Cyber Threat Intelligence (CTI) Rapid Team Technical Analyst

Job Description:

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. Responsible Growth is how we run our company and how we deliver for our clients, teammates, communities and shareholders every day.

One of the keys to driving Responsible Growth is being a great place to work for our teammates around the world. We’re devoted to being a diverse and inclusive workplace for everyone. We hire individuals with a broad range of backgrounds and experiences and invest heavily in our teammates and their families by offering competitive benefits to support their physical, emotional, and financial well-being.

Cyber Threat Hunt Intelligence & Defense (CTHID) works with partners, both internal and external, to reduce risk to the firm and to the financial sector at large. The Rapid team provides timely situational awareness, conducts initial triage and analysis of threats and translates indicators of threat into actionable information to reduce impact to the bank. Stakeholders include cyber-security response teams, internal lines of business, senior leadership and external organizations such as law enforcement, industry peers, key suppliers, customers and intelligence sharing partners. 

The Rapid Cyber Threat Intelligence (RCTI) Technical Analyst serves as a liaison between CTI and Cyber Security Defense (CSD), Cyber Security Assurance (CSA) and Cyber Security Technology (CST) teams, triaging cyber threat intelligence-related collections, communicating updates on breaking situations to Operations Leadership and engaging control owners. Rapid Analysts prepare intelligence updates and analysis on indicators and warnings and serve as CTHID s focal point for situational awareness within the Cyber Threat Operations Center (CTOC). Rapid CTI analysts work as part of a Follow-the-sun model to triage incoming raw and pre-filtered information, data, social media, tips and vendor alerts. Triage analysts collect, assess and prioritize threats, and then communicate assessments in a manner that accurately conveys urgency, severity, and credibility that support CSD controls and inform senior and executive leadership.

Responsibilities: 
•    Work in a tactical/technical role reviewing and cultivating intelligence sources, analyzing information, creating intelligence, and hunting for exposures or related incidents. 
•    Participate with other triage analysts in a follow-the-sun model to provide consistent support for Cyber Security Defense. 
•    Contribute to daily internal stand-up calls, contribute to intelligence briefings for staff and CSD leadership. 
•    Work within the virtual or physical CTOC communicating with internal teams and minimizing response times for critical events. 
•    Operate as part of a team of triage analysts responsible for collecting, assessing, and prioritizing threats, and then communicating that assessment in a manner that accurately conveys urgency, severity, and credibility. 
•    Identify, escalate and debate recommended actions that strengthen controls. 
•    Operate within an established Escalation Matrix to determine report priority and messaging to operations and senior executives throughout Global Information Security and the lines of business and escalate issues to control teams and management in a timely manner with appropriate information regarding risk and impact. 
•    Continually and consistently review triage processes to identify reforms that could add to increased speed, efficiency and accuracy in reporting. 
•    Ensure immediate notifications are followed by in-depth coordination and collaboration with control owners and appropriate business partners and lines of business. 
•    Exercise independent judgment in methods, techniques and evaluation criteria for obtaining results. 
•    Participate in technical bridge lines to facilitate the identification, mitigation and containment of cyber-security incidents. 

REQUIRED SKILLS
•    Technical or information security certifications are a strong plus.
•    Familiarity with JIRA, Python, JAVA and SQL are a strong plus.
•    Minimum 2 years’ experience in information, cyber or physical security. 
•    Minimum 1 year working in a 24/5 or 24/7 operational environment. 
•    Experience with multiple social media platforms and tools to monitor those platforms. 
•    Experience working in a Security Operations, Incident Management or Fusion Center operation.
•    Experience working with vendors and intel providers to manage and enhance operations.
•    Demonstrated reading comprehension and the ability to summarize accurately.

Desired Skills
•    Demonstrable technical proficiency (Information technology, information, cyber or physical security, networking) 
•    Bachelor’s degree or higher-level education. 
•    Excellent organizational and analytical skills. 
•    Ability to communicate (verbal and written) with stakeholders in non-technical terms. 
•    Excellent written and verbal communication and demonstrated presentation skills. 
•    Ability to handle multiple work efforts in a fast-paced environment and to be able to quickly change direction as needed. 
•    Ability to prioritize conflicting tasks. 
•    Exposure to cyber threat intelligence related activities, including Open Source Intelligence and social media monitoring. 
•    Familiarity with cyber threat landscape, geopolitical issues that could have cyber impacts, security vulnerabilities, exploits, malware, digital forensics, network security vulnerabilities, exploits and attacks. 
•    Ability to work in a strong team-oriented environment with a sense of urgency and resilience while being a self-starter and able to work independently. 
•    Ability to work effectively with technical and non-technical business owners.
 

This job will be open and accepting applications for a minimum of seven days from the date it was posted.

Shift:

Hours Per Week: