Sr. Analyst II -VAPT

Benefits

Additional Information

As one of the world's leading independent global investment firms, Invesco is dedicated to rethinking possibilities for our clients. By delivering the combined power of our distinctive investment management capabilities, we provide a wide range of investment strategies and vehicles to our clients around the world. If you're looking for challenging work, intelligent colleagues, and exposure across a global footprint, come explore your potential at Invesco. Job Description Key Responsibilities / Duties: - Perform vulnerability assessments across a wide range of technologies and infrastructure using tools such as Qualys, including network and wireless infrastructure, servers, platforms, containers, cloud environments, and high-value assets. - Review and analyze security vulnerability data to identify applicability and false positives. - Assist with ongoing assessment of Invesco perimeter assets to identify exposures and weaknesses. - Execute vulnerability triaging, escalation, and management workflows through innovation and continuous improvement. - Provide internal remediation support through the design, implementation and integration of network infrastructure and information security controls. - Participate in vulnerability management projects. Track deliverables and provide periodic updates to the leadership team. Escalate security and projects risk timely. - Respond appropriately to cyber risk incidents, the related investigations, managing situations with discretion, sensitivity, and objectivity, and with due consideration of chain-of-custody. - Have a thorough understanding of technological requirements for Invesco's systems and provide guidelines to effectively mitigate security risks. - Have a strong understanding of security compliance and perform compliance assessments using various tools across enterprise infrastructure, ensuring adherence to defined standards and controls. - Have a solid understanding of CIS benchmarks, with the ability to review and analyse compliance scan reports and support teams in driving effective remediation activities. - Have knowledge of cloud vulnerability management processes using tools such as Wiz, including continuous risk identification, assessment, and remediation across cloud environments. - Drive automation capabilities using tools such as Splunk to improve operational efficiency and minimize manual effort. - Utilize AI-driven capabilities to strengthen vulnerability management through advanced risk prioritization, automation, and proactive threat identification. - Respond timely to ServiceNow tickets as needed. - Keep current with industry best practices. - Other duties as assigned. Work Experience / Knowledge: - 8+ years of experience in Information Security, with strong focus on vulnerability Management. - Hands-on experience in cloud vulnerability management tools (e.g. Qualys, Wiz, CrowdStrike) for identifying, prioritizing, and remediating vulnerabilities across AWS and Azure environments. - Strong understanding of Patch management and remediation lifecycle processes. - Proven expertise in SLA-driven vulnerability remediation tracking and enforcement. - Experience managing end-to-end vulnerability lifecycle: Identification → Triage → Risk Assessment → Remediation → Closure Other Skills Required: - Good interpersonal skills (written and oral communication) and ability to communicate technical information clearly and concisely, commensurate with the audience. - Strong analytical skills with ability to define, collect, analyze data, establish facts, draw valid conclusions, and make sound decisions. - Conceptual thinking and communication skills - the ability to conceptualize complex business and technical requirements into comprehensible models and templates. - Must be a team player and motivated self-starter with ability to work independently and remotely with limited supervision. - Maintain strict confidentiality of all security issues including legal investigations, Compliance, and HR data requests License / Registration / Certification: - Preferred certification: Security +/Pentest +/ CISSP/CCSP / AWS Cloud Practitioner. Full Time / Part Time Full time Worker Type Employee Job Exempt (Yes / No) Yes Workplace Model At Invesco, our workplace model supports our culture and meets the needs of our clients while providing flexibility our employees value. As a full-time employee, compliance with the workplace policy means working with your direct manager to create a schedule where you will work in your designated office at least three days a week, with two days working outside an Invesco office. Why Invesco In Invesco, we act with integrity and do meaningful work to create impact for our stakeholders. We believe our culture is stronger when we all feel we belong, and we respect each other's identities, lives, health, and well-being. We come together to create better solutions for our clients, our business and each other by bu