Search
Header navigation
Cybersecurity Vulnerability Disclosure Analyst

Cybersecurity Vulnerability Disclosure Analyst

Fidelity Investments
locationWestlake, TX, USA
PublishedPublished: 3/12/2025
Full Time

Job Description:

Job Description

Are you looking for an opportunity to innovate, pursue new technologies, solve problems, and contribute to high-profile projects? Do you want to join a firm that’s making significant annual investment in technology? Then you’ve found the right place.

Fidelity has new opportunities for Cybersecurity Vulnerability Assessors to assist with our Vulnerability Disclosure Team. You’ll have full access to virtual training and learning opportunities, plus dynamic working resources to help you stay connected.

The Vulnerability Disclosure Team’s missions is to protect Fidelity's assets and our customers’ livelihoods from the threat of exploitation by malicious adversaries.

This is done by proactively enabling third party security researchers to identify and responsibly disclose vulnerabilities in our systems in a positive, coordinated, and innovative manner.

The team works closely with several teams in our AppSec space.

Our Vision

  • We aspire to be a best-in-class responsible disclosure team, with fully engaged, passionate members.
  • Producing high-quality work in a consistent, effective, efficient, customer-oriented manner.
  • Providing competitive advantage to the firm and serving as a differentiator in the marketplace.
  • Serving as a role model for others across the Enterprise and wider industry.

Fidelity has a large and diverse portfolio of products. This provides for a varied and exciting role by giving the team the opportunity to work across a multitude of different areas of the business.

The Role

  • You will interact directly and indirectly with security researchers outside of Fidelity to discuss vulnerabilities and their impact on our environment
  • You will research and reproduce the security vulnerabilities reported through the program and develop timely remediation plans in collaboration with technical leadership across the business
  • You will develop, document, and operationalize the procedures necessary to action and respond to externally sourced security reports
  • You will communicate program results and trend analysis with stakeholders on a regular cadence to insure continuous improvement of the overall enterprise cybersecurity program
  • As opportunities present, you will partner with other programs within our security assessments space, to include the Pre-Release Assessment team, to support proactive assessments of our environment.

The Expertise and Skills You Bring

  • Proficient technical knowledge of web applications and mobile technology.
  • Increasing proficiency in common web application vulnerabilities and can successfully exploit trivial to moderate complexity attacks.
  • Knowledge of how to defend against common web application vulnerabilities (OWASP Top 10)
  • Increasing proficiency in a programming language, ability to read multiple programming languages, and basic frameworks.
  • Knowledge of the essential features of tools used to validate reported vulnerabilities in code and running applications.
  • Hands-on experience with web application penetration testing
  • Hands-on experience with bug bounty and vulnerability disclosure programs would be preferred
  • Highly motivated with the willingness to take ownership / responsibility for your work and the ability to work alone or as part of a team.
  • Preferred: eWPT, eWPTX, CBBH, OSWE, or other industry recognized security certifications

The Team

The Vulnerability Disclosure Team forms part of the Security Assessment group within Enterprise Cybersecurity (ECS). The goal of the Security Assessment group is to proactively identify and remediate vulnerabilities in Fidelity’s applications and infrastructure. We work very closely with all of the key Business Units to ensure that they remain secure while they deliver key projects to advance the firm.

Certifications:

Category:

Information Technology

Fidelity’s hybrid working model blends the best of both onsite and offsite work experiences. Working onsite is important for our business strategy and our culture. We also value the benefits that working offsite offers associates. Most hybrid roles require associates to work onsite every other week (all business days, M-F) in a Fidelity office.