דרושים Cyber Threat Intelligence Technical Analyst ב-Bank Of America ב-United States, Colorado, Denver

Candidate must be willing to enroll in Associate Investment Monitoring due to the nature of the role and access.

What You’ll Do

• Analyze and Respond: Complete daily, continuous analysis of Endpoint Data Loss Prevent events (and others) with accurate results within the defined business SLA.
• Team Up for Impact: Collaborate with cyber security teams to drive both immediate and long-term global information security goals.
• Quality First: Participate in and contribute to the peer review process to maintain consistently high QA results.
• Close the Gaps: Identify and escalate potential policy gaps and enhancements to adapt to evolving risk landscapes.
• Share & Learn: Engage actively in team discussions and knowledge sharing to elevate group expertise.
• See the Bigger Picture: Use event metrics, escalation data, and trend analysis to proactively recommend, design, and implement improvements that reduce risk.

Why You’ll Love Working Here

• Global Impact: Your work will protect systems and data across multiple countries and industries.
• Collaborative Culture: Work alongside smart, driven peers who genuinely value teamwork.
• Hook Interest: Work within a technically complex, fast changing, and dynamic environment.
• Room to Grow: Opportunities to deepen expertise and influence global policies on a team that actively supports advancement.
• Flexibility: Hybrid friendly with opportunities for global collaboration.

Required Qualifications

• Experience: 3+ years of experience in information security or a related technology field.
• Breadth of Knowledge: Strong understanding of different security domains and industry leading DLP technologies.
• Threat Savvy: Experience spotting threats, vulnerabilities, and exploitation methods.
• Tech Literacy: Solid grasp of networking, system security, vulnerabilities, exploits, and common attack vectors.
• Problem-Solving Mindset: Intellectual curiosity, critical thinking, and a drive for proactive solutions.
• Communication Skills: Strong written and verbal skills; able to present technical topics to audiences of all levels.
• Self-Starter Energy: Comfortable navigating a geographically diverse, complex global corporation while collaborating effectively.

Desired Qualifications

• Certifications –Security+, Network+, CEH, CISSP, CySA+, CISA, CCNA, CCNP
• Familiarity with McAfee ePolicy Orchestrator (ePO) – Incident Manager
• Familiarity with Confluence / SharePoint
• Experience with Splunk
• Familiarity with JIRA
• Cloud security understanding with knowledge of CASB and DRM solutions

Skills:

• Cyber Security
• Data Privacy and Protection
• Problem Solving
• Process Management
• Threat Analysis
• Business Acumen
• Data and Trend Analysis
• Interpret Relevant Laws, Rules, and Regulations
• Risk Analytics
• Stakeholder Management
• Access and Identity Management
• Data Governance
• Encryption
• Information Systems Management
• Technology System Assessment

This job will be open and accepting applications for a minimum of seven days from the date it was posted.

Job Description:

Seeking a detail-oriented and proactive team member to help transform business data into clear, actionable insights. This role is responsible for supporting the creation, improvement, and automation of recurring reports, helping leaders make data-driven decisions. Generally requires 5 years of experience.

Key Responsibilities:
• Maintain and enhance recurring business reports to ensure stakeholders receive accurate and timely insights.
• Streamline and automate reporting processes to improve efficiency and reduce manual effort.
• Collaborate with team members and business partners to understand reporting needs and develop solutions that provide clarity and value.
• Support data organization and visualization efforts to help teams easily access and interpret information.
• Identify opportunities to improve reporting processes and deliver actionable recommendations.

REQUIRED QUALIFICATIONS
•
Experience in Alteryx, Tableau and SharePoint
• Strong attention to detail and organizational skills.
• Ability to work independently while collaborating with multiple stakeholders.
• Comfortable learning and working with tools that help organize, visualize, and automate data (experience with reporting or dashboards is a plus).
• Problem-solving mindset and eagerness to improve processes.

