• Oversee Security Operations work carried out cross functionally by first line control owners.
• Analyzes a variety of network and host-based security logs (Firewalls, NIDS, HIDS, Syslog) and guide remediation of gaps.
• Administers, monitors, and guides troubleshooting antivirus activities, and email gateway issues.
• Assists with security-related software and firmware (e.g., endpoint, vulnerability scanners, firewalls, IPS/IDS, DNS, proxy) to maintain security and service continuity.
• Assist with the resolution of security-related infrastructure.
• Participate in security incident response through in-depth, technical (log, forensic, malware, packet) analysis.
• Provide oversight of security alert detection and analysis capabilities across multiple technologies to ensure that security incidents are identified in a timely manner.
• Escalate and support potential security incidents in line with appropriate processes.
• Support communications of potential security incidents via multiple channels.
• Participate in the response to potential security incidents by identifying and communicating relevant supplementary information.
• Identify and analyze new and emerging threats to determine impacts to the Bank and provide guidelines and recommendations pertaining to opportunities to strengthen the Bank’s security landscape across the defense layers.
• Process Information Security due diligence requests and ensure compliance to policies, procedures, and regulations both internally and for third parties.
• Evaluate and recommend improvements to the company’s information systems control environment, risk management and Information Security audit processes to reduce duplicate audit requests in addition to minimizing Process Owner dependency to obtain control evidence.
• Create and maintain dynamic dashboards and/or scorecard for visibility of Information Security Governance activities.
• Provide security recommendations to other team members, management, and business stakeholders for solutions, enhancements to existing systems, and new security tools to help mitigate security vulnerabilities and automate repeatable tasks.
• Maintain up-to-date detailed knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors.
• Assess system configurations of company solutions as per the established baselines, for those security systems solutions that are partially or wholly operated by the InfoSec team.
• Identify security requirements, based upon need or as the result of a security issue that puts organizations systems at risk.
• Participate in the monitoring all in-place security solutions for efficient and appropriate operations.
• Aid in the design and execution of vulnerability assessments, penetration tests and security audits.
• Participate in the identification of security breaches detected by security systems, and in the tracking, investigation, and resolution of these incidents.
• Performs other related duties as assigned by management.

Required Qualifications

• A degree in Information Technology/Computer Information Systems or related field is required.
• Minimum eight years of experience supporting Information Security Operations, Threat Intelligence, and Security Incident Response.
• Expert in detecting policy violations or security incidents using log management platforms and SIEM.
• Expert in working with threat prevention and intrusion detection systems.
• Well-rounded host and network security expertise.
• Ability to script and automate repetitious tasks.
• Experience with identity management platforms and protocols like SAML and OAuth to REST.
• Security subject matter knowledge and experience in anti-virus, anti-SPAM, intrusion detection, encryption, and general security policy.
• Proven experience in proactively identifying potential Information Security controls risks, issues, and opportunities through analytical thinking and offering sustainable recommendations that address root cause rather than symptoms.
• Strong understanding of security and control frameworks, such as FFIEC, NIST, COBIT, ITIL, ISO, SANS control framework. Framework, 800-53, NIST CSF. CIS Top 20, FFIEC Cybersecurity Assessment tool), GLBA preferred.
• High level of personal integrity, and the ability to professionally handle confidential matters while exuding appropriate level of judgment and maturity.
• Ability to blend exceptional attention to detail with an ability to retain strategic direction within a rapidly evolving entrepreneurial business culture. Ability to conduct research into security issues and products as required.
• Strong team player yet self-motivated and able to make progress independently.
• Highly organized with proven analytical and problem-solving abilities with ability to effectively prioritize and execute tasks in a high-pressure environment.
• Must be professional, comfortable speaking with external and internal contacts with a demonstrated ability to effectively tailor the message appropriately to the audience and situation.
• Demonstrated ability to convey thoughts and ideas effectively and succinctly via written formats, including emails, letters, and electronic platforms. Maintain professional standards relating to spelling and grammar.
• Maintain good working relationships with internal partners by exhibiting exemplary interpersonal skills, adopting a constructive, solutions-focused approach.
• Use sound professional judgment to balance the interests of the organization and customer, understanding and using available resources to mitigate risks.
• High proficiency with Microsoft 365 products and applications, including the ability to effectively prepare or review documents, procedures, and reports.
• Experience with administration and architecture for one or more infrastructure technologies (networking, Windows OS, Linux OS, Active Directory, PKI, etc.) required.

Preferred Qualifications

• SANS, IA, GIAC, SSL, DHCP, DNS, SSCP, CISSP, CISA, CISM, CEH, Security+ and / or similar certifications is a plus.
• Experience working in a highly regulated industry (financial services or health care) desired. Familiarity with software development process and practice and banking technologies and applications a plus.
• Working technical knowledge of several of the infrastructure technologies preferred (such as Active Directory, Server 2016 & 2019, Azure, 0365, and various AV products, Vulnerability Management).
• In-depth technical knowledge of and experience with one or more common security products and toolset (firewalls; intrusion prevention systems; web-security content management; authentication services; SEIM; etc. required).
• Working technical knowledge of wider a cross-section of the common security products and toolsets.
• Demonstrated ability to learn new systems and applications, as well as the ability to understand, adapt and adjust responsibilities/workflows because of system upgrades.

• Occasional travel to other First American Bank locations, Bank functions and training facilities may be required.
• This position is remote but does require occasional travel to various locations throughout the Bank's market.
• Typical hours are Monday through Friday 8:00 a.m. to 5:00 p.m. Additional hours may be required depending upon business need.
• Punctuality is required to maintain First American Bank’s customer service standards.