Cyber Security Specialist/Information Security Officer (ISO)
- New York, NY, USA
Israel Discount Bank of New York, also known by its registered service mark, “IDB Bank”, is a full service commercial bank chartered by the State of New York and a member of the Federal Deposit Insurance Corporation (FDIC). Our liquidity and capital ratios are strong, and we are ranked by Crain’s New York Business as the 24th largest commercial bank in the New York area. the Bank provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, sex, sexual orientation, national origin, age, disability, genetic status, citizenship status, marital status, military or veteran status, current unemployment or any other legally protected category in accordance with applicable federal, state and local law.
Information and Cyber security is a primary area of focus for IDB Bank. This position reports to the Bank’s Chief Information Security Officer (CISO) and is a key member of the CISO’s team. This position is stationed in New York City supporting the Bank’s Information and Cyber security programs serving our domestic and international locations.
The purpose of this position is to lead the various cyber security activities to enhance the overall security posture of the bank, specifically focusing on the Penetration testing & Incident response plan & Threat Intelligence Management. The candidate will maintain the highest ethical standards and adherence to established rules of engagement.
- Act as Subject matter expert to define cyber threat landscape, cyber intrusion threat vectors, identify vulnerabilities , exploitation & suggest remediation
- Preform the security penetration tests for applications and IT infrastructure; defining scope, coordinating attacks, executing tests and reporting findings, following an established methodology in accordance with defined processes.
- Develop & manage the test environment, tools, scripts & programs for automated penetration testing.
- Develop Threat Hunting function that leverages threat intelligence and Indicators of Compromise (IOCs) to detect threats, identify security gaps and improve SOC operations.
- Track metrics and trend analysis on discovered attacks, vulnerabilities, and mitigations.
- Proactively research emerging cyber threats. Apply analytical understanding of hacker methodologies and tactics, system vulnerabilities and key indicators of attacks and exploits.
- Perform network traffic analysis utilizing raw packet data, net flow, IDS, and custom sensor output as it pertains to the cyber security of communications networks.
- Utilize understanding of attack signatures, tactics, techniques and procedures associated with advanced threats.
- Lead the Incident response plan for the Bank by guiding first line of defense to perform technical analysis & forensic investigation and coordinate the plan with other business key stakeholders.
- Prepare custom dashboard, alerts, searches and log parsing in SIEM to improve visibility on security threats
- Preform day to day monitoring of security tools & fine tune them as needed
- Develop and manage threat intelligence focused area through designing of push indicators, threat model frameworks (e.g. Kill Chain, Mitre Att&ck, Stride, etc.), threat intelligence platform, reporting and KRIs, etc.
- Coordinate with SOC in aligning the threat management, incident response and any cyber defense tactical and technical matters.
- Bachelor’s degree in Computer Science or related discipline or equivalent work experience
- Minimum 5 years in Information and Cybersecurity experience
- Security certifications required such as CEH, OSCP, GPEN, CISSP or any relevant pen testing / vulnerability management tool certification
- Highly motivated, energetic, detail-oriented with ability to multi-task effectively
- Ability to complete projects and perform daily tasks with minimal supervision
- Excellent oral, written, and presentation skills
- Ability to set and meet deadlines
- Strong interpersonal skills
- Expert in penetration testing, incident response, cyber threat intelligence and cyber security
- Solid hands on experience with various tools, platform & techniques for penetration testing
- Experience with Kali Linux, Metasploit, PhP, Python & PowerShell
- Experience with incident management & technical analysis
- Solid understanding of cyber security threats, defenses, motivations and techniques
- Security monitoring tools (SIEM, auditing and log collection tools, network IDS/IPS, malware detection)
- Data analysis including normalization and anomaly recognition
- Networking technologies (TCP/IP/etc.) and protocols (SSL, SSH, LDAP, SMTP, DNS, etc.)
- Unix, Linux, and Windows Operating Systems and Microsoft Active Directory
The above statements are intended to describe the general nature and level of work being performed by people assigned to this classification. They are not to be construed as an exhaustive list of all responsibilities, duties, and skills required of personnel so classified. All personnel may be required to perform duties outside of their normal responsibilities from time to time, as needed.
All your information will be kept confidential according to EEO guidelines.