Breach and Attack Simulation Engineer

at  US Bank National Association

At U.S. Bank, we’re on a journey to do our best. Helping the customers and businesses we serve to make better and smarter financial decisions and enabling the communities we support to grow and succeed. We believe it takes all of us to bring our shared ambition to life, and each person is unique in their potential. A career with U.S. Bank gives you a wide, ever-growing range of opportunities to discover what makes you thrive at every stage of your career. Try new things, learn new skills and discover what you excel at—all from Day One.

JOB DESCRIPTION

U.S. Bank is seeking a Cyber Security professional who will do the following: Implements and supports security solutions and technologies to protect data/assets from unauthorized access, use, disclosure, destruction, modification, or disruption. Provides project leadership, security oversight, and risk management on security projects. Sets security design guidelines, frameworks, and models. Works to identify new security issues and risks and is involved in developing mitigation plans. Helps identify and document security objectives. Participates in projects that develop new intellectual property. Trains/mentors members of the team. Builds relationships and trust across the organization. Evaluates and recommends new and emerging security products and technologies. Works to develop and interpret security policies and procedures. Supports acquisition and vendor risk assessment due diligence. Leads the building, deployment, and maintenance of security tools utilized by the insider threat program. Proactively seeks solutions to mitigate risk and clearly communicate risks to the appropriate stakeholders.

Basic Qualifications:

• Bachelor’s degree in engineering or science, or equivalent work experience
• Five or more year of experience in information security
• Two or more years of experience in software development, systems administration, or IT infrastructure managemen

Preferred Skills/Experience

• In-depth understanding of Windows operating systems administration
• In-depth understanding of networking or network administration
• Previous experience working in a defensive cyber security role (SOC, Detections engineering, Threat hunting, etc.)
• Previous experience conducting adversary emulation
• Previous experience using cyber intelligence analysis or threat intelligence reports
• Knowledge or application of the MITRE ATT&CK Framework
• Knowledge or experience working with or in cloud platforms (AWS, Azure, GCP)
• Working knowledge of Git workflows and best practices
• Experience with the operation of Linux distributions
• Working knowledge of Python
• Experience using infrastructure as code
• Experience using Terraform, Packer, or Ansible
• Working knowledge of information security architecture, security technologies, administration, and network and internet security
• Strong verbal and written communication skills
• Extensive knowledge of technical troubleshootin

THE ROLE OFFERS A HYBRID/FLEXIBLE SCHEDULE, WHICH MEANS THERE’S AN IN-OFFICE EXPECTATION OF 3 OR MORE DAYS PER WEEK AND THE FLEXIBILITY TO WORK OUTSIDE THE OFFICE LOCATION FOR THE OTHER DAYS AT ONE OF THE FOLLOWING LOCATIONS:

• Cincinnati, OH
• Minneapolis, MN
• Charlotte, NC
  Preferred Skills/Experience
  Performs the development, maintenance, and daily operation of security-related applications and systems to drive security related efforts in the environment. Contributes to the build-out of security assessments, conducts research on current threat techniques, and develops emulations of techniques. Looks for ways to optimize security processes and recommend opportunities and solutions for improvement and automation. Serves as technical and function subject matter expert across multiple security domain areas, raising awareness and communicating security risks within the company. Supports and participates in technical investigations and training opportunities as needed.

Basic Qualifications:

• Bachelor’s degree in engineering or science, or equivalent work experience
• Five or more year of experience in information security
• Two or more years of experience in software development, systems administration, or IT infrastructure management

Preferred Skills/Experience

• In-depth understanding of Windows operating systems administration
• In-depth understanding of networking or network administration
• Previous experience working in a defensive cyber security role (SOC, Detections engineering, Threat hunting, etc.)
• Previous experience conducting adversary emulation
• Previous experience using cyber intelligence analysis or threat intelligence reports
• Knowledge or application of the MITRE ATT&CK Framework
• Knowledge or experience working with or in cloud platforms (AWS, Azure, GCP)
• Working knowledge of Git workflows and best practices
• Experience with the operation of Linux distributions
• Working knowledge of Python
• Experience using infrastructure as code
• Experience using Terraform, Packer, or Ansible
• Working knowledge of information security architecture, security technologies, administration, and network and internet security
• Strong verbal and written communication skills
• Extensive knowledge of technical troubleshooting

If there’s anything we can do to accommodate a disability during any portion of the application or hiring process, please refer to our disability accommodations for applicants.

Our approach to benefits and total rewards considers our team members’ whole selves and what may be needed to thrive in and outside work. That’s why our benefits are designed to help you and your family boost your health, protect your financial security and give you peace of mind. Our benefits include the following (some may vary based on role, location or hours):

• Healthcare (medical, dental, vision)
• Basic term and optional term life insurance
• Short-term and long-term disability
• Pregnancy disability and parental leave
• 401(k) and employer-funded retirement plan
• Paid vacation (from two to five weeks depending on salary grade and tenure)
• Up to 11 paid holiday opportunities
• Adoption assistance
• Sick and Safe Leave accruals of one hour for every 30 worked, up to 80 hours per calendar year unless otherwise provided by la