U.S. Bank Principal Information Security Engineer - Remote in St. Paul, Minnesota
At U.S. Bank, we're passionate about helping customers and the communities where we live and work. The fifth-largest bank in the United States, we’re one of the country's most respected, innovative and successful financial institutions. U.S. Bank is an equal opportunity employer committed to creating a diverse workforce. We consider all qualified applicants without regard to race, religion, color, sex, national origin, age, sexual orientation, gender identity, disability or veteran status, among other factors.
Job DescriptionAs a Principal Information Security Engineer, this candidate will be responsible for supporting the overall Vulnerability and Compliance Management program. These activities provide the foundational structure for U.S. Bank with regards to organizational security, overall attack surface reduction, as well as compliance aligned with CIS benchmarks.
Primary Functions As part of an established team, this candidate will take a leadership role in providing vulnerability/compliance assessment and reporting to stakeholders and upper levels of management. The candidate will be expected to adhere to processes and procedures as they relate to US Bank and its subsidiaries, as well as provide support for any-and-all regulatory requirements. In addition, this candidate will need to interface and communicate with various security and non-security groups within the bank; the ability to communicate in both technical and non-technical methods will be critical. This candidate will also manage small- and medium-scale projects, including (but not limited to) acquisition integration, rapid reaction to high-criticality events requiring quick turnaround, and vulnerability maturity/continuous improvement initiatives.
Overall Responsibilities Performs the daily operation and execution of security-related tools, processes and controls related to cyber defense initiatives. This includes the develop and dissemination of BAU reporting, as well as ad hoc reporting due to criticality.
Helps coordinate and drive remediation of identified risks and control deficiencies through regular, ongoing communication with stakeholders.
Looks for ways to optimize security processes and recommend opportunities and solutions for improvement and automation.
Serves as technical and function subject matter expert across multiple security domain areas, raising awareness and communicating security risks within the company.
Supports and participates in incident response, zero-day vulnerability assessments and technical investigations as needed.
Ensures adherence to compliance regulations and policies.
Other duties as required.
Basic Qualifications Bachelor's degree in Engineering or Science, or equivalent work experience
Eight or more year of experience in information security
Two or more years of experience in IT infrastructure management, application architecture, risk management, data architecture, middleware technology, and IT operations and project management
Required Experience Experience using one (or more) of the following cloud service providers within the context of compliance: AWS, GCP, Azure
Strong experience within the realm of compliance (including assessment and reporting) using frameworks such as CIS benchmarks, ISO 27001, NIST CSF, etc.
Preferred Skills/Experience Additional consideration given to candidates with specific experience in using and developing reporting/solutioning using AWS Security Hub and/or GCP Command Center.
Additional consideration given to candidates with specific experience in using the ServiceNow Vulnerability Reporting and/or Continuous Controls Monitoring module(s)
One (or more) of the following professional certifications: AWS Certified Solutions Architect - Associate
Microsoft Certified: Azure Security Engineer Associate
Microsoft Certified: Security Operations Analyst Associate
GCP Associate Cloud Engineer
GCP Professional Cloud Security Engineer
Experience using the ServiceNow SaaS platform, including the development of custom reporting.
Experience using/assessing the Tenable.io/Tenable.sc vulnerability scanning solution.
Experience specifically with Mergers & Acquisitions, particularly in the arena of solutions/technology integration and support.
Extensive knowledge of IT environment including service-oriented and IT architecture, industry trends and direction, system and technology integration, network and internet security, information assurance, computer crime, and IT standards, procedures and policies, and emerging technologies.
Working knowledge of IT audit and control, governance, asset management, change control, training delivery, and technical writing/documentation.
Extensive knowledge of information security technologies and administration.
Ability to work cooperatively and professionally with co-workers, cross-functional teams, customers and management.
Strong verbal and written communication skills.
Benefits: Take care of yourself and your family with U.S. Bank employee benefits. We know that healthy employees are happy employees, and we believe that work/life balance should be easy to achieve. That's why we share the cost of benefits and offer a variety of programs, resources and support you need to bring your full self to work and stay present and committed to the people who matter most - your family.
Learn all about U.S. Bank employee benefits, including tuition reimbursement, retirement plans and more, by visiting usbank.com/careers.
EEO is the Law Applicants can learn more about the company’s status as an equal opportunity employer by viewing the federal EEO is the Law poster.
E-Verify U.S. Bank participates in the U.S. Department of Homeland Security E-Verify program in all facilities located in the United States and certain U.S. territories. The E-Verify program is an Internet-based employment eligibility verification system operated by the U.S. Citizenship and Immigration Services. Learn more about the E-Verify program.
U.S. Bank is an equal opportunity employer committed to creating a diverse workforce. We consider all qualified applicants without regard to race, religion, color, sex, national origin, age, sexual orientation, gender identity, disability or veteran status, among other factors.