with managing vulnerabilities from automated scanning tools (e.g., SAST, DAST, SCA platforms such as Checkmarx, Veracode, SonarQube, Fortify, Burp Suite, OWASP ZAP, Black Duck, Snyk, etc.)
• Strong ability to research and analyze vulnerabilities to determine true risk to the organization considering exploitability, asset exposure, business impact, and compensating controls
• Ability to perform manual source code reviews with application developers
• Demonstrated skill in applying cyber risk analysis to prioritize vulnerabilities
• Experience leveraging AI-powered security tools or platforms
• Excellent English language communication skills for both technical and non-technical audiences, with the ability to collaborate across teams and present findings clearly

What Would Make You Stand Out

• Experience in application security, automated scanning tools, cloud applications, reviewing web application penetration testing results, and infrastructure vulnerability scanning concepts
• Experience with security-related and secure coding regulatory requirements and frameworks, including DORA, NIST, ISO 27001 and other relevant standards
• Familiarity with audit processes and the ability to respond to client and auditor inquiries related to vulnerability management
• Experience using Power BI or similar tools to build dashboards from Jira or other data sources
• Certifications: General security (CISSP, Security+, GSEC); Cloud security (AWS Certified Security - Specialty, Azure Security Engineer Associate, GIAC Cloud Security Essentials, GIAC Public Cloud Security); vulnerability management (CompTIA CySA+, GIAC GCIH, CSSLP, GWAPT, or equivalent)
• Degree in Computer Science, Cybersecurity, Information Systems, or related field, or equivalent professional experience

Why Fitch

• Hybrid Work Environment: 2 to 3 days a week in office required based on line of business and location
• A Culture of Learning & Mobility: Dedicated trainings, leadership development and mentorship programs
• Investing in Your Future: Retirement planning, financial wellness and tuition reimbursement
• Promoting Health & Wellness: Comprehensive healthcare offerings
• Supportive Parenting Policies: Family-first policies including generous parental leave
• Dedication to Giving Back: Paid volunteer days and community engagement support

For more information visit our websites:
www.fitch.group | www.fitchratings.com | www.fitchsolutions.com

Fitch is committed to providing global securities markets with objective, timely, independent and forward-looking credit opinions. To protect Fitch\'s credibility and reputation, employees must avoid conflicts of interest. If selected, you may be asked to declare holdings or divest to prevent conflicts before beginning employment. Fitch is proud to be an Equal Opportunity and Affirmative Action Employer. We evaluate qualified applicants without regard to race, color, national origin, religion, sex, sexual orientation, gender identity, disability, protected veteran status, or other legally protected statuses.