Your work will directly support business decisions by providing timely, clear, and accurate reporting. By improving and automating existing processes, you will help the team work more efficiently and focus on driving results.

Job Description:

Job Description:

The Cyber Security Regulatory Engagement Lead is responsible for developing and supporting responses for audit, regulatory and compliance requests. Key responsibilities include applying knowledge of laws, rules, regulations and information security concepts (e.g., NIST, COBIT, ISO) to develop and write clear documentation and communications. Job expectations include drafting written responses and partnering with Global Information Security teams to validate accuracy of proposed communications.

Responsibilities:

• Responsible for applying prior Cyber Security and/or Technology Infrastructure knowledge, and an understanding of law, rules and regulations (LRRs) to support the regulatory, audit and compliance requests.
• Will be expected to quickly prioritize work and execute process on time.
• Prior experience supporting information security or technology-related policies in a regulated environment is expected. This role will be require the candidate to partner internal stakeholders and senior leaders, analyze and convey complex data elements and information security topics, and develop and report on adherence activities against assigned tasks.
• While this is an individual contributor role, prior experience serving as a Lead or Functional Manager is required

Requirements:

• 7+ years of professional experience including at least 2 years as a Lead or Functional Manager
• Experience supporting Information Security policy, including Laws, Rules and Regulations in a regulated environment, strong preference for financial services
• Demonstratable knowledge of key information security concepts (e.g., NIST, COBIT, ISO)
• Ability to analyze and interpret, applicable laws, rules, and regulations and align to policies.
• Ability to provide legal and regulatory guidance in connection with firm policies, procedures, and guidelines.
• Ability to identify, understand and prioritize the needs of internal, external, prospective and existing customers in order to provide solutions, resolve problems, and address questions.
• Ability to draw upon past knowledge and experiences to find a solution and define a path of action.
• Ability to analyze and interpret data and trends and use insights gathered to inform and communicate statistical analysis results and/or predictions.
• Strong interpersonal skills with prior experience communicating and interfacing with senior leaders and technically minded SMEs in a IT based Policy Governance Lifecycle
• Ability to deep-dive and deconstruct complicated process to identify and validate adherence to LRRs and Policy

Skills:

• Clear written communication
• Interpret Relevant Laws, Rules, and Regulations
• Policies, Procedures, and Guidelines
• Problem Solving
• Quality Assurance
• Business Acumen
• Controls Management
• Innovative Thinking
• Process Management
• Stakeholder Management
• Business Process Analysis
• Data Governance
• Data Privacy and Protection
• Data and Trend Analysis
• Risk Analytics

This job will be open and accepting applications for a minimum of seven days from the date it was posted.

Job Description:

The Third Party Cyber Assurance Tech Manager is responsible for managing a portfolio of assessors charged for executing information security assessments with the bank's third parties located within the United States, LATAM and Canada. In this role, you will provide tactical

• Identification of process optimization opportunities, including technology and work flow enhancements
• Work across the assessment and remediation verticals to ensure processes are aligned to meet TPCA procedures end-to-end
• Assist with resource planning to ensure the program has the necessary resources to effectively execute their assessments
• Stay aware of emerging cybersecurity trends and help determine if/when to integrate item into the assessment program
• Support inquiries into the programs operations and/or assessment results from internal risk and support partners from GIS and the LOBs

• Experience communicating to Sr. Management
• Experience working within the risk framework to execute assessments
• Strong people management skills
• Ability to work independently on initiatives with little oversight; motivated and willing to learn
• Strong analytical skills/problem solving/conceptual thinking
• Must be comfortable in delivering messages across a wide spectrum of individuals having varying degrees of technical understanding
• Ability to direct personnel towards a set of goals and hold them accountable
• Experience developing and implementing new processes/procedures
• Experience working with global and/or virtual teams.

