The Bank of America Global Information Security division (GIS) is looking for positive, qualified security specialists to join the Cyber Security Operations/Defense, Monitoring and Triage team.
The M&T team directly supports the Security Operations Center/Capability (SOC) by identifying, onboarding and optimizing level one processes so that the SOC can perform initial triage for other operational teams that ultimately own a control or process.
A strong customer relationship must be forged between partner operational teams in order to support legacy processes, as well as to identify new opportunities ongoing. A customer-service and consultant mindset is important so that there is a purposeful, proactive effort to help partners/customers discover opportunities in level one processes, whether that be through transfer of new work to the SOC, or the optimization of existing work through optimization, efficiencies, and automation.
This sort of operational excellence is achieved through the proactive analysis and measurement of SOC effectiveness via metric collection and pattern identification. Our primary mission is the monitoring and timely triage of security events, mastery of the technologies and information we analyze, maintaining expert-level knowledge of detection tools and techniques, and proper escalation of incidents for immediate response, containment and recovery.
We are looking for talented, well-rounded, self-motivated professionals who have a strong passion for cyber security, are exceptional written and verbal communicators, and have a serious desire to learn.
These individuals should be interested in being challenged on a daily basis to stay one step ahead of an ever-changing landscape of threats and adversaries.
We are also looking for individuals that are interested in working both collaboratively and independently to hunt down and identify anomalous and malicious activity, wherever it may be. Whether you are a seasoned cyber security professional or new to the field, we are looking for new team members to join us in defending our company as the first line of defense.
Responsibilities will include:
• Effectively manage and lead SOC analysts
• Ensure event triage is occurring on time
• Ensure event triage is effective and accurate
• Ensure capacity measurement is occurring and is within acceptable boundaries, allowing for burst capacity
• Foster mentor relationships, based on personality and career aspirations, opportunities
• Ensure Critical Thinking is being taught and utilized by SOC analysts
• Assist SOC analysts in career development
• Define and maintain new analyst on-boarding documentation and curriculum
• Define and maintain training requirements
• Assist in identifying any new processes the SOC can onboard
• Maintain clear, consistent, accurate and dynamic documentation
• Proactive relationship building and maintaining of existing relationships
• Data pattern and trend identification via metric analysis, driving operational excellence and improvement
• Maximize resource utilization (human, tools, etc) through data analytics
• Quality Assurance, ensure tickets are triaged correctly
• Training SOC analysts on new and updates processes and tools
• Weekly On-Call rotation, escalation point for after-hour queries or assistance for SOC staff
• Detailed analysis using a variety of tools and techniques to investigate, navigate, correlate and understand cyber security incidents to the fullest extent of the data available
• Tuning of rules, filters and policies for detection-related security technologies to improve accuracy and visibility
• Data mining of log sources to uncover and investigate anomalous activity
• Maintaining documentation of playbooks and procedures
• Proper escalation and hand-off of security incidents for response, containment and recovery
• Effective communication in both written and verbal form of event findings, analysis, current state
• Excellent verbal and written communication skills
• Positive Attitude
• Flexibility, Comfortable with Change
• Fast Typing Skills
• Exceptional organizational abilities and attention to detail
• Critical Thinking, seeing beyond face-value
• The ability to think creatively to find elegant solutions to complex problems
• The ability to work both independently and collaboratively within a larger team
• A willingness to be challenged along with a strong appetite for learning
• Basic knowledge of common operating systems (Windows, Linux, etc.) and basic endpoint security principles, networking services and protocols (TCP/IP, SSH, FTP, DNS, DHCP, SMTP, SSL, etc.)
• Basic understanding of common security technologies (IDS, Firewall, SIEM, etc.)
• 3-5 years of experience in Cyber Security, Incident Response, or a related field
• Prior experience detecting and analyzing security events and/or responding to security incidents
• Demonstrated ability to analyze and correlate information from a wide variety of enterprise technologies
• Hands-on experience with common security technologies (IDS, Firewall, SIEM, etc.)
• Knowledge of common security analysis tools & techniques
• Understanding of common security threats, attack vectors, vulnerabilities and exploits
• Search query language basics (SQL, Splunk, etc)
• Programming experience (Python, Perl, etc.)
• Knowledge of regular expressions