Bank Of America Cyber Threat Purple Team 

United States, Illinois, Chicago 

451129001

Required Skills:

• Experience in a technical role in the areas of Security Operations, Detection Engineering, Threat Intelligence, Penetration Testing, Red Teaming, Purple Teaming, Threat Hunting or Incident Response
• A strong understanding of system internals and security mechanisms related to the Windows Operating system and Active Directory
• Experience working with Windows security logging in either a forensic, threat hunt, incident response investigation, or red team operational security research capacity
• Experience querying log sources within large centralized logging platforms, e.g. Splunk, Elastic, Cloudera, SQL
• A strong understanding of networking including how firewalls, load balancers, and proxies function within a large enterprise network
• Understand system and network telemetry generated by Endpoint Detection and Response (EDR) tools
• Demonstrate understanding of Application Allowlisting and Application Control concepts
• Functional understanding of how threat actors gain access, move laterally, privilege escalate, set persistence, and evade defenses to achieve objectives
• Ability to critically examine an organization’s systems through the perspective of a threat actor and articulate risk in a clear and precise manner
• Be able to communicate, both verbally and in written form, technical and risk based information to individuals with a variety of both technical and non-technical backgrounds
• Must be able to both work independently as well as effectively in teams with individuals with a variety of skills and backgrounds
• Ability to see the larger picture when dealing with competing requirements and needs from across the organization in order to build consensus and drive results
• Ability to navigate and work effectively across a complex, geographically dispersed organization
• Demonstrated ability to self-direct, with minimal supervision needed to achieve goals

Desired Skills:

• Background in executing red team or penetration testing engagements
• Hands on experience with offensive security tools such as Metasploit, Burp, Cobalt Strike, Covenant, Sliver, etc
• An interest and willingness to deep drive into the security function around various critical banking systems and technologies such as ATMs
• Experience with large scale data analysis
• Working knowledge of MITRE ATT&CK framework
• Certifications in relevant areas you are passionate about

1st shift (United States of America)