Cyber Risk Analyst, AVP

Job Description

Job Description

New York, NY (Hybrid)

Salary Range : $110,000 - $130,000

The Cyber Risk Analyst acts as a subject matter expert in vulnerability management and plays a key role in mitigating enterprise risk for Apple Bank. This position is responsible for utilizing the Qualys platform to identify, assess, and prioritize vulnerabilities, while collaborating closely with IT and other business units throughout the organization to facilitate prompt remediation. Additionally, the Analyst will support security information and event management (SIEM) operations, identity monitoring, and broader security operations center (SOC) activities in coordination with the Bank’s managed security service provider (MSSP).

ESSENTIAL DUTIES & RESPONSIBILITIES

• Act as a subject matter expert on vulnerability management, providing guidance on the identification, assessment, and remediation of vulnerabilities using Qualys.
• Perform regular Qualys scans, validate results, and prioritize findings based on risk and business impact.
• Partner with IT teams and system owners to recommend remediation strategies, apply compensating controls, and track remediation progress.
• Provide input on vulnerability management processes and help refine workflows to improve efficiency and reduce risk exposure.
• Generate key performance and risk metrics to demonstrate vulnerability management progress and security value to management.
• Integrate vulnerability data into SIEM platforms to improve detection capabilities and incident response readiness.
• Recommend new detections for SIEM data sources and continuously tune existing detections to reduce false positives and improve visibility into true threats.
• Investigate identity-related alerts using Microsoft Defender for Identity to detect compromised accounts and abnormal activity.
• Support proactive investigations into malware, phishing, and anomalous behaviors with a focus on identifying root causes and driving remediation.
• Maintain up-to-date documentation and playbooks for vulnerability management activities, SOC processes, and detection use cases.
• Stay current on emerging threats, newly disclosed common vulnerabilities and exposures (CVEs), and attack techniques to advise leadership on risk implications.
• Provide timely reporting on open vulnerabilities, remediation status, SOC tickets, and overall incident trends.
• Perform additional duties as assigned.

SKILLS, EDUCATION, & EXPERIENCE

Visa sponsorship not available.

We are an equal opportunity employer and do not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, disability, military and / or veteran status, or any other Federal or State legally-protected classes.