IS Investigator Assessment Specialist @ Bank of Hope - Los Angeles, CA

IS Investigator Assessment Specialist

Position Information
Job Title: IS Investigator / Assessment Specialist
Department: Information Security
FLSA Status: Exempt
Reports to: Information Security Compliance Manager
Full/Part Time Status: Full-Time
Work Location: Los Angeles, CA
Travel Requirement: 0-10%

Education & Experience

Minimum Education Level: Bachelor's Degree
Minimum Years of Experience: 6-10 years
Combination of Experience and Education can meet the job requirements: Yes
Certifications: 1 or more of the following: Certified Forensic Computer Examiner (CFCE) certification, Certified Ethical Hacker (CEH); Certified Information Systems Security Professional (CISSP); Certified Security Analyst (CSA); or Licensed Penetration Tester (LPT)

Language Requirement

English: Written: Advanced Verbal: Fluent
Korean: Written: N/A Verbal: N/A

Computer/Systems Knowledge Requirements

Microsoft Outlook: Advanced
Microsoft Word: Advanced
Microsoft Excel: Advanced
Microsoft PowerPoint: Advanced
Microsoft Access: Advanced
Q-Radar / SIEM products: Intermediate
Palo Alto / NGFW Products: Intermediate
Windows administration servers / workstations: Intermediate
FTK: Advanced
Python: Advanced
Windows Desktop and Server: Expert
Linux: Advanced
Volatility/Windows Scope

You will operate as a lead incident responder as part of the organization's Red Team Assessment and Counter-Threat department under the Chief Information Security Officer. You will be one of the most technical resources on the information security team, provided broad technical leadership around information security practices, incident response procedures, and security assessment protocols.

You will help the CISO build out the investigation and assessment component of information security, moving the bank into a fully adaptive security mentality. You will be the Hunter for potential breaches and compromises, vulnerabilities, and risk. You will work with your peers in the information security and information technology department to implement security detection, protection, and response capabilities.

The Daily

  • First responder to investigate escalated security events
  • While not responding, manage and conduct security and risk assessments within the bank environment
  • For all incidents requiring investigation, act as the incident commander and/or lead investigator
  • Coordinate activities of incident response team during a security incident.
  • Responsible for incident planning, coordination, and response activities for all of Bank of Hope
  • Ensure incident identification, declaration, analysis, containment, recovery, communication, reporting, and lessons learned
  • Resident SME for all host forensic activities, including host analysis and memory forensics
  • Resident expert for all network forensic activities, including network anomaly detection and PCAP analysis
  • Resident expert for all cloud forensic actives
  • Resident expert on tactics, techniques and procedures utilized by threat actors to target enterprises
  • Revise and develop incident response processes to strengthen Bank of Hope's ability to effectively respond to cyber threats targeting our organization.
  • Oversee and assist with the development of new security detections to enable the Threat Operations Center (TOC/Blue Team) to detect new and emerging threats.
  • Creation and maintenance of standardized communication templates and response procedures
  • Co-ordination with stakeholders, build and maintain positive working relationships with them
  • Effectively coordinate IR activities during an investigation.
  • Expert knowledge in incident handling
  • Actively participate in the analysis of potential security threats
  • Provide leadership and support during security incidents and investigations
  • Optimize the processes to respond and investigate detected attacks
  • Responsible for the development of tabletop exercises
  • Document incident response process and procedures.

