Senior Cloud Detection Engineer

Job Description:

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. We do this by driving Responsible Growth and delivering for our clients, teammates, communities and shareholders every day.

Being a Great Place to Work is core to how we drive Responsible Growth. This includes our commitment to being an inclusive workplace, attracting and developing exceptional talent, supporting our teammates’ physical, emotional, and financial wellness, recognizing and rewarding performance, and how we make an impact in the communities we serve.

Bank of America is committed to an in-office culture with specific requirements for office-based attendance and which allows for an appropriate level of flexibility for our teammates and businesses based on role-specific considerations.

At Bank of America, you can build a successful career with opportunities to learn, grow, and make an impact. Join us!
 

Job Description:

Bank of America is looking for an experienced Cloud Detection Engineer to join our Cyber Security Operations team. The ideal candidate will use their deep knowledge of security controls, tools, features, and operations for AWS to implement and enhance detective capabilities for a fully managed AWS environment. The candidate should be intellectually curious about technology and the evolving threat landscape and willing to actively engage and triage.

This role exists at the intersection of detection engineering and operations and will focus primarily on developing and tuning AWS detections while maintaining close operational alignment with the SOC by providing complex escalation support to ensure detections are effective and actionable. This will include building a detection engineering lifecycle and culture for a SIEM platform covering on-prem and multi-cloud environments while serving as a technical subject matter expert for the AWS environment.  The ideal candidate will partner with teams across Global Information Security to design, develop, tune, and maintain detection content to protect the Bank and support the Bank’s information security policies and/or procedures. 

Responsibilities

• Design, build, and tune AWS security detections using Splunk
• Reduce false positives and improve alert fidelity
• Partner with cloud and security teams to increase detection coverage
• Translate threat scenarios into actionable detections
• Act as L2 escalation support for complex AWS-related alerts
• Validate and investigate high-risk findings
• Provide feedback and guidance to L1 analysts
• Use real investigations to continuously improve detection logic

Skills and Experience

• Minimum of eight (8) or more years relevant Cyber Security experience with at least five (5) years in Cloud SOC and/or Purple Team roles.
• Highly organized and motivated self-starter who can deliver results with minimal direction.
• Experience writing and tuning detections.
• Experience with SIEM tools including Splunk.
• Experience designing and implementing technical solutions to enhance visibility, alerting capabilities, and reduce risk within AWS.
• Experience reviewing applications, infrastructure, and architectural designs to identify threats and vulnerabilities.
• Experience with a range of AWS native services and tools (i.e. Guard Duty, CloudTrail, Security Hub)
• Understanding of threat frameworks, such as MITRE ATT&CK for Cloud and D3FEND.
• Understanding of Risk Management principles.
• Experience in building, configuring, operating and/or securing cloud infrastructure and applications in AWS with either native cloud service provider capabilities or 3rd party vendor tools.
• Ability to independently assess risks and identify vulnerabilities in infrastructure with an eagerness to suggest new processes, policies, and overall improvements to internal security controls.
• Experience partnering with incident response teams, threat intelligence researchers, Red/Purple teams, and/or HUNT researchers.
• Familiarity with common Information Security and data protection frameworks and standards (i.e. CIS, NIST, HIPAA, GDPR, PCI DSSS, ISO 270001).
• Ability to navigate and collaborate effectively within a geographically complex and dispersed global corporation.
• Excellent verbal and written communication skills with ability to distill key data points and effectively present information.

Preferable Certifications/Degrees

• CCSP / CCSK
• CISSP / CISM / Security +
• Bachelor’s or Master’s Degree in Computer Science, Information Systems, Cyber Security, or related field.

Skills:

• Influence
• Result Orientation
• Solution Design
• Stakeholder Management
• Technical Strategy Development
• Cyber Security
• Information Systems Management
• Risk Management
• Solution Delivery Process
• Collaboration
• Critical Thinking
• DevOps Practices
• Test Engineering

Shift:

Hours Per Week: