[Close] 

Risk Cybersecurity Vulnerability Analyst

Thank you for your interest in a career at Regions. At Regions, we believe associates deserve more than just a job. We believe in offering performance-driven individuals a place where they can build a career --- a place to expect more opportunities. If you are focused on results, dedicated to quality, strength and integrity, and possess the drive to succeed, then we are your employer of choice.
Regions is dedicated to taking appropriate steps to safeguard and protect private and personally identifiable information you submit. The information that you submit will be collected and reviewed by associates, consultants, and vendors of Regions in order to evaluate your qualifications and experience for job opportunities and will not be used for marketing purposes, sold, or shared outside of Regions unless required by law. Such information will be stored for a set period of time. You may review, modify, or update your information by visiting and logging into the careers section of the system.
Job Description:
At Regions, the Risk Cybersecurity Vulnerability Analyst is part of the second line of defense within risk management and is responsible for planning, coordinating, and performing penetration testing, purple/red teaming engagements, and vulnerability assessments within a team environment. This position bridges the gap between vulnerability discovery, testing, and blue team defensive efforts. This position conducts formal tests on web-based and traditional applications, networks and infrastructure, mobile, and other information systems throughout the enterprise. This position will interface with business units to assess technology initiatives, identify potential risks, and recommend improvements.
Primary Responsibilities
Conducts initial penetration test scoping with business unit stakeholders
Leads and coordinates penetration testing and external red teaming of networks, systems, and applications within agreed scope and rules of engagement
Leads regular meetings with business unit stakeholders to assess remediation efforts
Leads security reviews of application designs, source code, and deployments
Delivers technical reports to bank leaders and executives
Maintains knowledge with current and emerging technologies and advancements that enhance cyber security capabilities
Coordinates closely with 1st line teams to enhance risk identification, assessment, and monitoring to ensure they are within specified risk appetites
Develops and delivers cyber security and digital risk presentations and education sessions (brown bags, formal) to various Risk Management groups and teams and other stakeholders around relevant and timely information security and digital risk topics of interest
This position is exempt from timekeeping requirements under the Fair Labor Standards act and is not eligible for overtime pay.
Requirements
Bachelor's degree in technical discipline
Five (5) years of experience in penetration testing and vulnerability analysis
One or more of the following certifications (or the ability to acquire within 12 months of hire):
OSCP
GPEN/GXPN
GWAPT
Skills and Competencies
Strong technical ability in current application and infrastructure testing methodologies
Strong technical ability in both manual and automated approaches to penetration testing
Knowledge of threat modeling methodologies
Experience with assessment tools, such as scanners, administrative utilities, local proxies, debuggers, fuzzers, etc.
Strong understanding of security concepts for both Windows and Unix related operating systems
Ability to work independently without daily direction
Comfortable with frequent interactions with bank executives and critical 1st and 3rd line stakeholders
Preferences
Solid understanding of OWASP and other software security best practices
Experience with source code review or development experience in Python, Ruby, C++, C#, Java, Javascript, or x86/x64/arm assembly languages
Knowledge of application reverse engineering techniques and procedures
Demonstrable experience with finding vulnerabilities and exploiting them within a realistic application environment
Strong technical ability in security related architecture design and assessment
Location:Hoover, Alabama
EEO/AA/Minorities/Females/Disabled/Veterans



Don't Be Fooled

The fraudster will send a check to the victim who has accepted a job. The check can be for multiple reasons such as signing bonus, supplies, etc. The victim will be instructed to deposit the check and use the money for any of these reasons and then instructed to send the remaining funds to the fraudster. The check will bounce and the victim is left responsible.

More Jobs

Risk Cybersecurity Vulnerability Analyst
Birmingham, AL Regions Bank
Cybersecurity Engineer/Analyst
Huntsville, AL Sentar Inc
Risk Information Technology Analyst
Harvest, AL Regions Financial Corporation
Cybersecurity Threat Analyst
Montgomery, AL Booz Allen Hamilton Inc.
Risk Information Technology Analyst
Birmingham, AL Regions Bank