Skip to main content

Information Security Engineer

Denver, CO; Addison, TX; Annandale, VA; - United States

Job number: 19072707

Back to job search results

Job Description:

The Information Security Engineer is responsible for building a Cyber Crime Malware Mitigation Program.  The Cyber Crime Malware Mitigation Program Manager requires strong skills in malware research and an understanding of reverse engineering to thoroughly understand malicious code targeting our clients. The candidate will be responsible for building a program that sources malware samples targeting bank clients; static and dynamic malware analysis; sets direction for the program based on business impact and provide malware research reporting that provides recommendations to mitigate the malware through detection and prevention techniques.  The Cyber Crime Malware Mitigation Program Manager will leverage existing resources to build out the program and champion the need to acquire net new capabilities where there are gaps.  The candidate will be responsible for collaborating with other security teams and business partners to test and implement detective and preventative controls wherever possible to mitigate impact to the bank and its clients.

• Oversee malware research program that involves sourcing and prioritizing malware that poses the biggest threat to Bank of America customers and clients.
• Collaborates closely with online banking and authentication teams at Bank of America to develop and test indicators to detect compromised customers and clients.

• Builds tools to assist in analyzing and extracting configuration data from banking (or other) malware targeting Bank of America customers and clients.
• Produces concise, detailed written products highlighting key components of research and analysis.
• Engages effectively with multiple teams within the bank to achieve objectives and proactively mitigate losses from financial malware.

Job Qualifications:
• Bachelors and/or Master’s Degree in Engineering, Computers Science, or related field
• Strong direct experience of analyzing malware, must have a solid understanding of dynamic/static analysis of malware
• Background in network traffic analysis; Knowledge of networking protocols: TCP/IP, HTTP/HTTPs, FTP, IRC etc
• Experience in encryption/obfuscation and how to reverse it is desired, but not required
• GCIH, GREM, GCFA or CISSP is desired, but not required
• Able to work independently on tasks, but also work well within a team environment
• Can create innovative ways to track progression of malware families, infrastructure and campaigns conducted by espionage actors
• Excellent communication skills and able to adapt to the audience
• 7+ years overall technical experience in either reverse engineering/malware analysis, threat intelligence, incident response, security operations, or related information security field.
• 5+ years experience in application design/engineering, including but not limited to programming/scripting, Windows/Linux system administration, RDBMS/NoSQL database administration, etc.
• 2+ years experience in penetration testing or ethical hacking
• 2+ years experience with reverse engineering tools like IDA Pro, Ghidra, OllyDbg, Windbg, and Wireshark.
• 2+ years experience of Python scripting to automate analysis and reverse engineering tasks (and Bash or Powershell or PerlC/C++).
• 2+ years experience of x86, ARM, and x64 architectures.
• Ability to reverse engineer binaries of various types including: x86, x64, C, C++, and .NET.
• Strong understanding of Windows Operating System Internals, Windows APIs, and writing and analyzing DLLs.
• Recent experience developing custom software and hardware tools to assist in performing reverse engineering and vulnerability analysis.
• Strong understanding of common network and application stack protocols, including but not limited to TCP/IP, SMTP, DNS, TLS, XML, HTTP, etc.

Posting Date: 11/01/2019

Denver, CO, REPUBLIC PLAZA, 370 17TH ST,
Addison, TX, 16001 N Dallas Pkwy (TX8044),
- United States

Travel: No

Full / Part-time: Full time

Hours Per Week: 40

Shift: 1st shift

Already have a candidate profile? Log in to access and update your current profile to access and update your current profile.

Assistance for Applicants with Disabilities

Bank of America is committed to ensuring that our online application process provides an equal employment opportunity to all job seekers, including individuals with disabilities. If you believe you need a reasonable accommodation in order to search for a job opening or to submit an application, please visit the Applicants with Disabilities page.

Diversity & Inclusion

At Bank of America, our commitment to diversity and inclusion is helping us to create not only a great place to work, but also an environment where our employees, our customers and our communities around the world can reach their goals and connect with each other. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.

Frequently Asked Questions

Need to know how to apply online, view a list of your submitted job applications or reset your password? Visit our FAQ section for answers to these questions and more.

Bank of America Employees

Bank of America employees should access the internal jobs database.