דרושים Malware Threat Intelligence Control Owner ב-Bank Of America ב-United States, Chicago

Job Description:

This job requires partnership with business function leaders, operations process owners and subject matter experts (SMEs), to provide an end to-end view of their processes, analyze impacts and data, and contribute to the optimization of the organization through data accuracy and completeness.

Key responsibilities include applying knowledge of laws, rules, regulations, and information security concepts (e.g., NIST, COBIT, ISO) to validate indicative data alignment to processes and controls to requirements.
Job expectations include using data analytics, identifying gaps in coverage and data inaccuracies, and support remediation activities.

At least 3 years of related experience required.

Responsibilities:
• Manage the process inventory, reflecting accurate information that supports effective decision making, and ensuring compliance to enterprise policy and standard requirements
• Ensures process information meet enterprise standards, adhere to applicable rules, laws, and regulations, and comply with appropriate treatment of risk
• Identifies information security gaps and remediation strategies
• Process analysis to improve data accuracy and completeness
• Process improvements based on enterprise and Global Technology guidelines, organization maturity, challenges and issue remediation
• Provide end-to-end high-quality view of processes within business functions with proper identification of hand-offs and process connectors
• Support the organization’s short-and-long term strategy
• Supports a strategy of continuous improvement and acts as liaison with Global Technology and Enterprise Process Management teams
• Prepare presentations and process overview utilizing models and complementary data to assist leaders in process re-engineering activities
• Partner with stakeholders to ensure the inventory aligns to GIS policy and standard requirements in support of adherence monitoring

Required Qualifications:
• Prior related experience or business exposure desired and strong delivery mindset
• Analytical and design-oriented mindset
• Data analytics and Problem Solving
• Data driven and Trend Analysis
• Delivery Excellence
• Strong presentation skills
• Excels in working among diverse viewpoints to determine the best path forward
• Excellent verbal and communications skills
• Quality Assurance
• Innovative and Critical thinking skills – ability to assess quantitative and qualitative data to identify key themes that require deeper analysis and assessmentOther Qualifications/Desired Skills:
• Ability to identify opportunities from a process efficiency perspective and continuously challenge current state of GIS processes
• Prior experience in Information Security desirable
• Preferred process improvement and Operational Excellence exposure
• Ability to understand new technologies, intellectually curious
• Commitment to challenging the status quo and promoting positive change
• Experience working in a global environment

Skills:

• Customer and Client Focus

• Interpret Relevant Laws, Rules, and Regulations

• Policies, Procedures, and Guidelines

• Problem Solving

• Quality Assurance

• Business Acumen

• Controls Management

• Innovative Thinking

• Process Management

• Stakeholder Management

• Business Process Analysis

• Data Governance

• Data Privacy and Protection

• Data and Trend Analysis

• Risk Analytics

Job Description:

Job Description:

Role Responsibilities:

• Develop and execute a comprehensive strategy for integrating AI into Cyber Threat Defense operations.
• Build and lead a team of AI engineers, data scientists, and security professionals focused on applying AI to threat detection, response automation, and adversarial simulation.
• Partner with GIS operational and technical teams to identify opportunities for AI-driven enhancements to security controls and architecture.
• Lead the design and deployment of AI-powered tools for threat hunting, anomaly detection, and automated incident response.
• Oversee the development and operationalization of custom ML/LLM models tailored to cybersecurity use cases.
• Guide architectural transformations to support scalable AI integration across the enterprise.
• Serve as a thought leader and subject matter expert on AI in cybersecurity, advising senior leadership and influencing enterprise-wide strategy.
• Ensure responsible and ethical use of AI in security operations, including model governance, bias mitigation, and explainability.
• Collaborate with offensive security teams to develop AI-enhanced red teaming and adversarial emulation capabilities.
• Drive innovation in proactive defense mechanisms using predictive analytics and autonomous threat response.

Required Qualifications

• Proven leadership in building and managing AI-focused cybersecurity teams.
• 7+ years of hands on experience in cybersecurity, specifically in Offensive Security or Threat Defense Operations.
• Hands-on experience building agentic AI systems, LLMs, and custom ML model development.
• Strong understanding of offensive security tactics and how AI can enhance red teaming, attack path mapping, and threat modeling.
• Experience leading large-scale technical projects involving security data pipelines, model deployment, and automation.
• Deep knowledge of cyber threat actor behaviors, attack vectors, and defensive countermeasures.
• Ability to translate complex technical concepts into actionable strategies for senior executives.
• Familiarity with AI governance, model risk management, and regulatory considerations in financial services.
• Demonstrated ability to drive consensus across diverse stakeholders and influence enterprise-wide initiatives.
• Strong communication and presentation skills, especially in executive and cross-functional settings.

Desired Qualifications

• Experience with enterprise cloud AI development platforms such as Azure AI Foundry, AWS Bedrock, or GCP Vertex
• Experience with AI-enhanced SOAR (Security Orchestration, Automation, and Response) platforms.
• Experience with modern data platforms, cloud-native architectures
• Familiarity with adversarial machine learning and AI security risks.
• Background in data engineering, feature engineering, and model lifecycle management.
• Prior work in regulated industries with a focus on compliance and risk mitigation.