The Essentials

    • 7-10 years of technical cybersecurity experience in Incident Response, Security Operations, Threat Intelligence, etc.
    • Mastery of at least 7 of the following: SIEM, cloud environments, Host Forensics, Network Forensics, Malware Reversing, Intrusion Detection, Anomaly Detection, Threat Research
    • Expert knowledge of Windows, OSX and or *nix operating systems
    • Experience protecting large internet facing applications
    • Ability to manage multiple priorities in a high-pressure environment.
    • Expert knowledge of malware families and network attack vectors.
    • Experience analyzing malware, identifying Indicators of Compromise (IOC) and TTPs of various threat actors through the analysis of email, malware, end-point, network, etc.
    • Expert knowledge about Exploits, vulnerabilities, network attacks
    • Able to convey complicated technical analysis to senior management via investigation synopses, graphical depictions of attacks, and comprehensive presentations
    • Strong knowledge of cloud architecture and incident response.
    • Strong knowledge of web applications and APIs
    • Strong knowledge of CDNs
    • Experience performing risk analysis of threats to large organization.
    • Scripting (Perl, python, PowerShell, bash), RegEx and PCRE experience
    • Strong English verbal and written communication skills
    • Ability to multi-task and prioritize work effectively
    • Highly motivated self-starter
    • Responsive to challenging tasking
    • Attention to detail
    • Ability to document and explain technical details in a concise and understandable manner
    • Strong sense of ownership and driven to manage tasks to completion
    • Effective in collaboration with teams in remote location
    • Identify risks and vulnerabilities in IT/OT environment utilizing cyber security toolkit
    • Conduct penetration testing using various methods (black/white/gray box)
    • Develop tools and methods to test unique software that cannot be tested via traditional security tools
    • Simulate adversarial tactics and techniques to discover weaknesses
    • Draft test plans and reports to brief the team and leadership
    • Work with external organizations for a broader testing scope
  • Research tools, techniques, and trends in Operational Technology (OT), network, application, and operating system vulnerabilities
  • Assist twith remediating or mitigating vulnerabilities identified and aid the CISO in executing training and tabletop exercises for incident response.

Other Job Qualifications/Requirements

  • Required: Excellent written and oral communication skills; ability to communicate effectively and project a professional image when giving and taking information in writing, in person, and over the phone.
  • Required: Ability to respond effectively to the most sensitive inquiries or customer complaints.
  • Required: Ability to make effective and persuasive speeches and presentations on controversial or complex topics to top management, employees, regulators, or board members.
  • Required: Excellent analytical skills including the ability to define problems, collect data, establish facts, and draw conclusions.
  • Required: Ability to interpret an extensive variety of technical instructions in mathematical or diagram form and deal with several abstract and concrete variables.
  • Required: Ability to create and follow documented procedures
  • Required: Ability to maintain information security engineer by recruiting, selecting, orienting, and training employees; maintaining a safe and secure work environment; developing personal growth opportunities
  • Required: Ability to accomplish information security engineer results by communicating job expectations; planning, monitoring, and appraising job results; coaching, counseling, and disciplining employees; initiating, coordinating, and enforcing systems, policies, and procedures.
  • Required: Ability to design and implement information security policies by establishing standards and procedures; measuring results against standards; making necessary adjustments
  • Required: Ability to recommend information security strategies, policies, and procedures by evaluating organization outcomes; identifying problems; evaluating trends; anticipating requirements
  • Required: Ability to complete operational requirements by scheduling and assigning employees; following up on work results
  • Required: Contributes to team effort by accomplishing related results as needed
  • Required: Familiarity with banking industry applications
  • Required: Maintains professional and technical knowledge by attending educational workshops; reviewing professional publications; establishing personal networks; participating in professional societies
  • Required: 5-10 years of security procedures and protocols

Physical Demands

Under 10 lbs: Occasional (1% - 33% of the time)
11–20 lbs: Occasional (1% - 33% of the time)
21-50 lbs: Rarely (Less than 1 hour per week)
Under 10 lbs: Occasional (1% - 33% of the time)
11–20 lbs: Occasional (1% - 33% of the time)
21-50 lbs: Rarely (Less than 1 hour per week)
Reach over shoulder: Rarely (Less than 1 hour per week)
Reach over head: Rarely (Less than 1 hour per week)
Reach outward: Occasional (1% - 33% of the time)
Climb: Rarely (Less than 1 hour per week)
Crawl: Occasional (1% - 33% of the time)
Kneel: Occasional (1% - 33% of the time)
Squat: Occasional (1% - 33% of the time)
Sit: Constant (over 66% of the time)
Walk-Normal Surfaces: Occasional (1% - 33% of the time)
Walk-Uneven Surfaces: Rarely (Less than 1 hour per week)
Walk-Slippery Surfaces: Rarely (Less than 1 hour per week)
Stand: Occasional (1% - 33% of the time)
Bend: Occasional (1% - 33% of the time)
Automatic Trans: Rarely (Less than 1 hour per week)
Standard Trans: Rarely (Less than 1 hour per week)
Keyboard/Ten Key: Constant (over 66% of the time)
Fingering (fine dexterity): Constant (over 66% of the time)
Handling (grasping, holding): Occasional (1% - 33% of the time)
Repetitive Motion – Hands: Frequent (34% - 66% of the time)
Repetitive Motion – Feet: Rarely (Less than 1 hour per week)