Who We are Looking For:

This role will be member of the Global Infrastructure Operations Continuous Service Improvement (CSI) team as part of 24*7*365 Production Management organization. An organization that delivers highly secure, reliable, efficient infrastructure technology operations services that are focused on the needs of all State Street business. Responsible for delivering continuous improvement across various infrastructure operations towers by supporting the ITIL framework to improve processes, which ultimately improve our business.

We are seeking a skilled Middleware Application Vulnerability Patch Remediation Specialist to join our team, responsible for identifying, prioritizing, and remedying vulnerabilities within our middleware applications and environments. The ideal candidate will have a strong background in middleware technologies, experience in vulnerability management, and a proactive approach to addressing security risks.

What you will be responsible for:

The right person for this role will have a strong track record of program management experience, the demonstrated ability to deliver multiple high priority projects simultaneously, the ability to drive alignment across teams with competing priorities and be a strong advocate for risk management.

Job Responsibilities:

· Individual will play a direct role in vendor management, overseeing the scheduling and implementation of the patching activities across all platforms.

· Support and Drive remediation of cyber risks identified by Global Cyber Security, Corporate Audit, Technology Risk Management and Regulators.

· Participate in engineering and technical solutioning to strengthen controls and improve effectiveness of the Patching & Compliance Program.

· Participate in the continuous improvement of the existing and the development of new automation solutions to enhance effectiveness of the program.

· Ensure the Patching & Compliance Program satisfies all Internal & External Regulatory and Compliance standards

· Support Regulatory and Audit inquiries providing insight to the Patching & Compliance Program and detailed evidence when requested.

· Provide Information Technology risk management and compliance support to ensure effective identification, measurement, control and management of the relevant risks

· Identify and manage IT risk by maintaining effective internal controls and escalating as appropriate any deficiencies to management and/or applicable technology governance boards.

· Drive Continuous Service Improvement by looking at lesson learns and gap analysis and implement improvement plans to document, update and improve daily operation procedures

· Develop reports using data that is hosted in multiple sources/tools (e.g., spreadsheets, dashboards) and communicate clearly to leadership and other cyber security teams

· Engage with Application engineering leads and SRE/IT teams to coordinate vulnerability remediation from technical and policy compliance perspectives

· Track and monitor key milestones or after significant change in the environment to identify network, infrastructure, and configuration vulnerabilities

· Perform ad-hoc data remediation, clean-ups, and reporting using large complex data sets for high-priority security remediations

· Conduct regular assessments and scans of middleware applications, platforms, and systems to identify vulnerabilities, security weaknesses, and misconfigurations.

· Collaborate with development teams, system administrators, and security analysts to prioritize and remediate identified vulnerabilities based on severity and potential impact.

· Research security advisories, vendor patches, and industry best practices related to middleware technologies (e.g., Apache Tomcat, IBM WebSphere, JBoss) to stay informed about emerging threats and patches.

· Develop and maintain patch management processes, procedures, and automation scripts to streamline vulnerability remediation efforts and ensure timely patch deployment.

· Coordinate with vendors and support teams to test and validate patches for compatibility, functionality, and stability before deployment in production environments.

· Monitor patch deployment progress, track remediation status, and maintain accurate records of patching activities and compliance.

· Provide technical guidance and support to IT teams and stakeholders regarding patching procedures, troubleshooting patch-related issues, and maintaining system availability and integrity.

· Perform root cause analysis of security incidents and breaches related to middleware vulnerabilities and implement corrective actions to prevent recurrence.

· Conduct vulnerability trend analysis and reporting to identify common vulnerabilities, recurring issues, and areas for improvement in the patch management process.

· Stay abreast of emerging technologies, security trends, and industry developments in middleware security to continuously enhance the organization’s security posture.

What we value

· Bachelor’s degree in computer science, information technology, or related field.

· 10+ years of experience in middleware administration, with a focus on vulnerability management and patch remediation.

· 10+ years of experience in Web Services Production Support

· Ability to effectively coordinate and communicate between technical teams and business stakeholders with varying technical proficiencies

· Strong understanding of middleware technologies, including application servers, web servers, messaging systems, and integration platforms.

· Experience with vulnerability assessment tools, patch management systems, and scripting languages for automation (e.g., Python, PowerShell).

· Knowledge of security principles, threat modeling, and common vulnerabilities affecting middleware applications and environments.

· Excellent analytical and problem-solving skills with the ability to prioritize and manage multiple tasks in a dynamic environment.

· Effective communication skills with the ability to collaborate across teams and convey technical information to non-technical stakeholders.

· Industry certifications such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), or GIAC Certified Incident Handler (GCIH) are a plus.

This position offers the opportunity to play a key role in maintaining the security and resilience of our middleware infrastructure through proactive vulnerability management and patch remediation efforts. If you are passionate about middleware security and possess the technical expertise to address vulnerabilities effectively, we encourage you to apply.

Salary Range:

$135,000 - $217,500 Annual

The range quoted above applies to the role in the primary location specified. If the candidate would ultimately work outside of the primary location above, the applicable range could differ.

Job Application Disclosure:

It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.

State Street’s Speak Up Line