Senior Information Security Threat Management Engineer

 

At U.S. Bank, we're passionate about helping customers and the communities where we live and work. The fifth-largest bank in the United States, we’re one of the country's most respected, innovative and successful financial institutions. U.S. Bank is an equal opportunity employer committed to creating a diverse workforce. We consider all qualified applicants without regard to race, religion, color, sex, national origin, age, sexual orientation, gender identity, disability or veteran status, among other factors.

 

 

U.S. Bank is seeking an experienced Senior Threat Management Engineer with demonstrated competence and thought leadership capability to contribute toward the success of our Information Security technology initiatives The Duties of the Senior Threat Management Engineer include understanding the current threat landscape and managing detection and protection measures across all security controls. This position will require extensive knowledge of the security space as it relates to technology, social, and cyber threats. Proper Candidate must be able to review and track detected incidents, identify new exploits and/or threats, develop mitigation strategies, and enforce incident reporting standards. Candidate needs to be able to identify the necessary actions required to investigate and contain threats. Candidate must have a proactive computer network defense mindset which they use to develop comprehensive remediation strategies and provide technical guidance. This is a high visibility, high stress position. Candidate will work to continuously improve our ability to detect, respond, and recover from security events and current threat landscape; directing the efforts of technical and business line teams, determining options and courses of action to counter potential attackers. Actions taken by this individual impacts the security and functionality of the enterprise IT for the entire bank.

 


Responsibilities
• Supervise record maintenance for all threat management activities.
• Develop and contribute to threat management framework, requirements and strategy.
• Develop and maintain standard operating procedure (SOP) documentation.
• Analyze threats and vulnerabilities to determine their impact to US Bank's operations.
• Establish and maintain cohesive working relationships with team members, management, key strategic business partners, and vendors.
• Understand the threat actor’s Tactics, Techniques and Procedures
• Conduct Investigations and eDiscovery efforts involving court-proven forensic processes and technologies.
• Conduct post-mortem evaluations on cyber security incidents and lead table-top threat management exercises.
• Lead bank proactive response and mitigation of major security incidents including clear and concise communications to senior executives, regulators, and auditors.
• Proactively researches emerging cyber threats. Applies expert understanding of hacker methodologies and tactics, system vulnerabilities and key indicators of attacks and exploits
• Acquires and applies expert knowledge of the business, its products and processes
• Directs analyses and root cause identification; develops and recommends business solutions impacting the enterprise.
• Monitors efforts of less experienced peers and team members and provides input on performance appraisals. Leads and motivates cross-functional team members in strategy development and implementation of business solutions
• Candidates must be well versed in common network scanning tools that support network discovery, compliance reporting, and vulnerability assessment.
• Candidates must well versed in reviewing, analyzing, and commenting on secure network design and operational requirements (e.g. NIST SP 800-53r5, etc.).

 

Qualifications

 

Basic Qualifications

  • Bachelor's degree in Engineering or Science, or equivalent work experience
  • Eight or more year of experience in information security
  • Two or more years of experience in IT infrastructure management, application architecture, risk management, data architecture, middleware technology, and IT operations and project management

Preferred Qualifications
• Must possess strong analytical & evaluative thinking
• Demonstrated excellent customer service
• Conceptual understandings of the cyber kill chain
• Awareness of the latest cyber-intelligence collection trends and developments
• Experience developing threat briefings for consumption by senior management
• Strong understanding of Windows API and internals
• Ability to complete dynamic analysis of malware
• Ability to extract host and network-based IOCs to provide requirements for detection and prevention
• Ability to work nontraditional working hours when necessary
• Understanding of network protocols and services
• Strong written and verbal skills with the ability to present complex concepts at high level
• Programming and scripting experience
• Understanding of networking, system administration, architectures and security elements
• Experience implementing and tuning a wide range of information security tools
• Experience in Concept and TTP development for emulation of Cyber Adversaries
• Experience in Remote exploitation technical capabilities and TTP.
• Experience in Close Access Team technical capabilities and TTP.
• Experience in Management of hardware/software operational infrastructure associated with Red Team types of “attack platforms.”
• Experience in Operation of commercial and open source network cyber assessment tools (e.g. Core Impact and Rapid7 Metasploit).
• Experience in Computer network platforms, architecture, programming languages and/or development/testing methodology for networked systems.
• Experience in Operational Risk Management (ORM) concepts and application.
• Experience in Application of industry standards for secure software development and lifecycle management.
• Experience in Design, development, testing, modification and operational application of attack and exploitation tools. (to include familiarity with industry standard software engineering concepts and languages such as C+, Python, PHP, etc.).
• Experience in Exploitation and vulnerabilities associated with most common operating systems (Windows, Linux, etc.), protocols (HTTP, FTP, etc.), and network security services (PKI, HTTPS, etc.).
• Experience in improvising courses of action (COAs) and capability development/modification during operations (i.e. remote access/exploitation and close access team operations) to achieve desired red teaming effects.
• Experience in Development, modification, and utilization of network enumeration engines, Open Source Research (OSR) engines, and reverse engineering exploitation frameworks.
• Experience in Development of network systems and architectures to allow Red Team operations in a non-traceable and non-attributable manner.
• Experience in Development of advanced hacking capabilities (e.g. botnet, client deception, advanced Trojans, data exfiltration, mobile device discovery and exploitation).

 

Job

Information Technology

Primary Location

Ohio-OH-Cincinnati

Other Locations

Other Locations United States

Shift

1st - Daytime

Average Hours Per Week

40