Back to search results

Info Security Exposure Management Specialist, Purple Team

Denver, Colorado;

Job Description:

Are you passionate about working with the best information security team in the world? Bank of America is hiring top talent to join our team.

The Cyber Security Defense (CSD) function within Global Information Security is responsible for all aspects of threat intelligence and monitoring, application and network security, and insider threat. In addition, the CSD team drives out the enterprise-wide cyber exercise program.

As an experienced professional, provide advice to client management with regard to moderately complex security issues. Assists in the review, development, testing and implementation of security plans, products and control techniques. Coordinates the reporting data security incidents. Provides technical support to the client and management and staff in risk assessments and implementation of appropriate data security procedures and products. Monitors existing and proposed security standard setting groups. State and Federal legislation and regulations. Identifies and escalates changes that will affect information security policy, standards and procedures. Executes security controls to prevent hackers from infiltrating company information or jeopardizing e-commerce programs. Researches attempted efforts to compromise security protocols. Administers security policies to control access to systems and maintains the company firewall. Works on complex problems where analysis of situations or data requires an in-depth evaluation of various  factors. Exercises judgment within broadly defined practices and policies in selecting methods, techniques, and evaluation criterion for obtaining results. Work leadership may be provided by assigning work and resolving problems. Typically 5-7 years of IT experience.

Required skills:


• Must have a strong Red Team Penetration Testing background
• Must have experience and be very proficient with the common tools associated with penetration testing (Metasploit, Burp Suite, Cobalt Strike, etc)
• Must have a solid understanding of voice and data networks, major operating systems, active directory, and their associated peripherals
• Must demonstrate knowledge of tactics, techniques, and procedures associated with malicious insider activity, organized crime/fraud groups and both state and non-state sponsored threat actors.
• Must be able to critically examine an organization and system through the perspective of a threat actor and articulate risk in clear, precise terms.
• Must be able to both work independently as well as effectively work in teams with individuals with a variety of skills and backgrounds
• Ability to effectively code in a scripting language (Python, Perl, etc)
• Desirable certifications:  OSCP, GPEN, OSCE
• Previous experience working in the financial industry

Shift:

1st shift (United States of America)

Hours Per Week: 

40

Learn more about this role

Full time

JR-20025296

Manages People: No

Travel: Yes, 5% of the time

Manager:

Talent Acquisition Contact:

Referral Bonus: