דרושים Senior Splunk Engineer ב-Bank Of America ב-United States, Denver

This job is responsible for supporting multiple security engineering efforts to deliver enterprise security capabilities. Key responsibilities include serving as a subject matter expert of security technology, overseeing major engineering milestones including the design, development, and implementation of systems, and reporting on key metrics. Job expectations include executing on engineering initiatives, partnering with cross-functional teams, solving complex issues within one or more security domains, and mentoring team members. Experience with host-based security is highly desired.

Responsibilities:

• Serves as a subject matter expert for one or more security engineering initiatives.
• Understands key business drivers for security engineering in regard to host-based security and proposes system designs, proposes implementation.
• Serves as a knowledge base on host-based vulnerabilities root cause, exploitation techniques and potential mitigation mechanism.
• Serves as a subject matter expert with network traffic analysis (layer 7, Layer 3, Layer 4), attack patterns.
• Possesses understanding of Machine Learning Algorithms.
• Possesses understanding of certificate management, widely used encryption algorithms, digital signatures.
• Possesses understanding of data lake tools, common API protocols.
• Drives complex technical information security projects to ensure on-time delivery and identifies and raises risks and potential vulnerabilities at all stages of the security engineering process.
• Leverages broad knowledge of information security technologies, techniques, and processes and prepares to grow knowledge within one or more security-engineering domains.
• Leads the identification, definition, and documentation of system security requirements.
• Leads work efforts with a diverse set of stakeholders with varying priorities to debate and negotiate paths forward.
• Drives the development and execution of test plans to produce quantitative results and thinks outside the box to develop and implement multiple solutions to complex problems.

Required Qualifications:

• 10+ years of Information Security experience in multiple domains.
• 5+ years of experience configuring endpoint security programs, preference for at least 3 years of experience in CrowdStrike Falcon or similar, i.e.: SentinelOne, MS Defender, Trellix or Symantec Endpoint solutions
• Proven track record of deploying, configuring, and tuning enterprise EDRs
• Experience writing and updating queries using CrowdStrike Query Language, Splunk Query Language or similar
• This is an engineering role that requires designing, configuring and maintaining endpoint tools in production.
• This role also requires solid understanding of networking (Firewall, DNS, Proxy, Log Analysis etc.)

Skills:

• Influence
• Result Orientation
• Solution Design
• Stakeholder Management
• Technical Strategy Development
• Access and Identity Management
• Critical Thinking
• Cyber Security
• Information Systems Management
• Risk Management
• Collaboration
• DevOps Practices
• Financial Management
• Solution Delivery Process
• Test Engineering

This job will be open and accepting applications for a minimum of seven days from the date it was posted.

Job Description:

Job Description:

Our Security Operations and Threat Response team within Bank of America’s Cyber Security Technology function works to continuously strengthen the bank’s cyber security posture through partnership and delivery of technology to support our content detection and threat hunt teams. This team works with partners in Cyber Security Operations to deliver robust technology solutions and support for detection engineering environments and content scenarios.

Required Qualifications:

• Minimum of 6+ years of experience in a technical role in the areas of Security Operations, Incident Response, Content Development or Equivalent Experience in a large Enterprise Splunk Environment performing triage and administrative duties.
• Direct experience performing content detection engineering and threat hunting in an active corporate environment.
• Significant experience working with Splunk Procedure Language to create and tune detections.
• Experience mapping data fields to a common data model such as CEF, OCSF.
• Direct experience working with very large datasets and log analysis tools including but not limited to: Splunk, Python, Pandas, SQL, Hadoop, Hue
• Ability to see the larger picture when dealing with competing requirements and needs from across the organization in order to build consensus and drive results.
• Ability to navigate and work effectively across a complex, geographically dispersed organization.
• Experience with enterprise scale EDR, SIEM, and SOAR tools.
• Experience in requirements gathering around the Splunk tool, documenting requirements, requirement analysis, product testing, etc.
• Splunk Infrastructure Management Experience/Knowledge
• Collaborate with teams to Monitor and optimize the performance of the Splunk environment, to ensure efficient data processing and search capabilities on our search heads.
• Ability to troubleshoot, triage and resolve issues related to Splunk Infrastructure, ensuring high availability and reliability.
• Experience in Splunk enterprise and Splunk Cloud

Data Ingestion and Parsing:

• Design and implement data ingestion strategies for various log sources into Splunk.
• Develop and maintain parsing configurations to normalize and enrich incoming data for effective analysis.
• Collaborate with application owners and IT teams to onboard new data sources into Splunk.
• Search and Reporting:
• Create and optimize search queries and reports to extract valuable insights from the indexed data.
• Customize and implement Splunk dashboards for different stakeholders to visualize key performance indicators and security metrics.

