Job Description:
The Attack Surface Visibility and Analysis team is responsible for data mining efforts to identify and understand the firm’s Attack Surface. You will leverage tools like Hue (Hive and Impala), Power BI, SQL Server, Cloudera, .NET and Python to design, create and prepare queries and visualizations for other Global Information Security groups, under the supervision of the Attack Surface Visibility and Analysis Manager. Work as part of a team developing methods to quickly reference systems of record (SOR’s), systems of origin (SOO’s) and other available data stores for a comprehensive reliable and timely view of the Bank’s attack surface and vulnerability exploitability potential, with the goal of enabling answers to the following three questions as quickly as possible.
- Do we have it?
- Are we vulnerable?
- Is it exploitable?
The position will also focus on
- Automation of research activities and improved integration into vulnerability management processes
- Collaboration with stakeholders to create repeatable and defensible processes to identify asset-specific risks and mitigating factors within the environment.
- Drive thought leadership on how existing vulnerability management activities can adapt to effectively meet operational demands or dependencies and improved risk analysis and stratification
- Development of feedback loops to accountable teams when research uncover areas of concern, including data quality issues.
- Proactive identification of improvement opportunities based on past experience and future expectations, leading to enhanced tools & processes
- Leverage expertise in data and asset analysis to develop proactive vs. reactive pathways for escalation of hidden gaps in controls or processes.
- Develop proof of concept or tactical reporting and, upon successful testing, work to transition to enterprise level tooling teams.
- Ability to communicate clearly and effectively with both technology/development and business partners.
Qualifications:
- 10 years of IT experience with a minimum of 5 years of those focused on IT system development work with large data stores. Candidate must also be able to perform analysis against result sets to identify gaps, trends, or actionable information.
- Hands-on experience with large datasets and tools including data ingestion (batch & real time), transformation and delivery
- Exceptional executive presentation and communication skills
- Excellent influencing and problem resolution skills
- SQL development
- MS-Reporting Services (SSRS)
- MS-Integration Services (SSIS)
- Hue (Hive and Impala)
- Strong analytical skills/problem solving/conceptual thinking.
- Ability to perform analysis against result sets to identify gaps, trends, or actionable information.
Desired:
- Degree in Computer Science, Information Technology or equivalent experience
Skills:
- Critical Thinking
- Customer and Client Focus
- Information Systems Management
- Problem Solving
- Threat Analysis
- Cyber Security
- Policies, Procedures, and Guidelines Management
- Quality Assurance
- Risk Analytics
- Technology System Assessment
- Business Acumen
- Business Intelligence
- Data Privacy and Protection
- Data and Trend Analysis
- Stakeholder Management
1st shift (United States of America)