Cyber Security Analyst, Red Team - Remote Within Footprint

Associated Bank is an equal opportunity employer committed to creating a diverse workforce. We support a work environment where colleagues are respected and given the opportunity to perform to their fullest potential. We consider all qualified applicants without regard to race, religion, color, sex, national origin, age, sexual orientation, gender identity, disability or veteran status, among other factors. Applicants with a disability who need assistance applying for a position with Associated Bank are asked to email: careers@associatedbank.com.

The Cyber Security Analyst utilizes their business acumen and strong information security technical experience to partner and ensure a secure information environment for the business. This role is responsible for continuously protecting our critical information assets and brand name, assuring compliance with corporate and regulatory policies/standards & industry best practices, while simplifying, enhancing and enabling business initiatives. Incumbents are considered to be a SME (Subject Matter Expert) in one or more of the information security disciplines. The Cyber Security Analyst also provides mentorship in multiple roles within the Cyber Defense Center. The role requires the ability to work collaboratively in a team environment. Additionally the role must operate in full compliance with internal policies and procedures as well as applicable regulations and laws, including but not limited to Section 501b of the Gramm Leach Bliley Act requirements. The role is responsible to report any procedure or process that doesn't meet regulatory requirements, whether suspected or confirmed, to management. Internal processes and procedures.

Job Accountabilities

• Work as part of the Associated Bank Security Operations Center
• Oversee the organization's vulnerability management program and oversee the running of both network and application vulnerability scanning
• Work with technical teams to ensure that findings from security assessments and internal scans are properly distributed to the correct teams; work with these teams to develop strategies to address these vulnerabilities
• Provide security related on-call emergency support, which is defined by the team's operational procedures.
• Participate as a member of the Security Incident Response Team, acting as a security first responder.
• Stay current with information security trends and provide intelligence in the areas of intrusion techniques, social engineering, technology, and security specific solutions.
• Advise management on applicable trends and recommended solutions.
• Serve as subject matter expert (SME) for designated information security controls.
• Pro-actively use intelligence information to develop, design, communicate and implement countermeasures and assess the criticality of countermeasures.
• Assist in the development and continual enhancement of our Information Security program, used to maintain security of our Information Systems.
• Develop and maintain the documentation for Information Security Policies, procedures, and Standards.
• Prepare reports and metrics supporting the Cyber Defense Center processes. The ideal candidate will maintain the Red Team and Vulnerability programs and continue to enhance and automate these programs.
• Mentor other team members

Associated Bank is looking for a candidate who is passionate about offensive security. The ideal candidate will have the following:

• Strong background in web application, wireless, mobile, cloud, and network-based penetration testing
• Experience with product testing, red and purple team assessments, and control testing
• Extensive experience with current security testing tools such as Cobalt Strike, Kali, Burp Proxy, Metasploit, Linux, etc.
• Experience with scripting languages like PowerShell and Python
• Experience evaluating new threats and providing recommendations regarding the best way to handle these threats based upon the organization's exposure to these threats
• Familiarity with testing frameworks like OWASP Web Testing Framework, PTES, MITRE ATT&CK framework, and the Cyber Kill Chain.

We can hire candidates located within the Associated Bank footprint. This includes the states of Arizona, Connecticut, Florida, Iowa, Illinois, Indiana, Maine, Massachusetts, Michigan, Minnesota, Missouri, New Jersey, New York, Ohio, Pennsylvania, Rhode Island, Texas, and Wisconsin.

Education

• Associate's Degree Computer information systems or relevant Required

Experience

• Five or more years of experience in information security, preferably focused on vulnerability management and penetration testing Required
• Seven or more years of information technology experience with an emphasis on infrastructure Preferred
• Two or more years of banking or relevant financial industry experience Preferred

Licenses and Certifications

• CEH/CISSP/CISM/CISA/OSCP/GIAC (GPEN, GWAPT) or similar certifications by start date Preferred

Compliance Statement
Fully complies with all applicable enterprise policies and procedures. Acts in compliance with all applicable laws and regulations as outlined in training materials, including but not limited to Bank Secrecy Act. Responsible for reporting suspicious activity to Financial Intelligence. Responsible to report all customer complaints as prescribed and procedure violations to management or HR. Responsible to report ethical concerns as needed to Associated's anonymous Ethics Hotline.

Associated Bank is committed to working diligently with any colleague who needs an accommodation perform the essential functions of the job. Please contact the Leaves & Accommodations office to request an accommodation.