U.S. Bank is seeking an experienced Senior Threat Management Engineer with demonstrated competence and thought leadership capability to contribute toward the success of our Information Security technology initiatives The Duties of the Senior Threat Management Engineer include understanding the current threat landscape and managing detection and protection measures across all security controls. This position will require extensive knowledge of the security space as it relates to technology, social, and cyber threats. Proper Candidate must be able to review and track detected incidents, identify new exploits and/or threats, develop mitigation strategies, and enforce incident reporting standards. Candidate needs to be able to identify the necessary actions required to investigate and contain threats. Candidate must have a proactive computer network defense mindset which they use to develop comprehensive remediation strategies and provide technical guidance. This is a high visibility, high stress position. Candidate will work to continuously improve our ability to detect, respond, and recover from security events and current threat landscape; directing the efforts of technical and business line teams, determining options and courses of action to counter potential attackers. Actions taken by this individual impacts the security and functionality of the enterprise IT for the entire bank.
• Must possess strong analytical & evaluative thinking
• Demonstrated excellent customer service
• Conceptual understandings of the cyber kill chain
• Awareness of the latest cyber-intelligence collection trends and developments
• Experience developing threat briefings for consumption by senior management
• Strong understanding of Windows API and internals
• Ability to complete dynamic analysis of malware
• Ability to extract host and network-based IOCs to provide requirements for detection and prevention
• Ability to work nontraditional working hours when necessary
• Understanding of network protocols and services
• Strong written and verbal skills with the ability to present complex concepts at high level
• Programming and scripting experience
• Understanding of networking, system administration, architectures and security elements
• Experience implementing and tuning a wide range of information security tools
• Experience in Concept and TTP development for emulation of Cyber Adversaries
• Experience in Remote exploitation technical capabilities and TTP.
• Experience in Close Access Team technical capabilities and TTP.
• Experience in Management of hardware/software operational infrastructure associated with Red Team types of “attack platforms.”
• Experience in Operation of commercial and open source network cyber assessment tools (e.g. Core Impact and Rapid7 Metasploit).
• Experience in Computer network platforms, architecture, programming languages and/or development/testing methodology for networked systems.
• Experience in Operational Risk Management (ORM) concepts and application.
• Experience in Application of industry standards for secure software development and lifecycle management.
• Experience in Design, development, testing, modification and operational application of attack and exploitation tools. (to include familiarity with industry standard software engineering concepts and languages such as C+, Python, PHP, etc.).
• Experience in Exploitation and vulnerabilities associated with most common operating systems (Windows, Linux, etc.), protocols (HTTP, FTP, etc.), and network security services (PKI, HTTPS, etc.).
• Experience in improvising courses of action (COAs) and capability development/modification during operations (i.e. remote access/exploitation and close access team operations) to achieve desired red teaming effects.
• Experience in Development, modification, and utilization of network enumeration engines, Open Source Research (OSR) engines, and reverse engineering exploitation frameworks.
• Experience in Development of network systems and architectures to allow Red Team operations in a non-traceable and non-attributable manner.
• Experience in Development of advanced hacking capabilities (e.g. botnet, client deception, advanced Trojans, data exfiltration, mobile device discovery and exploitation).
Other Locations United States
1st - Daytime