Information Security Engineer Iii
Current• Develop and implement bank wide security awareness program centered around phishing in order to train employees on how to detect and report suspicious emails. Measure success by reducing click rate and increasing suspicious report rate utilizing suite of Cofense tools.• Implement and maintain email DMARC policy and process in order to protect the bank brand and customers• Develop detection strategies and threat analysis derived from phishing to mitigate risk• Provide subject matter expertise on phishing and email-based threats as well as reviewing future toolsets that will enhance detection and prevention capabilities with the goal of further mitigating risk• Lead junior analysts in the investigation, detection and remediation of email-based threats• Mitigate and remediate email-based threats bank wide• Lead Proofpoint email secure gateway and malware analysis refresh project• Develop and implement certificate transparency program• Establish DNS Governance Committee to oversee and secure DNS environment• Develop and implement external domain procurement and protection• Conduct Information Security Risk Assessments based on SANS Top 20 Security Controls for mergers andacquisitions and advise senior leadership best way to mitigate inherent risks• Gather cyber-security intelligence from a variety of internal monitors and external sources (e.g. governmentagencies, financial community, computer security community).• Proficiencies in the following security technologies/tools: McAfee Web-Proxy, Axway, Proofpoint mail gatewayand TAP, FireEye, VMRay Anti-Malware detection, PhishLabs Malicious Web Site reporting/take-down, Cofense,Demisto SOAR platform, Agari Brand Protection, Splunk ES• In-depth knowledge of systems administration and systems analysis procedures.• In-depth knowledge of risk management standards, procedures and practices.• Strong communication skills, written and oral to communicate effectively with technical and non-technical audiences.