Cyber Crime Specialist (Data Analytics exp required)

Our Cybercrime Disruption & Response team within Bank of America’s Cyber Crime Defense function works to continuously strengthen the bank’s cybercrime posture through research, use of threat intelligence, and extensive use of data analysis. This team works with partners throughout the bank to both discover and develop mitigations from threats to help detect, prevent cybercrime and fraud from taking advantage of our customers or infrastructure.

The position of Cybercrime Identification Specialist is responsible for analyzing and correlating large data sets to uncover threats and attack techniques under the mentorship of more senior members of the Cybercrime Disruption & Response team. A Cybercrime Identification Specialist will be tasked with collaborating with data science, threat research, and fraud teams to identify opportunities to develop analytical methods to detect advanced threat actors who utilize emerging tactics and techniques. In support of these processes, the role will also include developing and documenting new and innovative threat detection hypotheses to increase the team’s ability to find existing threats that are otherwise going unidentified or unnoticed.

External engagement in sharing and collaborating with other members of critical infrastructure will be key in helping fight cybercrime has a whole across the industry. The role will work with all Cybercrime Defense and line of business fraud teams to gain insight into critical security controls and architectural specifics to develop valuable identification strategies and analytics that identify malicious behavior accurately while maintaining a low false positive rate. This role advises on new fraud strategies and controls that may enhance detection or prevent cybercrime that attempt to take advantage of our customers or infrastructure. This role will be a thought leader in the design of cutting-edge detective, preventative, and proactive controls.

Enterprise Role Overview:

Assists with analysis to help advise the enhancement of fraud controls and improvement of proactive security controls to prevent external threat actors from compromising customer information, company information or systems. Conducts research and provides leadership updates regarding advanced attempts/efforts to compromise customers or clients. Provides status updates and recommendations to the leadership team regarding new attack trends, impact of fraud or money laundering. Follows standard practices and procedures in analyzing situations or data. Typically has 1-3 years of relevant experience and will act as an individual contributor.

• Maintain an operational understanding of social engineering techniques and tradecraft, including familiarity with latest attack trends

• Manage operational risks related to ongoing social engineering disruption and response actions and implement mitigation steps

• Review collected technical data to identify potential indicators of threat activity, and evaluate threats for response options

• Assess third party communications and motivations, identify social engineering tradecraft and guide response activities

• Prepare in-depth threat activity reports detailing social engineering activities, identified indicators, victim identification, and other relevant essential elements of information (EEIs)

• Apply active defense models to Deny, Degrade, Disrupt, and Deter (4D) threat actors’ efforts

• Ensure latest approved social engineering tradecraft is being employed correctly and legally

• Identify novel social engineering tradecraft for inclusion in GIS threat reporting

• Coordinate cyber-crime disruption efforts, integrating global teams and operations groups managing complex problem sets

• Enable cross-functional stakeholders to identify gaps, develop solutions, and facilitate implementation

• Establish trusted relationships with key cross-functional business partners including multiple product teams, regional offices, and support functions

• Leverage knowledge of information security principles to mitigate financial crime and cyber-crime related activities

• Lead collaboration with peers, industry associations, law enforcement, and other trusted groups

• Build strategic partnerships across the company to reduce operational exposure to cyber-crime

• Must be comfortable delivering messages across a wide spectrum of individuals having varying degrees of technical understanding

• Prepare and present on social engineering threat activities relative to company customers and clients

Required Qualifications:

• Experience with transactional data and data analytics.

• 3+ years of experience in a technical role in the areas of Fraud detection, Threat hunting. Security Operations, Incident Response, Detection Engineering, DevSecOps, Security Engineering, and/or Cyber Threat Intelligence.

• Direct experience working with various data management systems that include but are not limited to: IBM DB2, SQL Server, Python, Azure Cosmos DB, Hadoop, Teradata, Oracle, MySQL (MariaDB), and MongoDB,

• Proficiency in the Python programming language including a solid understanding of object-oriented programming, data classes, test-driven development, performance testing, and continuous integration/development.

• Proficiency with various Python data analytics and visualization libraries, frameworks, and tools that include but are not limited to: Pandas, NumPy, scikit-learn, matplotlib, seaborn, d3, and JupyterHub.

• Experience explaining complex ideas, methods, processes, and workflows to peers and management.

• Ability to drive large projects while dealing with competing requirements, priorities, and needs from across the organization in order to drive results.

• Ability to navigate and work effectively across a complex, geographically dispersed organization.

• Basic statistical knowledge and reasoning

• Experience with OSINT, killchains, social engineering and general methods.

This job will be open and accepting applications for a minimum of seven days from the date it was posted.