Senior Analyst-Infrastructure Operations_1888

Vulnerability Management [AVM] 

You are responsible for the local end-to-end vulnerability management process, you will manage local scan appliances and coordinate asset onboarding for IP- and agent-based scans, aligning with global policies. You perform compliance checks, manage authentication records, and conduct ad hoc scans as needed. You also generate and enrich monthly vulnerability reports and communicate the report with open findings to relevant teams/people. You track remediation efforts, escalate issues, when necessary, support teams in resolving vulnerabilities, and coordinate global remediation campaigns. You ensure effective communication and reporting on progress and KPIs. 

Operational Tasks 

1. Asset Onboarding and Scanning 

• Manage local scan appliances and coordinate the onboarding of assets for IP-based and agent-based scans, ensuring compliance with global scan policies. 

2. Agent Deployment and Compliance Checks 

• Coordinate the deployment of new Qualys agents with local teams and perform compliance checks on scan coverage and asset connectivity. 

3. Scan Management 

• Oversee weekly IP-based scans across various infrastructure components, manage authentication records, and conduct ad hoc scans as required. 

4. Reporting and Analysis 

• Generate monthly vulnerability reports, enrich them with local data, consolidate findings, and highlight high-priority issues for stakeholders. 

5. Remediation Tracking and Support 

• Track remediation efforts, escalate issues, support teams with expertise, and coordinate global remediation campaigns, ensuring effective communication and progress tracking. 

6. Communication and Reporting 

• Provide regular updates to local management, synchronize local and global reports, and manage whitelist requests for false positives. 
• Basic AI understanding is mandatory.

Hackability – Remediation Tracking [AVM] 

You will manage the monthly hackability reports received from Security Foundations (H4) for OE Allianz Switzerland, as well as the internal hackability report provided by the global SHARC team for the LE Allianz Technology Switzerland branch. These reports contain internal and external assets and their findings. For external reports, you will identify assets owned by OE and Allianz Technology's responsibilities as a service provider. You will assign findings to the appropriate remediation teams within the AzTec CH branch based on priority. The reports provide a list of findings and a Hackability Share, indicating the impact of each finding on the KPI. Allianz Technology is responsible for remediation across all assets for the internal report, focusing on findings not covered in the Vulnerability Report. These findings are typically from the Autobahn tool rather than Qualys. You will create Jira tasks for these findings, track progress, and support remediation teams with inquiries. You may receive assistance from Security Foundations. You will ensure that the agreed-upon KPI target is met. 

Operational Tasks 

1. Report Retrieval and Filtering 

• Monthly, retrieve Hackability Reports from SharePoint, filtering findings for which Allianz Technology is responsible. 

• For the Internal Hackability Report, concentrate on findings not included in the Vulnerability Report, typically sourced from the Autobahn tool. 

2. Task Creation and Prioritization 

• Address findings in the External Hackability Report to the appropriate remediation teams, focusing on OE-owned and SISP-responsible assets. 

• Create and assign Jira tasks for identified findings, incorporating recommended actions categorized as "Short-term / Tactical" to prioritize tasks and remediation efforts. 

• Provide relevant data such as affected business applications and IT Application Owners. 

3. Progress Tracking and Support 

• Track the progress of remediation tasks and support teams with inquiries, leveraging assistance from Security Foundations (H4) when necessary. 

4. Peer Alignment 

• Conduct a brief alignment with the OE peers under the OE CISO to ensure they manage their assigned findings. 

5. KPI Monitoring 

• Ensure remediation efforts align with maintaining the agreed KPI target, utilizing Hackability Share to assess impact. 

6. BugBounty Findings Evaluation and Coordination 

• Evaluate findings from the BugBounty program, ensure correct categorization, and coordinate remediation efforts with responsible teams. Manually calculate CVSS scores when necessary to determine the criticality and remediation timeframe. 

Allianz Group is one of the most trusted insurance and asset management companies in the world. Caring for our employees, their ambitions, dreams and challenges, is what makes us a unique employer. Together we can build an environment where everyone feels empowered and has the confidence to explore, to grow and to shape a better future for our customers and the world around us.  

At Allianz, we stand for unity: we believe that a united world is a more prosperous world, and we are dedicated to consistently advocating for equal opportunities for all. And the foundation for this is our inclusive workplace, where people and performance both matter, and nurtures a culture grounded in integrity, fairness, inclusion and trust. 

We therefore welcome applications regardless of ethnicity or cultural background, age, gender, nationality, religion, social class, disability or sexual orientation, or any other characteristics protected under applicable local laws and regulations. 

Join us. Let's care for tomorrow. 

Note: Having different strengths, experiences, perspectives and approaches is an integral part of Allianz‘ company culture. One means to achieve this is a regular rotation of Allianz Executive employees across functions, Allianz entities and geographies. Therefore, the company expects from its employees a general openness and a high motivation to regularly change positions and collect experiences across Allianz Group.