Vice President, Attack Surface Visibility and Analysis Analyst, Global Information Security, Sydney, Australia

can build a successful career with opportunities to learn, grow, and make an impact. Join us!

Job Description:

Cyber Security Research & Analysts

Global Information Security

Role Overview

The Cyber Security Assurance, Attack Surface Research and Analysis team delivers hands on asset research on the Bank's network (attack surface) to identify, measure, and interpret the Bank's technology exposure and vulnerability exploitability. This role is responsible for high quality queries, datasets, and visualizations that leverage enterprise platforms and security data sources. The successful candidate will investigate infrastructure and vulnerability asset data to determine vulnerability risk for both technical and non-technical audiences. The successful candidate will be highly collaborative, analytical, detail oriented, ensuring insights are accurate and delivered on time.

Work as part of a team developing methods to quickly reference systems of record (SOR's), systems of origin (SOO's) and other available data stores for a comprehensive reliable and timely view of the Bank's attack surface and vulnerability exploitability potential, with the goal of enabling answers to the following three questions as quickly as possible.

• Do we have it?

• Are we vulnerable?

• Is it exploitable?

Key Responsibilities:

• Create SQL and python scripts within Qualys, Tanium and BladeLogic to query datasets, to support attack surface visibility and vulnerability analysis

• Perform hands on analysis of large scale datasets to correlate to security and vulnerabilities

• Use Python and SQL to automate data ingestion, transformation, enrichment, and quality validation (ETL)

• Develop and maintain visualizations and reports in Power BI or MS-Reporting Services (SSRS) MS-Integration Services (SSIS) that support operational teams, cyber leadership, and risk stakeholders

• Understands the Bank's Data network and architecture to work in a team to answer: Do we have it? Are we vulnerable? Is it exploitable?

• Clearly communicate findings through written analysis and live discussions, including executive-level summaries

Required Qualifications**:**

• Strong analytical, problem-solving, and conceptual thinking skills
• Self-motivated, detail-oriented, and able to manage work independently
• Strong verbal and written communication skills, with the ability to clearly explain technical findings in meetings and documentation
• SQL database and Python development experience used for automation, data processing, and integration (not statistical or ML modeling): Strong experience with SQL Server development, including: Indexes, constraints, table switching, Transaction management, error handling, and activity logging
• Experience with SQL Server Integration Services (SSIS), including: DevOps integration, C# script tasks, Packaging, deployment, and conditional workflows
• Hands-on experience with data ingestion and ETL pipelines (batch and near-real-time)
• Python development experience used for automation, data processing, and integration (not statistical or ML modeling)
• Experience with SSRS, including subscriptions, report management, Tablix, matrix, and cascading parameters
• Basic Understanding of networked infrastructure, including: Servers, switches, load balancers, and related components, basic network segmentation and exposure concepts
• Excellent research skills with the ability to: Identify relevant data sources related to enterprise technologies, understand how systems operate and are used across the firm, persistently investigate and validate findings
• Strong analytical, problem-solving, and conceptual thinking skills
• Self-motivated, detail-oriented, and able to manage work independently
• Strong verbal and written communication skills, with the ability to clearly explain technical findings in meetings and documentation