Attack Surface Visibility and Analysis - Info Security Exposure Mgmt Sr Specialist

Job Description:

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. Responsible Growth is how we run our company and how we deliver for our clients, teammates, communities and shareholders every day.

One of the keys to driving Responsible Growth is being a great place to work for our teammates around the world. We’re devoted to being a diverse and inclusive workplace for everyone. We hire individuals with a broad range of backgrounds and experiences and invest heavily in our teammates and their families by offering competitive benefits to support their physical, emotional, and financial well-being.

Bank of America believes both in the importance of working together and offering flexibility to our employees. We use a multi-faceted approach for flexibility, depending on the various roles in our organization.

Working at Bank of America will give you a great career with opportunities to learn, grow and make an impact, along with the power to make a difference. Join us!

Position Summary

The Attack Surface Visibility and Analysis team is responsible for data mining efforts to identify and understand the firm’s Attack Surface. You will leverage tools like Hue (Hive and Impala), Power BI, SQL Server, Cloudera, .NET and Python to design, create and prepare queries and visualizations for other Global Information Security groups, under the supervision of the Attack Surface Visibility and Analysis Manager. Work as part of a team developing methods to quickly reference systems of record (SOR’s), systems of origin (SOO’s) and other available data stores for a comprehensive reliable and timely view of the Bank’s attack surface and vulnerability exploitability potential, with the goal of enabling answers to the following three questions as quickly as possible.

• Do we have it?
• Are we vulnerable?
• Is it exploitable?

The position will also focus on

• Automation of research activities and improved integration into vulnerability management processes
• Collaboration with stakeholders to create repeatable and defensible processes to identify asset-specific risks and mitigating factors within the environment.
• Drive thought leadership on how existing vulnerability management activities can adapt to effectively meet operational demands or dependencies and improved risk analysis and stratification
• Development of feedback loops to accountable teams when research uncover areas of concern, including data quality issues.
• Proactive identification of improvement opportunities based on past experience and future expectations, leading to enhanced tools & processes
• Leverage expertise in data and asset analysis to develop proactive vs. reactive pathways for escalation of hidden gaps in controls or processes.
• Develop proof of concept or tactical reporting and, upon successful testing, work to transition to enterprise level tooling teams.
• Ability to communicate clearly and effectively with both technology/development and business partners.

A successful candidate will be team oriented, collaborative, persistent, analytical, and detail oriented such that development efforts and deliverables meet deadlines, accuracy, and specified purpose.

Qualifications:

• 10 years of IT experience with a minimum of 5 years of those focused on IT system development work with large data stores. Candidate must also be able to perform analysis against result sets to identify gaps, trends, or actionable information.
• Hands-on experience with large datasets and tools including data ingestion (batch & real time), transformation and delivery
• Exceptional executive presentation and communication skills
• Excellent influencing and problem resolution skills
• SQL development
• MS-Reporting Services (SSRS) 
• MS-Integration Services (SSIS)
• Hue (Hive and Impala)
• Strong analytical skills/problem solving/conceptual thinking.
• Ability to perform analysis against result sets to identify gaps, trends, or actionable information. 

Desired:

• Degree in Computer Science, Information Technology or equivalent experience

Skills:

• Critical Thinking
• Customer and Client Focus
• Information Systems Management
• Problem Solving
• Threat Analysis
• Cyber Security
• Policies, Procedures, and Guidelines Management
• Quality Assurance
• Risk Analytics
• Technology System Assessment
• Business Acumen
• Business Intelligence
• Data Privacy and Protection
• Data and Trend Analysis
• Stakeholder Management

Enterprise Role Overview:

This job is responsible for assessing the bank's technologies, applications, and overall security controls to identify potential risks and vulnerabilities that may impact Bank of America's information security. Key responsibilities include understanding and complying of the Bank’s Global Information Security policy and relevant cyber security threats to complete security assessments. Job expectations include providing expert technical guidance to support partners and adapting testing methods to emerging cyber security regulations and evolving threats, while developing others on the team.

Shift:

Hours Per Week: