U.S. Bank Senior Information Security Engineer in Raleigh, North Carolina
U.S. Bank is seeking a Senior Information Security Engineer to join a team of security professionals responsible for delivering Cyber Threat Intelligence (CTI) and Insider Threat Program (ITP) solutions across multiple teams within the Bank’s Cyber Defense organization.
The ideal candidate will be responsible for the delivery of advanced technical security capabilities to the Cyber Defense organization and collaborating with investigation/incident response teams, data scientists, and security analysts in addressing some of the industry’s most complex cyber security issues. Additionally, strong verbal and written communications are vital in providing recommendations and evaluations across audiences of varying technical experience and levels of decision making. This role will also lead the execution of systems engineering project requirements for the quality of deliverables that may include architecture design, system testing and integration, documentation of standards and procedures, vendor engagement and coordination, written proposals and recommendations, and attestation of implemented access or authorization controls; support operations teams for integrating technologies across multi-functional platforms in various scripting, programming, or structured language formats; evaluate resource requirements, system configuration, changes to the security posture of supported technologies, frameworks, security controls, and compliance requirements; execute service management requirements, including the planning, development, and implementation of Service Level Agreements, Key Performance Indicators, Key Risk Indicators, and other various security metrics; and implement appropriate change management procedures and Continuous Service Improvement reviews that support business objectives.
Bachelor's in Computer Science, Engineering, Technical, Mathematics degree programs, or equivalent work experience;
Advanced knowledge in application development, computer engineering, operating systems, or infrastructure technologies;
Understanding of security frameworks and methodologies for controls, compliance, and auditing NIST, ISO 27001, ISA, COBIT, ITIL, and others;
Related industry information security certifications – ISC², GIAC, ECCouncil, OWASP, ISACA, Offensive Security, and others.
Adaptive to a large enterprise environment with the ability to quickly analyze and extract threat information, investigate and interrogate cross-functional security platforms, and apply complex problem solving methods using exceptional critical analysis techniques;
Knowledge with the conduct of network packet and malware analysis, incident response processes, terms and nomenclature to enable automated vulnerability management, or measurement and policy compliance evaluation for security standards;
Knowledge of malicious tactics, techniques, and frameworks or models that support adversarial behavior end exploitation methods, to include persistence, privilege escalation, defense evasion, lateral movements, collection, exfiltration, reconnaissance, exploitation, and command and control;
Knowledge with intelligence processes and techniques that allow for information dissemination of tactical threat indicators and observables, resulting in actionable tasks that are timely, relevant, and accurate;
Ability to document, record, and review drawings and diagrams that depict use cases, activity diagrams, system context, data flows, architecture and infrastructure as-builts, and application or technology deployments;
Ability to meet organizational goals and customer expectations, provides an inclusive workplace that fosters the development of others, facilitates cooperation and teamwork that supports constructive resolution of conflicts, and bring about strategic change within and outside the organization.
Set Yourself Apart With
Knowledge of security controls across multiple information security policies and regulatory requirements - FFIEC, SOX, GLBA, PCI DSS, SSAE 16;
Ability to map and define service support structures for requests, events, incident, and problem management escalation processes;
Ability to identify, document, and review metrics (KPI/KRI/SLA's) to validate operational relevance and implications based on specific Measures of Performance (MOP), Measures of Effectiveness (MOE), and associated indicators to support end-state objectives;
Knowledge of emerging technologies in the security monitoring, event correlation and alert/detection space.
Job: Information Technology
Primary Location: United States
Shift: 1st - Daytime
Average Hours Per Week: 40
Requisition ID: 180013727
U.S. Bank is an Equal Opportunity Employer committed to creating a diverse workforce.
U.S. Bank is an equal opportunity employer committed to creating a diverse workforce. We consider all qualified applicants without regard to race, religion, color, sex, national origin, age, sexual orientation, gender identity, disability or veteran status, among other factors.