Principal, Information Security

Who We Are:

The Threat Detection Team at BNY Mellon develops and maintains the signals, tools, and infrastructure required to perform deep analysis of threats on our corporate environment. This role will be responsible for identifying and constantly evolving techniques to detect sophisticated attacks. As part of this team, you will be building advanced and novel detection mechanisms for attacker techniques tactics and procedures, developing systems to automate remediation, conducting threat hunting, and performing network and systems forensics, as well as malware and indicator analysis.

The successful candidate will be part of a high performance Cyber Security Analytics team within the Information Security Division of BNY Mellon. The Cyber Security Analytics team is responsible for providing threat detection, analytics and visualization to the Information Security and other functional groups within BNY Mellon with goal of detecting and preventing adversarial attacks.

What you will be doing:

We are seeking an experienced Senior Specialist Info Security Analyst - Controls Testing for Cyber Security Threat Detection and Analytics professional to join our Continuous Control Monitoring and Testing (CCMT) program. The CCMT team works to continuously strengthen the bank's cyber security posture through research, threat simulations, and continuous testing of controls. This team works with partners throughout the bank to both test and improve mitigations from threats to help secure our critical infrastructure. Successful members draw from hands-on experience in both offensive and defensive security roles to help uplift cyber security initiatives throughout the bank. As part of the Threat Detection Team, you will also be helping build and test advanced and novel detection mechanisms for attacker techniques tactics and procedures.

• Oversee the building of tooling to automate the execution of Tactics, Techniques, and Procedures, and other offensive security work to assess and harden protections.
• Strive to continuously ensure that all system-level security controls (technical, operational, and management controls) are implemented correctly, operate as intended, and provide the desired protection.
• Collaborate with security operations teams such as Security Operations Center, Incident Response, Adversary Hunt, and Penetration Testing to prioritize content development and controls. Purple Team.
• Keep up to date with current trends, tactics, and vulnerabilities in the security space.
• Continually work to identify and assess existing security controls and the assets (applications and infrastructure) as well as processes used to fulfill those controls
• Proactively engage with projects to help security teams have a high degree of confidence that the controls they devise and implement remain effective in providing the necessary protection against identified business and technology risk long after their initial implementation.
• Compare actual control adoption with attested control adoption to identify shortcomings, and work with teams to track and resolve any findings.
• Incorporate Threat Intelligence research to track APT trends and help our partners test their environments against new and emerging threats.
• Working knowledge of the MITRE ATT&CK or similar threat frameworks and how to implement and test corresponding controls.
• Functional understanding of how threat actors gain access, move laterally, privilege escalate, set persistence, and evade defences to achieve their objectives.
• Familiarity with attack simulation or penetration testing tools and associated methodologies - Red/Purple Teaming, Cyber Threat Hunting
• In depth understanding of various network, desktop, server, and cloud security technologies and controls.
• Experience with SIEM technologies, log management tools, security analytics platforms, and forensic offerings.
• Intermediate to Expert level proficiency in programming/scripting.
• Experience in working with cross functional teams to collaborate and socialize threat detection techniques and results
• Comfortable working with geographically dispersed team
• Ability to problem solve and performance tune in a high paced development environment

Qualifications:

• Bachelor's or master's degree in computer science or a related discipline, or equivalent work experience required,
• 5 years of experience in information security, security operations or related technology experience required, experience in the securities or financial services industry is a plus. Equivalent military/other experience considered.
• Certifications such as CISSP, GREM, GIAC, SANS, CEH is a plus.