VP - Cyber Security
New York, NY
The purpose of this position is to lead the various cyber security activities to enhance the overall security posture of the bank, specifically focusing on the Penetration testing & Incident response plan & Threat Intelligence Management. The candidate will maintain the highest ethical standards and adherence to established rules of engagement.
• Act as Subject matter expert to define cyber threat landscape, cyber intrusion threat vectors, identify vulnerabilities, exploitation & suggest remediation
• Preform the security penetration tests for applications and IT infrastructure; defining scope, coordinating attacks, executing tests and reporting findings, following an established methodology in accordance with defined processes.
• Develop & manage the test environment, tools, scripts & programs for automated penetration testing.
• Develop Threat Hunting function that leverages threat intelligence and Indicators of Compromise (IOCs) to detect threats, identify security gaps and improve SOC operations.
• Track metrics and trend analysis on discovered attacks, vulnerabilities, and mitigations.
• Proactively research emerging cyber threats. Apply analytical understanding of hacker methodologies and tactics, system vulnerabilities and key indicators of attacks and exploits.
• Perform network traffic analysis utilizing raw packet data, net flow, IDS, and custom sensor output as it pertains to the cyber security of communications networks.
• Utilize understanding of attack signatures, tactics, techniques and procedures associated with advanced threats.
• Lead the Incident response plan for the Bank by guiding first line of defense to perform technical analysis & forensic investigation and coordinate the plan with other business key stakeholders.
• Prepare custom dashboard, alerts, searches and log parsing in SIEM to improve visibility on security threats
• Preform day to day monitoring of security tools & fine tune them as needed
• Develop and manage threat intelligence focused area through designing of push indicators, threat model frameworks (e.G. Kill Chain, Mitre Telecommunication&ck, Stride, etc.), threat intelligence platform, reporting and KRIs, etc.
• Coordinate with SOC in aligning the threat management, incident response and any cyber defense tactical and technical matters.