Risk Cybersecurity Vulnerability Analyst

Thank you for your interest in a career at Regions. At Regions, we believe associates deserve more than just a job. We believe in offering performance-driven individuals a place where they can build a career --- a place to expect more opportunities. If you are focused on results, dedicated to quality, strength and integrity, and possess the drive to succeed, then we are your employer of choice.

Regions is dedicated to taking appropriate steps to safeguard and protect private and personally identifiable information you submit. The information that you submit will be collected and reviewed by associates, consultants, and vendors of Regions in order to evaluate your qualifications and experience for job opportunities and will not be used for marketing purposes, sold, or shared outside of Regions unless required by law. Such information will be stored for a set period of time. You may review, modify, or update your information by visiting and logging into the careers section of the system.

Job Description:

At Regions, the Risk Cybersecurity Vulnerability Analyst is part of the second line of defense within risk management and is responsible for planning, coordinating, and performing penetration testing, purple/red teaming engagements, and vulnerability assessments within a team environment. This position bridges the gap between vulnerability discovery, testing, and blue team defensive efforts. This position conducts formal tests on web-based and traditional applications, networks and infrastructure, mobile, and other information systems throughout the enterprise. This position will interface with business units to assess technology initiatives, identify potential risks, and recommend improvements.

Primary Responsibilities

  • Conducts initial penetration test scoping with business unit stakeholders
  • Leads and coordinates penetration testing and external red teaming of networks, systems, and applications within agreed scope and rules of engagement
  • Leads regular meetings with business unit stakeholders to assess remediation efforts
  • Leads security reviews of application designs, source code, and deployments
  • Delivers technical reports to bank leaders and executives
  • Maintains knowledge with current and emerging technologies and advancements that enhance cyber security capabilities
  • Coordinates closely with 1st line teams to enhance risk identification, assessment, and monitoring to ensure they are within specified risk appetites
  • Develops and delivers cyber security and digital risk presentations and education sessions (brown bags, formal) to various Risk Management groups and teams and other stakeholders around relevant and timely information security and digital risk topics of interest

*This position is exempt from timekeeping requirements under the Fair Labor Standards act and is not eligible for overtime pay.

Requirements

  • Bachelor’s degree in technical discipline
  • Five (5) years of experience in penetration testing and vulnerability analysis, or related cybersecurity practices/methodologies.
  • One or more of the following certifications (or the ability to acquire within 12 months of hire):
  • OSCP
  • GPEN/GXPN
  • GWAPT

Skills and Competencies

  • Strong technical ability in current application and infrastructure testing methodologies
  • Strong technical ability in both manual and automated approaches to penetration testing
  • Knowledge of threat modeling methodologies
  • Experience with assessment tools, such as scanners, administrative utilities, local proxies, debuggers, fuzzers, etc.
  • Strong understanding of security concepts for both Windows and Unix related operating systems
  • Ability to work independently without daily direction
  • Comfortable with frequent interactions with bank executives and critical 1st and 3rd line stakeholders

Preferences

  • Solid understanding of OWASP and other software security best practices
  • Experience with source code review or development experience in Python, Ruby, C++, C#, Java, Javascript, or x86/x64/arm assembly languages
  • Knowledge of application reverse engineering techniques and procedures
  • Demonstrable experience with finding vulnerabilities and exploiting them within a realistic application environment
  • Strong technical ability in security related architecture design and assessment