Security and Compliance:

• Implement security best practices within Splunk to safeguard sensitive data.
• Collaborate with the security team to configure and monitor alerts for suspicious activities or security incidents.
• Ensure compliance with industry regulations and internal policies related to log management and data retention.
• Automation and Scripting:
• Develop automation scripts using SPL (Search Processing Language) and other scripting languages to streamline administrative tasks.
• Continuously seek opportunities to improve efficiency through automation in Splunk processes.

Documentation and Training:

• Maintain thorough documentation of Splunk configurations, processes, and troubleshooting procedures.
• Provide training and support to other IT team members on Splunk best practices and usage.
• Experience consuming, analyzing, and reporting Cyber Threat Intelligence for actionable takeaways
• Demonstrated ability to self-direct, with minimal supervision to achieve assigned goals.

Desired Qualifications:

• Experience with offensive security tools and integration of SIEM, SOAR, CSPM and other technical integrations within large enterprise networks.
• Knowledge of basic Data Science concepts and processes.
• Experience performing security analysis and threat hunting in Cloud environments such as Azure, M365, AWS
• Experience Maintaining KV Stores.
• Experience Performing Regular Updates/Upgrades on Splunk Apps and Add-ons. As well as the Splunk environment as a whole.

Skills:

• Influence
• Result Orientation
• Solution Design
• Stakeholder Management
• Technical Strategy Development
• Access and Identity Management
• Critical Thinking
• Cyber Security
• Information Systems Management
• Risk Management
• Collaboration
• DevOps Practices
• Financial Management
• Solution Delivery Process
• Test Engineering

This job will be open and accepting applications for a minimum of seven days from the date it was posted.

Job Description:

Job Description:

Role Description:

As the development lead, you will drive the strategic vision for a multi environment platform that integrates security tools, telemetry, automation, and analytics into a unified experience. You will collaborate closely with SOC analysts, threat hunters, incident responders, and security engineers to ensure that the interface meets operational needs while reducing friction and improving response times.

Skills

• Deep expertise in cybersecurity operations, threat detection, and incident response workflows.
• Proven experience designing and deploying platforms that integrate SIEM, SOAR, TIP, EDR, and cloud-native telemetry
• Strong understanding of federated data access, log normalization, and real-time streaming (e.g., Cribl, Kafka)
• Familiarity with LLM orchestration frameworks (e.g., LangChain, LlamaIndex) and AI/ML-driven analytics
• Experience with advanced SOAR Playbooks and/or AI Agents.
• Experience with data modeling, schema mapping, and field correlation across hybrid/multi-cloud environments
• Strong interpersonal and executive communication skills; ability to translate technical vision into business value
• Demonstrated ability to lead cross-functional teams of engineers, data scientists, and security analysts
• Experience with agile development, DevSecOps, and secure software lifecycle practices
• Experience developing technology for MDR, or other large scale cybersecurity platform software providers.

Roles & Responsibilities

• Partner to lead the development of an AI-augmented threat hunting and security operations platform that unifies telemetry, automation, and analytics
• Architect and oversee the integration of federated data sources across cloud, on-prem, and legacy environments
• Collaborate with cybersecurity teams and engineering teams to define use cases for LLMs in threat detection, log correlation, and contextual enrichment
• Drive the implementation of a modular, scalable platform that supports real-time streaming, historical search, and AI-assisted investigation
• Champion the use of structured data models and field taxonomies (e.g., OCSF, ECS) to enable semantic search and automation
• Integrate LLMs to support use cases such as data cataloging, field mapping, log summarization, and hypothesis-driven hunting
• Establish performance metrics and feedback loops to continuously improve platform usability, detection efficacy, and analyst productivity
• Partner with SOAR teams to develop agent-based playbooks for automated context gathering and response
• Ensure platform security, compliance, and auditability across all integrated components

Required Qualifications:

• 10+ years of experience in cybersecurity engineering, threat detection, or security platform development
• 7+ years of leadership experience managing cross-functional technical teams
• Strong background in building or integrating security data platforms (e.g., Splunk, Elastic, Chronicle, Snowflake, Anvilogic)
• Experience with cloud-native security architectures (AWS, Azure, GCP) and hybrid infrastructure
• Familiarity with LLMs, vector databases, and AI/ML pipelines for security use cases
• Hands-on experience with log streaming, data normalization, and federated search technologies (e.g., Cribl, Trino, Anvilogic)
• Deep understanding of SOC workflows, threat hunting methodologies, and MITRE ATT&CK framework
• Experience with API-based integrations, open-source security tooling, and secure platform design
• Secure Coding experience.

