POSITION PURPOSE

We are looking for someone who is passionate about information security and finding solutions for our information security needs. The Sr. Information Security Solutions Analyst will be a member of the Architecture team and will assist with the design and assessments of information security initiatives and operations for the Bank. The role offers a high degree of freedom to investigate novel and complex threats, then develop knowledge, playbooks, and automation. 

The analyst will work to ensure the security and compliance of bank systems and processes are in-line with federal and state banking regulations, and other cybersecurity best practices. The goal for the position is to assist in building a robust application security and offensive security program and automate processes where possible.

ESSENTIAL DUTIES AND FUNCTIONS 

• Manage existing external penetration testing program, while developing a new hybrid program model that leverages internal resources for testing.
• Assist with the development of Red Team/Blue Team strategy.
• Perform application risk assessments and threat modeling of internal and third-party applications. This includes deliverables to management using a standardized risk management process and devising mitigations to lower risk levels as part of the analysis. 
• Ability to create reports and distill data down to meaningful metrics for relevant stakeholders.
• Ability to manage multiple projects/programs and provide updates on timeline to completion. 
• Experience in Python, PowerShell, or Microsoft's Power Platform tools such as Power Automate, Power Apps, or Power BI is highly desired to automate manual processes.
• Knowledge of information security concepts of both in-house and cloud systems.
• Ability to troubleshoot problems, be proactive, and an open mind toward unconventional solutions.
• Provide reviews, updates, and feedback on security policies and processes.
• Stay current with new technologies and best practices relative to security/privacy discipline as well as applicable federal, state, industry, and regulatory compliance. Stay involved in various external professional organizations as appropriate.
• Participate in reviews of Bank systems against compliance regulations and frameworks including the Federal Deposit Insurance Corporation (FDIC)/ Federal Financial Institutions Examination Council (FFIEC) Safeguards Rule, the National Institutes of Standards and Technology (NIST) Cybersecurity Framework (and by extension NIST Special Publications 800-53), Payment Card Industry - Data Security Standard (PCI-DSS), and the Center for Internet Security (CIS) controls. 

PREFERRED QUALIFICATIONS

• Bachelor’s degree in cyber security, computer science or relevant work experience. 
• 3 Year experience real world experience in penetration testing and familiarity with security tools such as vulnerability scanners, firewalls, intrusion detection/prevention (IDP/IPS), and security information and event management (SIEM) applications.
• Experience in developing Red Team/Blue Team program.
• Current and Extensive knowledge of Microsoft Technologies and cloud strategies.

• Solid understanding of security protocols, cryptography, authentication, authorization, and security
• Ability to research, analyze and resolve complex problems with minimal supervision and escalate issues as appropriate.
• Strong analytical skills.

• Strong background in reporting and data modelling.
• Strong understanding of risk and security threat management methodologies and regulatory requirements pertaining to information security, privacy and/or data security (DREAD, STRIDE, MITRE, NIST RMF).
• Knowledge of Windows and Unix/Linux system administration and architecture.
• Strong understanding of penetration testing tools such as Metasploit, Nessus, Burp Suite.
• Understanding of TCP/IP networking including knowledge of protocols and services
• Security Certifications (i.e., CEH, CPT, OSCP, CISSP, Azure Certifications, etc.)
• Banking or Financial services industry highly preferred.