Cyber Security Research & Analyst Global Information Security Role Overview
The Cyber Security Assurance, Attack Surface Research (ASR) role maintains and performs queries across a wide array of asset enumeration and research toolsets, spanning on-premises and cloud platforms, to effectively map, measure, and report on the topography of the Bank's network endpoints and other assets for vulnerability risk. In addition to core investigative matters, the role is responsible for ensuring the stability and enhancement of the backend infrastructure used to create high quality queries, datasets, and visualizations from various enterprise platforms and security data sources. Individuals in the role will routinely ad‐hoc investigate infrastructure and vulnerability asset data in support of partner Information Security teams, to help correctly ascertain and communicate vulnerability risk to both technical and non‐technical stakeholders. The role requires a highly collaborative, analytical and detail oriented mindset, with a focus on ensuring conclusions and/or insights reflect innovative thinking as well as accurate information gathering under time pressure to fully answer three core questions as quickly as possible: Do we have it? Are we vulnerable? Is it exploitable? Persons in this role operate as part of a team developing methods to quickly reference systems of record (SORs), systems of origin (SOOs) and other available data stores to provide a comprehensive, reliable, and timely view of the Bank's Attack Surface, both as it relates to vulnerability exploitation risk as well as other concerns.
Key Responsibilities
* Create SQL and Python scripts within Qualys, Tanium and BladeLogic to query datasets, to support Attack Surface Review.
* Perform hands‐on analysis of large‐scale datasets to correlate map, measure, and report on the overall vulnerability attack surface of the Bank.
* Leverage Python, SQL, and other languages/platforms to automate data ingestion, transformation, enrichment, and quality validation (ETL).
* Develop and maintain visualizations and reports in Power BI or MS‐Reporting Services (SSRS) MS‐Integration Services (MSIS) that support operational teams, cyber leadership, and stakeholders across Information Security and broader risk teams.
* Possesses network architecture experience sufficient to reasonably speak to the Bank's data network and architecture in a timely manner to major inquiries as both an individual and as part of projects by the larger team.
* Clearly communicate findings through written analysis and live discussions, including executive‐level summaries.
Required Qualifications
* Strong analytical, problem‐solving, and conceptual thinking skills.
* Self‐motivated, detail‐oriented, and able to manage work independently.
* Strong verbal and written communication skills, with the ability to clearly explain technical findings in meetings and documentation.
* Amongst others, SQL-backend and Python development experience used for automation, data processing, and integration (as opposed to statistical or ML modeling).
* Strong experience with SQL Server development, including: Indexes, constraints, table switching, transaction management, error handling, and activity logging.
* Experience with SQL Server Integration Services (SSIS), including: DevOps integration, scripting tasks, packaging, deployment, and conditional workflows.
* Hands‐on experience with data ingestion and ETL pipelines (batch and near‐real‐time).
* Python development experience used for automation, data processing, and integration.
* Experience with SSRS, including subscriptions, report management, Tablix, matrix, and cascading parameters.
* Intermediate to advanced understanding of network infrastructure, including: Servers, switches, load balancers, and related components; basic network segmentation and exposure concepts.
* Excellent research skills with the ability to identify relevant and/or unconventional data sources for enumeration of enterprise technologies, to understand how various assets operate and/or are used across the Bank, as well as persistently investigate and be able to effectively validate findings.
#J-18808-Ljbffr