Cyber Incident Response Engineer

Zions Bancorporations Enterprise Technology and Operations (ETO) team is transforming what it means to work for a financial institution. With a commitment to technology and innovation we have been providing our community clients and colleagues the best experience possible for over 150 years. Help us transform our workforce of the future today.

We are currently seeking aCyber Incident Response Engineeras part of our Enterprise Information Security department. Enterprise Information Security (EIS) is integrated within the Enterprise Technology and Operations division (1100 technical people) at Zions Bancorporation. EIS is responsible for enabling secure innovation and business growth for 10000 employees across 11 states. EIS is undergoing rapid growth and we are focused on creating a relevant program that will enable our organizations long-term success. What is great about our department is that we laugh with each other have Executive and Board level visibility and support for our work and are driving highly visible enterprise-wide initiatives. We are focused on creating business value and are seeking like-minded professionals to join our team!

The Cyber Incident Response Engineer will join our CSOC Team. The Cybersecurity Operations Center (CSOC) team is the cyber front line at Zions Bancorporation. If you want to work on a team where your input matters you get to collaborate with sharp colleagues with whom you will grow where your work is truly valued and you make a real difference then you will be in good company.

As a Cyber Incident Response Engineer you will play a key role in defending the enterprise from malicious actors. The work you do has real impact customer-wide and enterprise-wide and it is truly valued by both.

The Cyber Incident Response Engineer will:

Function as key contributor in the CSOCs growth and evolution actively improving our cyber incident response capabilities

Respond to cybersecurity incidents

Applyknowledge in multiple cybersecurity tools and processes such as SIEM IDS EDR DLP WAF and similar

Develop and implement monitoring use cases cyber incident response procedures playbooks and other technical documentation

Collaborate with Enterprise Cybersecurity Architecture and technology teams in monitoring and alerting infrastructure processes and tools

Participate in the on-call rotation so we can maintain 24/7 coverage in responding to alerts and possible threats

Other duties as assigned

Requirements:

Hands-on technical experience with one or more commercial SIEM products such as Splunk (preferred) IBM QRadar LogRhythm ArcSight NetWitness etc. which should include familiarity with defining and writing alert conditions/use cases in addition to daily use for investigating incidents

Experience producing technical documentation standard operating procedures and incident response playbooks

Technical knowledge in networking Windows administration Linux administration common attack techniques and preventions

Working knowledge of common attack vectors different classes of attacks (e.g. passive active insider close-in distributed etc.) and general attack stages (e.g. foot printing and scanning enumeration gaining access escalation or privileges maintaining access network exploitation covering tracks etc.)

Knowledge of system administration concepts for UNIX/Linux and Windows operating systems

Working knowledge of common digital forensics techniques such as chain of custody and operating system investigation strongly preferred

Foundational knowledge of networking such as packet capture analysis and routing and switching

Understanding of common social engineering techniques such as phishing and sim swapping

Development experience with scripting languages such as R HIVE Python JavaScript etc. is a plus

Experience with any Endpoint Detection and Response platform is a plus

Relevant technical certifications are a plus (ex: SANS ISC2)

4years experience in Security Operations Incident Response Security Architecture supporting Information Security infrastructure or a combination of the two or other directly related experience

A combination of education and experience may meet qualifications

Experience working in a regulated industry (financial services healthcare insurance etc.) is a plus

Work Location:

This position has a hybrid work from home schedule with a minimum of three days per week in the office at the new Zions Technology Center in Midvale UT.

The Zions Technology Center is a 400000-square-foot technology campus in Midvale Utah. Located on the former Sharon Steel Mill superfund site the sustainably built campus will be the companys primary technology and operations center.This modern and environmentally friendly technology center will enable Zions to continue to compete for the best technology talent in the state while providing team members with an exceptional work environment with features such as:

• Electric vehicle charging stations and proximity to Historic Gardner Village UTA TRAX station.
• At least 75% of the building is powered by on-site renewable solar energy.
• Access to outdoor recreation parks trails shareable bikes and locker rooms.
• Large modern cafe with a healthy and diverse menu.
• Healthy indoor environment with ample natural light and fresh air.
• LEED-certified sustainable building that features include the use of low VOC-emitting construction materials.

Benefits:

• Medical Dental and Vision Insurance - START DAY ONE!
• Life and Disability Insurance Paid Parental Leave and Adoption Assistance
• Health Savings (HSA) Flexible Spending (FSA) and dependent care accounts
• Paid Training Paid Time Off (PTO) and 11 Paid Federal Holidays
• 401(k) plan with company match Profit Sharing competitive compensation in line with work experience
• Mental health benefits including coaching and therapy sessions
• Tuition Reimbursement for qualifying employees
• Employee Ambassador preferred banking products

Apply now if you have a passion for impactful outcomes enjoy working collaboratively with co-workers and want to make a difference for the clients and communities we serve.