Managerial Responsibilities:
This position may also have responsibilities for managing associates. At Bank of America, all managers at this level demonstrate the following responsibilities, in addition to those specific to the role, listed above.

• Opportunity & Inclusion Champion: Models an inclusive environment for employees and clients, aligned to company Great Place to Work goals.
• Manager of Process & Data: Demonstrates deep process knowledge, operational excellence and innovation through a focus on simplicity, data based decision making and continuous improvement.
• Enterprise Advocate & Communicator: Communicates enterprise decisions, purpose, and results, and connects to team strategy, priorities and contributions.
• Risk Manager: Ensures proper risk discipline, controls and culture are in place to identify, escalate and debate issues.
• People Manager & Coach: Provides inspection, coaching and feedback to motivate, differentiate and improve performance.
• Financial Steward: Actively manages expenses and budgets in alignment with objectives, making sound financial decisions.
• Enterprise Talent Leader: Assesses talent and builds bench strength for roles across the organization.
• Driver of Business Outcomes: Delivers results by effectively prioritizing, inspecting and appropriately delegating team work.

Skills:

• Influence
• Risk Management
• Solution Design
• Stakeholder Management
• Technical Strategy Development
• Analytical Thinking
• Application Development
• Collaboration
• Result Orientation
• Solution Delivery Process
• Agile Practices
• Architecture
• Automation
• Data Management
• DevOps Practices

This job will be open and accepting applications for a minimum of seven days from the date it was posted.

Job Description:

Job Description:

This senior technical role is responsible performing and leading ethical hacking assessments of the bank's technologies, applications, and cyber security controls while adapting testing methods to evolving and emerging threats. Key responsibilities include leading and performing research, understanding the bank's security policies, working with appropriate partners to complete assessments and simulations, identifying misconfigurations and vulnerabilities, and reporting on associated risk. These individuals partner closely with security partners, CIO clients and multiples lines of business. These individuals are expected to perform application security-oriented dynamic and static assessments across a multitude of technologies including web UI, web APIs, mobile and cloud, including associated source code.

Key Responsibilities in order of importance:

• Perform assigned analysis of internal and external threats on information systems and predict future threat behavior.
• Incorporate threat actors' tactics, techniques, and procedures into offensive security testing to identify high-value vulnerabilities/chained attacks.
• Developing Proof-of-concepts for exploitation.
• Perform assessments of the security, effectiveness, and practicality of multiple technology systems.
• Leverage innovative thinking to help solve problems or introduce new ideas to processes or products applicable to offensive security.
• Prepare and present detailed technical information for various media including documents, reports, and notifications.
• Provide clear and practical advice regarding managing risks.
• Learn and develop advanced technical and leadership skills, mentor Junior and Intermediate assessors in technical tradecraft and soft skills.
• Respond to security incidents and provide technical assistance to leadership across the Information Security organization.

Required Skills:

• Minimum of 5+ years of professional pentesting, application security or ethical hacking experience, preferably in a large, complex, enterprise environment
• Detailed technical knowledge in at least 5 of the following areas:
  • security engineering
  • application architecture
  • authentication and security protocols
  • application session management
  • applied cryptography
  • common communication protocols
  • mobile frameworks
  • single sign-on technologies
  • exploit automation platforms
  • Web APIs
  • Cloud environments
  • LLM security
• Able to manually identify and reproduce findings, discuss remediation concepts, develop PoCs for vulnerabilities, use scripting/coding techniques, proficiently execute common penetration testing tools, triage, and support incidents, and produce high value findings
• Experience performing manual web application assessments i.e., must be able to simulate a OWASP Top 10 vulnerabilities without the use of tools
• Experience performing manual code reviews for security relevant issues
• Experience working with DAST and SAST tools to identify vulnerabilities
• Knowledge of network and Web related protocols/technologies (e.g., UNIX/LINUX, TCP/IP, Cookies)
• Experience with vulnerability assessment tools and penetration testing techniques.
• Solid programming/debugging skills, development frameworks, CVE and CWE research/reproduction
• Threat Analysis, threat modelling and SBOM analysis
• Innovative thinking, threat actor simulation
• Technology Systems Assessment
• Technical Documentation
• Advisory

Desired:

• CEH, OSCP/OSCE/OSWE/GXPN/GPEN/GWAPT/GMOB/All Practitioner Certs [Port Swigger BSP Academy]/Cloud Cert(s)/ eWPT; eWPTX; eMAPT [INE Pentester Academy]
• Strong programming/scripting skills

This job will be open and accepting applications for a minimum of seven days from the date it was posted.