This job will be open and accepting applications for a minimum of seven days from the date it was posted.

This job is responsible for leading evaluations of cyber security threats and enhancing defensive capabilities to reduce the bank's risk of exposure. Key responsibilities include conducting analyses of the threat environment and threats to the bank, including post incident analysis, applying a multi-faceted situational awareness of cyber security process to protect against threats, and implementing proactive defensive actions for the security, continuity, and confidentiality of information.

Key Responsibilities
• Control Ownership & Governance:
• Own and manage malware controls related to cloud and mobile platforms. Ensure controls are effective, measurable, and aligned with enterprise risk tolerance.
• Threat Management & Response:
• Collaborate with incident response teams to triage and respond to malware threats targeting cloud and mobile environments. Support post-incident reviews and drive improvements.
• Technology Risk Oversight:
• Identify and assess risks associated with cloud and mobile malware threats. Partner with risk and oversight teams to implement mitigation strategies.
• Operational Integration:
• Work across operational teams to integrate malware controls into existing workflows and technologies. Ensure seamless execution and reporting of control effectiveness.
• Metrics & Reporting:
• Develop and maintain operational metrics and dashboards to track control performance. Provide regular updates to leadership and stakeholders.
• Collaboration & Communication:
• Engage with cross-functional teams including GIS, cloud engineering, mobile development, and enterprise risk. Communicate technical findings and strategic recommendations clearly to both technical and non-technical audiences.
• Continuous Improvement:
• Stay current with emerging malware tactics targeting cloud and mobile platforms. Lead initiatives to enhance detection, prevention, and response capabilities.

Minimum 5 Years of Experience

• 5+ years of experience in malware analysis and incident response, with a focus on cloud and/or mobile platforms.
• Strong understanding of cloud service provider security models (AWS, Azure, GCP).
• Experience with mobile malware analysis (Android/iOS), including static and dynamic techniques.
• Familiarity with cloud-native security tools and mobile threat defense platforms.
• Ability to assess malware threats and extract Indicators of Compromise (IoCs).
• Strong documentation and reporting skills.
• Experience working in large enterprise environments with cross-functional teams.

Desired Qualifications
• Experience with sandbox technologies and virtualized analysis environments.
• Knowledge of mobile app reverse engineering tools (e.g., JADX, Frida, MobSF).
• Familiarity with cloud logging and monitoring tools (e.g., CloudTrail, Azure Monitor).
• Experience with SIEM platforms and event correlation.
• Knowledge of forensic artifacts in cloud and mobile environments.
• Experience with mobile security products like Lookout, CrowdStrike Mobile
• Experience with Microsoft Defender, Microsoft Sentinel, AWS Guard Duty, Google Cloud Security Center)

Certifications (Desired but not Required)
• CCSP, CCSK, GPCS, GMOB, GCIH, GREM, GCFA, GCFE, CISSP, or equivalent certifications.

Skills:

• Cyber Security

• Data Privacy and Protection

• Problem Solving

• Process Management

• Threat Analysis

• Access and Identity Management

• Business Acumen

• Interpret Relevant Laws, Rules, and Regulations

• Risk Analytics

• Stakeholder Management

• Data Governance

• Data and Trend Analysis

• Incident Management

• Information Systems Management

• Technology System Assessment

Job Description:

Job Description:

Role Responsibilities:

• Partner with GIS operational and technical teams to identify opportunities for AI-driven enhancements to security controls and architecture.
• Drive the technical implementation of the design and deployment of AI-powered tools for threat hunting, anomaly detection, and automated incident response.
• Oversee the development and operationalization of custom ML/LLM models tailored to cybersecurity use cases.
• Guide architectural transformations to support scalable AI integration across the enterprise.
• Act as a technical expert on AI-driven cybersecurity initiatives, mentoring junior engineers and analysts.
• Prototype and evaluate emerging AI technologies for applicability in cyber threat detection and response.
• Serve as a thought leader and subject matter expert on AI in cybersecurity, advising senior leadership and influencing enterprise-wide strategy.
• Ensure responsible and ethical use of AI in security operations, including model governance, bias mitigation, and explainability.
• Collaborate with offensive security teams to develop AI-enhanced red teaming and adversarial emulation capabilities.
• Drive innovation in proactive defense mechanisms using predictive analytics and autonomous threat response.

Required Qualifications

• 7+ years of hands on experience in cybersecurity, preferably Offensive Security or Cyber Threat Operations
• Hands-on experience building agentic AI systems, LLMs, and custom ML model development.
• Experience with enterprise cloud AI development platforms such as Azure AI Foundry, AWS Bedrock, or GCP Vertex
• Strong understanding of offensive security tactics and how AI can enhance red teaming, attack path mapping, and threat modeling.
• Experience leading large-scale technical projects involving security data pipelines, model deployment, and automation.
• Deep knowledge of cyber threat actor behaviors, attack vectors, and defensive countermeasures.
• Ability to translate complex technical concepts into actionable strategies for senior executives.
• Familiarity with AI governance, model risk management, and regulatory considerations in financial services.
• Experience with modern data platforms, cloud-native architectures, and MLOps frameworks.
• Demonstrated ability to drive consensus across diverse stakeholders and influence enterprise-wide initiatives.
• Strong communication and presentation skills, especially in executive and cross-functional settings.

