Description

　　Cyber Security Engineer with a focus on Penetration Testing, ThreatHunting, Red/Blue Team, and Threat Intelligence, you will play acrucial role in ensuring the security of the Bank's systems, networks,and infrastructure from potential cyber threats. Your primary responsibilitywill be to identify vulnerabilities, simulate real-world attacks,proactively and iteratively hunt for threats, and provide actionableintelligence to enhance the organization's security posture. You willcollaborate with cross-functional teams to assess and mitigate risks,respond to security incidents, and develop strategies to defend againstemerginRESPONSIBILITIESConduct offensive security assessments including penetration tests onsystems, applications, and network infrastructure to identifyvulnerabilities and potential attack vectors.Defensive Analysis: Utilize both automated and manual techniques to simulatereal-world attacks and test defensive measures, security controls andmonitoring capabilities.Document and present detailed reports on findings, including recommendedremediation strategies and security best practices.Proactively search for signs of advanced persistent threats (APTs) andperform active reconnaissance to identify potential risks and vulnerabilities.Simulate real-world attacks to test the effectiveness of the bank's securitycontrols, incident response capabilities, and overall resilience.Identify and track threat actor Tactics, Techniques, and Procedures (TTPs).Use a variety of tools, techniques, and threat intelligence sources toanalyze logs, network traffic, and system behavior to identify potentialindicators of compromise (IOCs).Collaborate with the incident response team to investigate and respond toidentified threats, minimizing the impact and preventing further attacks.Collaborate with the Cyber Operations team to identify and close securitygaps, improve incident response processes, and enhance overall defensivecapabilities.Assist in the development and execution of tabletop exercises and simulationsto test the organization's incident response readiness and identify areasfor improvement.Monitor and analyze threat intelligence sources to identify emergingthreats, attack trends, and indicators of compromise relevant to thebanking industry.Stay updated with the latest security threats, attack techniques andvulnerabilities, and use this knowledge to enhance purple team operation anddefense strategies.Collaborate with external threat intelligence providers and participate inthreat-sharing communities.Collaborate with the incident response team to provide technical expertiseduring security incidents and assist in containment, eradication, andrecovery efforts.Develop incident response playbooks and procedures specific to penetrationtesting, red teaming, and threat hunting scenarios.Conduct Digital Forensics investigations and Malware Analysis to identifymalicious activity and derive Indicators of Compromise (IOCs)Serve as an Incident Responder on the cybersecurity incident response teamwith a periodic on-call requirement.Contribute to security awareness and training programs to educate bank staffon emerging threats, phishing, and social engineering techniques.Conduct technical training sessions for IT teams to enhance theirunderstanding of penetration testing, threat hunting, and red teamingmethodologies.Coach and mentor junior team members to enhance and mature capabilities andteam processes.Contribute to reporting on the team's operational metrics and KPIs.QUALIFICATIONSMinimum 5 years of recent experience working as a cybersecurity professional.In-depth knowledge of common vulnerabilities, attack vectors, andpenetration testing methodologies.Subject matter expertise in at least one of the following areas: CyberThreat Hunting, Malware Analysis & Reverse Engineering, Cyber ThreatIntelligence, D gital Forensics, Incident Response, Penetration Testing.Experience with using a scripting language such as Python or PowerShell fortask automation or tool creation is desirable.Familiarity with threat intelligence platforms, SIEM solutions, andsecurity analytics tools.Proficient in using various penetration testing tools and frameworks(e.g., Kali Linux, Metasploit, Burp Suite).Strong understanding of network protocols, web application security, andsecure coding practices.Relevant certifications such as OSCP, OSCE, CISSP, or GCIH, GREM,GCFA, GCTI, CREST certifications are preferred.A reasonable, good faith estimate of the minimum and maximum base salary orpay for this position is $40.90/hr to $67.48/hr. Actual compensationwill vary based on various factors including but not limited to location,experience, and performance. A discretionary bonus and/or business lineincentive may be provided, in addition to a medical and other benefits,dependent on the position. For more information regarding our benefits,please#LI-Onsite#LI-FG1

　　The contractor will not discharge or in any other manner discriminate againstemployees or applicants because they have inquired about, discussed, ordisclosed their own pay or the pay of another employee or applicant.However, employees who have access to the compensation information of otheremployees or applicants as a part of their essential job functions cannotdisclose the pay of other employees or applicants to individuals who do nototherwise have access to compensation information, unless the disclosure is(a) in response to a formal complaint or charge, (b) in furtheranceof an investigation, proceeding, hearing, or action, including aninvestigation conducted by the employer, or (c) consistent with thecontractor's legal duty to furnish information. 41 CFR 60-1.35(c)