This job is responsible for supporting multiple security engineering efforts to deliver enterprise security capabilities. Key responsibilities include serving as a subject matter expert of security technology, overseeing major engineering milestones including the design, development, and implementation of systems, and reporting on key metrics. Job expectations include executing on engineering initiatives, partnering with cross-functional teams, solving complex issues within one or more security domains, and mentoring team members. Experience with host-based security is highly desired.

Responsibilities:

• Serves as a subject matter expert for one or more security engineering initiatives.
• Understands key business drivers for security engineering in regard to host-based security and proposes system designs, proposes implementation.
• Serves as a knowledge base on host-based vulnerabilities root cause, exploitation techniques and potential mitigation mechanism.
• Serves as a subject matter expert with network traffic analysis (layer 7, Layer 3, Layer 4), attack patterns.
• Possesses understanding of Machine Learning Algorithms.
• Possesses understanding of certificate management, widely used encryption algorithms, digital signatures.
• Possesses understanding of data lake tools, common API protocols.
• Drives complex technical information security projects to ensure on-time delivery and identifies and raises risks and potential vulnerabilities at all stages of the security engineering process.
• Leverages broad knowledge of information security technologies, techniques, and processes and prepares to grow knowledge within one or more security-engineering domains.
• Leads the identification, definition, and documentation of system security requirements.
• Leads work efforts with a diverse set of stakeholders with varying priorities to debate and negotiate paths forward.
• Drives the development and execution of test plans to produce quantitative results and thinks outside the box to develop and implement multiple solutions to complex problems.

Qualifications:

• 10+ years of Information Security experience in multiple domains.
• Hands on experience with host-based protection, detection tools.
• Hands on experience with Cloud and Mobile Security.
• Hands on experience with automation.
• Hands on experience with query languages.
• This is an engineering role that requires designing, configuring and maintaining endpoint tools in production.
• This role also requires solid understanding of networking (Firewall, DNS, Proxy, Log Analysis etc.)

Skills:

• Influence
• Result Orientation
• Solution Design
• Stakeholder Management
• Technical Strategy Development
• Access and Identity Management
• Critical Thinking
• Cyber Security
• Information Systems Management
• Risk Management
• Collaboration
• DevOps Practices
• Financial Management
• Solution Delivery Process
• Test Engineering

Job Description:

Job Description:

The Release Train Engineer is responsible for optimizing the flow of epics, features, and the value delivered by a smaller Agile Release Train, such as a Solution Train.

Key responsibilities include:

• Coordinating and facilitating the Solution Train ceremonies, managing dependencies, providing visibility into the health of epic and feature delivery and the overall program increment
• Promoting agile principles and mindsets through coaching
• Job expectations include ensuring impediments to epic and feature delivery are resolved quickly to avoid disruptions
• Organization of work objectives, coordinating delivery, facilitating sync points across teams, providing end-to-end visibility into the health of the deliverables, and managing program risk

• Guides and coaches leaders, teams, and Scrum Masters in the Agile Release Train on Agile practices and develops their understanding of Agile principles
• Executes program increment session for release train and facilitates Agile release train ceremonies
• Provides status updates regarding Agile Release Train plans, delivery, timelines, and impediments to stakeholders and leadership while communicating within the Agile Release Train to support delivery against program commitments
• Manages risk including dependency management, impediment removal, and compliance with Enterprise Change Management and other policy requirements
• Measures Agile Release Train delivery, maturity, and performance and reviews the metrics with the Agile Release Train to identify improvement opportunities
• Collaborates with the product management team and ensures the program has a healthy product and program backlog
• Defines norms and agreements for the Agile Release Train and enforces the agreements
• Facilitates communication and collaboration across organizations to support the deliverable completion and timeline

Required Qualifications:

• 5+ years of experience in Technology change management, following the BofA Enterprise Change Policy
• 5+ years of experience with Enterprise Change Management tools such as JIRA, and ITSM Remedy (e.g., Release Manager, Change Management, Incident Management) application tools
• 5+ years of experience working on a Technology team supporting application or infrastructure components in various roles such as Technology Project Manager (TPM) or as a Test lead, or Release change lead

Desired Qualifications:

• Technology Project Management skills with emphasis on the understanding of the BofA Change Lifecycle
• Strong organizational skills
• Strong verbal and written skills; able to lead conference calls with confidence
• Able to drive the successful closure of issues that impact their space or change event
• Independent worker, self-motivated
• Able to work closely with onshore U.S. and global partners, with emphasis on building strong relationships and exchanging information

Skills:

• Critical Thinking
• Data Privacy and Protection
• Information Systems Management
• Problem Solving
• Technology System Assessment

This job will be open and accepting applications for a minimum of seven days from the date it was posted.