Cyber Security Research & Analysis Specialist (SQL / Python required)

Job Description:

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. We do this by driving Responsible Growth and delivering for our clients, teammates, communities and shareholders every day.

Being a Great Place to Work is core to how we drive Responsible Growth. This includes our commitment to being an inclusive workplace, attracting and developing exceptional talent, supporting our teammates’ physical, emotional, and financial wellness, recognizing and rewarding performance, and how we make an impact in the communities we serve.

Bank of America is committed to an in-office culture with specific requirements for office-based attendance and which allows for an appropriate level of flexibility for our teammates and businesses based on role-specific considerations.

At Bank of America, you can build a successful career with opportunities to learn, grow, and make an impact. Join us!

Role Overview:

The Cyber Security Assurance, Attack Surface Research and Analysis team delivers hands on asset research on the Bank’s network (attack surface) to identify, measure, and interpret the Bank’s technology exposure and vulnerability exploitability. This role is responsible for high quality queries, datasets, and visualizations that leverage enterprise platforms and security data sources. The successful candidate will investigate infrastructure and vulnerability asset data to determine vulnerability risk for both technical and non‑technical audiences. The successful candidate will be highly collaborative, analytical, detail oriented, ensuring insights are accurate and delivered on time.

Work as part of a team developing methods to quickly reference systems of record (SOR’s), systems of origin (SOO’s) and other available data stores for a comprehensive reliable and timely view of the Bank’s attack surface and vulnerability exploitability potential, with the goal of enabling answers to the following three questions as quickly as possible.

• Do we have it?

• Are we vulnerable?

• Is it exploitable?

Key Responsibilities:

• Create SQL and python scripts within Qualys, Tanium and BladeLogic to query datasets, to support attack surface visibility and vulnerability analysis

• Perform hands on analysis of large scale datasets to correlate to security and vulnerabilities

• Use Python and SQL to automate data ingestion, transformation, enrichment, and quality validation (ETL)

• Develop and maintain visualizations and reports in Power BI or MS-Reporting Services (SSRS) MS-Integration Services (SSIS) that support operational teams, cyber leadership, and risk stakeholders

• Understands the Bank’s Data network and architecture to work in a team to answer: Do we have it? Are we vulnerable? Is it exploitable?

• Clearly communicate findings through written analysis and live discussions, including executive‑level summaries.

Required Qualifications

• Experience with SQL Server Integration Services (SSIS), including: DevOps integration, C# script tasks, Packaging, deployment, and conditional workflows

• Python development experience used for automation, data processing, and integration (not statistical or ML modeling)

• SQL database and Python development experience used for automation, data processing, and integration (not statistical or ML modeling): Strong experience with SQL Server development, including: Indexes, constraints, table switching, Transaction management, error handling, and activity logging

• Strong analytical, problem‑solving, and conceptual thinking skills

• Self‑motivated, detail‑oriented, and able to manage work independently

• Strong verbal and written communication skills, with the ability to clearly explain technical findings in meetings and documentation

• Hands‑on experience with data ingestion and ETL pipelines (batch and near‑real‑time)

• Experience with SSRS, including subscriptions, report management, Tablix, matrix, and cascading parameters

• Basic Understanding of networked infrastructure, including: Servers, switches, load balancers, and related components, basic network segmentation and exposure concepts

• Excellent research skills with the ability to: Identify relevant data sources related to enterprise technologies, understand how systems operate and are used across the firm, persistently investigate and validate findings

This job will be open and accepting applications for a minimum of seven days from the date it was posted

Shift:

Hours Per Week: