Regions Bank Vulnerability Management Lead in Hoover, Alabama
Thank you for your interest in a career at Regions. At Regions, we believe associates deserve more than just a job. We believe in offering performance-driven individuals a place where they can build a career --- a place to expect more opportunities. If you are focused on results, dedicated to quality, strength and integrity, and possess the drive to succeed, then we are your employer of choice.
Regions is dedicated to taking appropriate steps to safeguard and protect private and personally identifiable information you submit. The information that you submit will be collected and reviewed by associates, consultants, and vendors of Regions in order to evaluate your qualifications and experience for job opportunities and will not be used for marketing purposes, sold, or shared outside of Regions unless required by law. Such information will be stored for a set period of time. You may review, modify, or update your information by visiting and logging into the careers section of the system.
At Regions, the Data Security Analyst resolves moderately complex issues regarding information systems security, including access control administration and violation analysis.
•Collects and compiles historical data on system access and generates reports and analyses
•Performs all procedures asked to ensure the safety of Information Security Assets and to protect systems from intentional or inadvertent access or destruction
•Takes preventative measures to proactively identify and prevent potential problems
•Performs problem determination and resolution
This position is exempt from timekeeping requirements under the Fair Labor Standards act and is not eligible for overtime pay.
•High school diploma or GED and nine years related work experience
•Bachelors degree in Computer Science or Management Information Systems (MIS) and seven years related work experience
•Good understanding of applicable systems
•Excellent organizational skills
•Ability to multi-task
•Demonstrated problem-solving skills
•Excellent customer service and interpersonal skills
One or more of the following certifications/licensures/registrations are desired:
Certified Information Systems Security Professional (CISSP), Security+, Microsoft Certified Systems Administrator (MCSA) and/or GIAC Certified Unix (GCUX).
Additional Job Description:
Lead team of Information Security engineers responsible for Vulnerability Scanning, Penetration Testing, and Application Security
Assess, streamline, or develop comprehensive Vulnerability Management and Application Security programs
Conduct vulnerability assessment and penetration testing against a wide array of technologies and platforms
Prior experience in leading and developing Secure Software Development Lifecycle (SSDLC)
Understanding and leading deployment of static and dynamic code scanning practices
Understanding and experience deploying and using technologies such as Nexpose, Tenable, Fortify on Demand, Veracode, Burp, WebInspect and other penetration testing tools
Understand, review, and interpret vulnerability assessment and scanning results, reduce false positive findings, and act as security advisor to business unit partners.
Create detailed risk assessment reports which explain identified technical and logical security findings, describe potential business risks, and present prioritized recommendations.
Contribute to the ongoing enhancement of the company’s security assessment capabilities through the development and implementation of improved methodology, processes, infrastructure, tools, and deliverables.
Collaborate and share knowledge with team members via formal and informal methods on a regular basis.
Strong technical skills related to at least one of the following areas: information security, network security, Windows security, UNIX/Linux security, and web application security.
Knowledge of system and/or web application vulnerabilities and risk assessment methodologies such as Common Vulnerability Scoring System (CVSS) or OWASP Risk Rating Methodology.
Familiarity with automated tools used to find system and web application vulnerabilities such as Nmap, Nexpose, Nessus, WebInspect, or Fortify.
Certified Ethical Hacker (CEH), GIAC Web Application Penetration Tester (GWAPT), GIAC Penetration Tester (GPEN), Offensive Security Certified professional (OSCP), or other related security certifications
Scripting with python, ruby, PowerShell, bash, or similar languages
An understanding of mapping and scanning applications and systems, including port scanning, identifying services and configurations, spidering, application flow charting, and session analysis.
At Regions, our culture focuses on five core values that are a commitment to how we will do business:
Put people first
Do what is right
Focus on your customer
Through these values, our mission to make life better drives our desire to improve and make a positive difference in the communities where we work and live through financial investments and volunteering.