Vice President, Attack Surface Visibility and Analysis Analyst, Global Information Security, Sydney, Australia

Job Description:

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. We do this by driving Responsible Growth and delivering for our clients, teammates, communities and shareholders every day.

Being a Great Place to Work is core to how we drive Responsible Growth. This includes our commitment to being an inclusive workplace, attracting and developing exceptional talent, supporting our teammates’ physical, emotional, and financial wellness, recognizing and rewarding performance, and how we make an impact in the communities we serve.

Bank of America is committed to an in-office culture with specific requirements for office-based attendance and which allows for an appropriate level of flexibility for our teammates and businesses based on role-specific considerations.

At Bank of America, you can build a successful career with opportunities to learn, grow, and make an impact. Join us!
 

Job Description:

Cyber Security Research & Analysts

Global Information Security 

Role Overview

The Cyber Security Assurance, Attack Surface Research (ASR) role maintains and performs queries across a wide array of asset enumeration and research toolsets, spanning on-premises and cloud platforms, to effectively map, measure, and report on the topography of the Bank’s network endpoints and other assets for vulnerability risk.

In addition to core investigative matters, the role is responsible for ensuring the stability and enhancement of the backend infrastructure used to create high quality queries, datasets, and visualizations from various enterprise platforms and security data sources. Individuals in the role will routinely ad-hoc investigate infrastructure and vulnerability asset data in support of partner Information Security teams, to help correctly ascertain and communicate vulnerability risk to both technical and non‑technical stakeholders.

The role requires a highly collaborative, analytical and detail oriented mindset, with a focus on ensuring conclusions and/or insights reflect innovative thinking as well as accurate information gathering under time pressure to fully answer three core questions as quickly as possible.

• Do we have it?
• Are we vulnerable?
• Is it exploitable?

Persons in this role operate as part of a team developing methods to quickly reference systems of record (SORs), systems of origin (SOOs) and other available data stores to provide a comprehensive, reliable, and timely view of the Bank’s Attack Surface, both as it relates to vulnerability exploitation risk as well as other concerns.

Key Responsibilities

• Create SQL and Python scripts within Qualys, Tanium and BladeLogic to query datasets, to support Attack Surface Review.
• Perform hands-on analysis of large-scale datasets to correlate map, measure, and report on the overall vulnerability attack surface of the Bank.
• Leverage Python, SQL, and other languages/platforms to automate data ingestion, transformation, enrichment, and quality validation (ETL).
• Develop and maintain visualizations and reports in Power BI or MS-Reporting Services (SSRS) MS-Integration Services (MSIS) that support operational teams, cyber leadership, and stakeholders across Information Security and broader risk teams.
• Possesses network architecture experience sufficient to reasonably speak to the Bank’s data network and architecture in a timely manner to major inquiries as both an individual and as part of projects by the larger team.
• Clearly communicate findings through written analysis and live discussions, including executive‑level summaries.

Required Qualifications

• Strong analytical, problem‑solving, and conceptual thinking skills.
• Self‑motivated, detail‑oriented, and able to manage work independently.
• Strong verbal and written communication skills, with the ability to clearly explain technical findings in meetings and documentation.
• Amongst others, SQL-backend  and Python development experience used for automation, data processing, and integration (as opposed to statistical or ML modeling).
• Strong experience with SQL Server development, including: Indexes, constraints, table switching, transaction management, error handling, and activity logging.
• Experience with SQL Server Integration Services (SSIS), including: DevOps integration, scripting tasks, packaging, deployment, and conditional workflows.
• Hands‑on experience with data ingestion and ETL pipelines (batch and near‑real‑time).
• Python development experience used for automation, data processing, and integration.
• Experience with SSRS, including subscriptions, report management, Tablix, matrix, and cascading parameters.
• Intermediate to advanced understanding of network infrastructure, including: Servers, switches, load balancers, and related components; basic network segmentation and exposure concepts.
• Excellent research skills with the ability to identify relevant and/or unconventional data sources for enumeration of enterprise technologies, to understand how various assets operate and/or are used across the Bank, as well as persistently investigate and be able to effectively validate findings.
• Strong analytical, problem‑solving, and conceptual thinking skills.
• Self‑motivated, detail‑oriented, and able to manage work independently.
• Strong verbal and written communication skills, with the ability to clearly explain and/or translate technical findings in meetings and documentation.