Regions Bank Risk Cybersecurity Vulnerability Analyst in Hoover, Alabama
Thank you for your interest in a career at Regions. At Regions, we believe associates deserve more than just a job. We believe in offering performance-driven individuals a place where they can build a career --- a place to expect more opportunities. If you are focused on results, dedicated to quality, strength and integrity, and possess the drive to succeed, then we are your employer of choice.
Regions is dedicated to taking appropriate steps to safeguard and protect private and personally identifiable information you submit. The information that you submit will be collected and reviewed by associates, consultants, and vendors of Regions in order to evaluate your qualifications and experience for job opportunities and will not be used for marketing purposes, sold, or shared outside of Regions unless required by law. Such information will be stored for a set period of time. You may review, modify, or update your information by visiting and logging into the careers section of the system.
At Regions, the Risk Cybersecurity Vulnerability Analyst is part of the second line of defense within risk management and is responsible for planning, coordinating, and performing penetration testing, purple/red teaming engagements, and vulnerability assessments within a team environment. This position bridges the gap between vulnerability discovery, testing, and blue team defensive efforts. This position conducts formal tests on web-based and traditional applications, networks and infrastructure, mobile, and other information systems throughout the enterprise. This position will interface with business units to assess technology initiatives, identify potential risks, and recommend improvements.
Conducts initial penetration test scoping with business unit stakeholders
Leads and coordinates penetration testing and external red teaming of networks, systems, and applications within agreed scope and rules of engagement
Leads regular meetings with business unit stakeholders to assess remediation efforts
Leads security reviews of application designs, source code, and deployments
Delivers technical reports to bank leaders and executives
Maintains knowledge with current and emerging technologies and advancements that enhance cyber security capabilities
Coordinates closely with 1st line teams to enhance risk identification, assessment, and monitoring to ensure they are within specified risk appetites
Develops and delivers cyber security and digital risk presentations and education sessions (brown bags, formal) to various Risk Management groups and teams and other stakeholders around relevant and timely information security and digital risk topics of interest
This position is exempt from timekeeping requirements under the Fair Labor Standards act and is not eligible for overtime pay.
Bachelor’s degree in technical discipline
Five (5) years of experience in penetration testing and vulnerability analysis, or related cybersecurity practices/methodologies.
One or more of the following certifications (or the ability to acquire within 12 months of hire):
Skills and Competencies
Strong technical ability in current application and infrastructure testing methodologies
Strong technical ability in both manual and automated approaches to penetration testing
Knowledge of threat modeling methodologies
Experience with assessment tools, such as scanners, administrative utilities, local proxies, debuggers, fuzzers, etc.
Strong understanding of security concepts for both Windows and Unix related operating systems
Ability to work independently without daily direction
Comfortable with frequent interactions with bank executives and critical 1st and 3rd line stakeholders
Solid understanding of OWASP and other software security best practices
Knowledge of application reverse engineering techniques and procedures
Demonstrable experience with finding vulnerabilities and exploiting them within a realistic application environment
Strong technical ability in security related architecture design and assessment
Experience working through entire System Development Lifecycle (SDLC); DevOps/Agile experience strongly preferred
At Regions, our culture focuses on five core values that are a commitment to how we will do business:
Put people first
Do what is right
Focus on your customer
Through these values, our mission to make life better drives our desire to improve and make a positive difference in the communities where we work and live through financial investments and volunteering.