Desired Qualifications

• Experience with AI-enhanced SOAR (Security Orchestration, Automation, and Response) platforms.
• Familiarity with adversarial machine learning and AI security risks.
• Background in data engineering, feature engineering, and model lifecycle management.
• Experience with open-source AI frameworks (e.g., PyTorch, TensorFlow, LangChain).
• Prior work in regulated industries with a focus on compliance and risk mitigation.

Skills:

• Artificial Intelligence
• Critical Thinking
• Threat Analysis
• Cyber Security
• Data Privacy and Protection
• Data and Trend Analysis
• Stakeholder Management

This job will be open and accepting applications for a minimum of seven days from the date it was posted.

Job Description:

Job Description:

Key Responsibilities:

• Develop and maintain security detection use cases across DLP channels (e.g., endpoint, cloud, network).
• Drive tuning and refinement of detection logic to improve fidelity and reduce false positives.
• Leverage knowledge of proxy architectures and internet connectivity patterns to optimize detection logic, ensure visibility and address evasion techniques.
• Partner with control owners (e.g., DLP, Email, Endpoint) to ensure detection alignment with business risk and policy coverage.
• Design and document automation playbooks to support consistent detection response workflows, ensuring they can be operationalized by the appropriate teams.
• Consult with policy and control owners on new projects and proposed changes to ensure detection coverage remains effective and aligned to data protection requirements.
• Review proposed control changes and new technology integrations to validate they meet detection and monitoring requirements.
• Map detection logic to threat models, including MITRE ATT&CK, and continuously evaluate coverage gaps.
• Collaborate with Response Managers, Threat Intelligence, and Engineering to validate and optimize alerting logic.
• Translate validated adversary behaviors from hunt exercises, threat intelligence, and incident trends into refined detection use cases and tuning strategies.
• Perform targeted detection-focused hunts within DLP channels to validate coverage and identify gaps.
• Review detection health and signal integrity, and lead quality assurance of rule performance.
• Create and maintain runbooks and detection documentation to support SOC operations and audit requirements.
• Provide technical oversight and mentorship to analysts and detection stakeholders across regions.
• Collaborate with audit and risk teams to demonstrate detection control effectiveness and alignment to regulatory expectations.

Core Competencies:

• Strong analytical skills with the ability to identify detection gaps and operational inefficiencies.
• Excellent communication and documentation skills; able to translate technical content for various audiences.
• Proactive, collaborative, and capable of working across global teams.
• Adept at managing competing priorities and leading through influence.

Required Qualifications

• 7+ years of experience in cybersecurity roles with a focus on detection, security operations, or threat response.
• Deep knowledge of SIEM platforms, EDR, DLP, UEBA, and cloud telemetry (e.g., Splunk, CrowdStrike, Symantec, Microsoft Purview, Sentinel, Wiz).
• Experience collaborating with threat hunting or conducting targeted hunts to identify detection gaps and inform use case development
• Familiarity with structured detection logic (EDM, Regex, YARA, Sigma) and signal tuning principles.
• Strong understanding of MITRE ATT&CK and threat-informed defense frameworks.
• Experience in regulated industries (e.g., financial services) preferred.

Skills:

• Cyber Security
• Data Privacy and Protection
• Problem Solving
• Process Management
• Threat Analysis
• Business Acumen
• Data and Trend Analysis
• Interpret Relevant Laws, Rules, and Regulations
• Risk Analytics
• Stakeholder Management
• Access and Identity Management
• Data Governance
• Encryption
• Information Systems Management
• Technology System Assessment

Job Description:

The Critical Application Monitoring Control Specialist role will execute against the Cyber Security Application Monitoring strategy by building detection use case parameters for critical applications. To succeed in this role, you should have enterprise level experience translating business requirements into technical requirements, worked with Splunk and/or other logging technologies, and be able to discuss Cyber Security detections with Application Managers.

You should also possess strong written and verbal communication skills including ability to communicate clearly and concisely to various levels, up to and including executive level management, and explain the need for key controls to technical and non-technical resources.

Technical skills required include but not limited to:
• Enterprise Business Analysis
• Information Security Controls
• Enterprise Risk Management
• Application Security
• Splunk and/or other logging technologies
• Ability to read, understand and interpret application logs

Required Qualifications:
• Minimum of 5 years of enterprise IT or Cybersecurity (preferred) experience
• Previous information technology/application oversight/logging and monitoring experience
• Ability to work both independently as well as part of a team
• Ability to plan, execute and document assessment activities following established processes and procedures

Skills:

• Customer and Client Focus

• Interpret Relevant Laws, Rules, and Regulations

• Policies, Procedures, and Guidelines

• Problem Solving

• Quality Assurance

• Business Acumen

• Controls Management

• Innovative Thinking

• Process Management

• Stakeholder Management

• Business Process Analysis

• Data Governance

• Data Privacy and Protection

• Data and Trend Analysis

• Risk Analytics