• Ability to work with Technical and Non-Technical business owners
• Experience in Sourcing/Vendor Management, Business Continuity & recovery, Data Transmission, Privacy domains
• Experience supporting regulatory or sector policy initiatives.
• Experience with assessments based on relevant threat intelligence (network penetration testing, Red Teaming, etc.).

Job Description:

Job Description:

Role Responsibilities

Required Skills:

• Direct experience performing threat hunting in an active corporate environment.
• 8+ years of experience in a technical role in the areas of Security Operation, Incident Response, Detection Engineering, Offensive Security/Red Team, or Cyber Threat Intelligence.
• Experience analyzing system, network, and application logging for attack techniques at all stages of the cyber kill chain.
• Direct experience working with very large datasets and log analysis tools including but not limited to: Splunk, Python, Pandas, SQL, Hadoop, Hue.
• Experience consuming and analyzing Cyber Threat Intelligence for actionable takeaways
• Ability to apply Cyber Threat Intelligence through enrichment, correlation, and attribution
• Familiarity with offensive security strategies and assessment methodology
• Experience explaining threat hunt objectives in plain English and able to communicate associated risk.
• Ability to see the larger picture when dealing with competing requirements and needs from across the organization in order to build consensus and drive results.
• Ability to navigate and work effectively across a complex, geographically dispersed organization.
• Experience with more than one or more enterprise scale EDR and SIEM tools.
• Previous experience performing digital forensics or indecent response on major security incidents.
• Demonstrated ability to self-direct, with minimal supervision to achieve assigned goals.

Beneficial but not required:

• Knowledge of basic Data Science concepts and processes.
• Experience with offensive security tools such as Cobalt Strike/Metasploit, techniques such as OSINT, and the methods used to compromise large enterprise networks.
• Experience performing security analysis and threat hunting in Cloud environments such as Azure, M365, AWS

This job will be open and accepting applications for a minimum of seven days from the date it was posted.

Job Description:

Job Description:

This is a highly technical role that requires broad technical knowledge and a deep understanding of threats and threat TTPs. You will lead and participate in advanced technical assessments that leverage red team, penetration testing, and vulnerability assessment tools and techniques to identify hi-risk vulnerabilities across a variety of technologies.You will coordinate with senior leadership on development projects, share your knowledge and experience by mentoring junior engineers, and assist the monitoring and response functions so those functions can practice and improve their capability to respond and recover against a realistic threat actor.

Required Skills:

• 5+ years of professional offensive security experience
• Must be able to critically examine an organization and system through the perspective of a threat actor and articulate risk in clear, precise terms to technical and non-technical audience.
• Must be very proficient with the common tools associated with red teaming, penetration testing, and vulnerability assessments (Metasploit, Burp Suite, Cobalt Strike, Kali, etc.).
• Must have a solid understanding of voice and data networks, major operating systems, active directory, their associated peripherals, and strong desire to learn new technologies and skill sets.
• Must demonstrate knowledge of tactics, techniques, and procedures associated with malicious insider activity, organized crime/fraud groups, and both state and non-state sponsored threat actors. Knowledge of MITRE ATT@CK framework.
• Ability to effectively code in a scripting language (Python, Perl, etc.)
• Advisory
• Innovative Thinking
• Technical Documentation
• Technology System Assessment
• Threat Analysis

Desirable Skills:

• Certifications: OSCP, GPEN, GXPN, OSCE, GWAPT,
• Ability to work remotely if/when necessary,
• Previous experience working in the financial industry,
• Typically has 5-10 years of experience in technology and offensive security assessments

This senior technical role is responsible for leading and performing assessments of the bank's technologies, applications, and cyber security controls while adapting testing methods to evolving and emerging threats. Key responsibilities include leading and performing research, understanding the bank's security policy, working with appropriate partners to complete assessments and simulations, identifying misconfigurations and vulnerabilities and reporting on associated risk. These individuals partner closely with security partners, CIO clients and multiples lines of business.