Fifth Third Bank Principal Cyber Threat Analyst in CINCINNATI, Ohio


Fifth Third Bank is one of the top-performing banks in the country, with a heritage that spans more than 150 years. We've staked our claim on looking at things differently to making banking a Fifth Third Better. This applies to our relationships with customers and employees alike.

We employ about 18,000 people, and what we offer is:

# A chance for employees to build their future, with supportive career development and financial wellness programs.

# An environment where we win together. We celebrate achievement and work collaboratively. We're also a three-time Gallup Great Workplace honoree.

# An invitation to impact lives in a positive and lasting way. Everything we do is geared toward improving lives. That's fun and exciting.

It comes down to the fact that Fifth Third is a warm and caring place to with which to grow # as a customer or as a team member.

Information Technology's vision is to be recognized as an industry-leading services company by efficiently delivering solutions and services our customers can rely on. We strive to create a business-focused team that drives significant value for the Company while building customer-centric service delivery models through the integration of technologies, data, and processes. Our customers' trust is earned through the effective delivery of resilient, secure products and services while balancing business needs with industry and regulatory requirements.

Fifth Third Information Technology is comprised of several areas including: Commercial IT, Consumer IT, Payments IT, Infrastructure IT, Enterprise and Corporate Applications as well as IT Security and Risk.


As a member or the Fifth Third Information Security Cyber Intelligence team, this role is responsible for assisting in the evaluation and development of systems security across the enterprise with an emphasis on detecting, responding andpreventingcyberincidents. Reviews threat data from various sources and performs cyber intelligence gathering and in-depth analysis of various threats. Actively monitors, analyzes and correlates network traffic utilizing the latest in securitytechnology,evaluatessecurity incidents, performs research and provides in-depth incident analysis. Position requires scheduling flexibility to address work assignments, which includes regular scheduled on-call, unscheduled on-call support in the eventof systemproblems.

Responsible and accountable for risk by openly exchanging ideas and opinions, elevating concerns, and personally following policies and procedures as defined. Accountable for always doing the right thing for customers and colleagues, and ensures thatactions and behaviors drive a positive customer experience. While operating within the Bank's risk appetite, achieves results by consistently identifying, assessing, managing, monitoring, and reporting risks of all types.


. Serves as an Information Security Subject Matter Expert (SME) by maintaining knowledge of industry recognized security technologies and concepts; actively engages and assists lines of business to understand their needs and developsecurebusinesssolutions.

. Remains knowledgeable of changes in security technology, industry practices, and state and federal regulatory requirements; provides technical assistance to IT staff in the detection and resolution of security problems.

. Monitors security advisory groups to ensure security updates, patches and preventive measures are in place.

. Monitors, analyzes, and interprets system logs for events and incidents reflective of unauthorized access or operational irregularities and escalates for action as appropriate.

. Participates in risk assessment activities and assists in analyzing the output of audits to produce recommendations of acceptable risk.

. Promotes activities to foster information security awareness throughout the organization.

. Ensures compliance with policies and procedures for change management.

. Creates policies, procedures, standards, and guidelines used to secure assets against unauthorized or accidental modification, destruction, or disclosure.

. Responds to incidents to prevent additional loss and to obtain and preserve forensic evidence.

. Administers security related processes and tools; screens and verifies updates are made to required systems.

. Research, evaluate and recommend information security related applications, hardware, and software.

. Coordinates efforts to assure compliance with security patch application and virus protection policies.

. Acts as a liaison to product groups and assists them in the implementation of security technologies and applications security.

. Intermediate professional level role.

. Develops security solutions for medium to highly complex assignments.

. Works on multiple projects as a team member and lead systems-related security components.

. Performs other duties as assigned.



. Candidate must possess a BA or BS degree in Computer Science, Security Studies, Intelligence Studies, Cyber Security, Information Management or related field with 7 to 10+ years of experience in the following:

o Knowledge of current hacking techniques, vulnerability disclosures, data breach incidents, and security analysis techniques.

o Knowledge of malware families, botnets, threats by sector, and various attack campaigns and attacker methods, tools/techniques/practices.

o Working knowledge in one or more of the following topics: Third Party Risks/Threats, Cyber Espionage, Hacktivism, Distributed Denial of Service Attacks, Malware, Mobile or Emerging Threats, Social Engineering, Insider Threats, andAdvancedPersistentThreats (APTs).

. Preferred CISSP, GIAC, or CISM certification.

. Experience with common host and network security protocols and tools.

. Common security controls is required including; authentication, encryption, IPS, input validation, WAFs,firewalls, HIPS, etc.

. Malware analysis and reverse engineering # memory analysis a plus.

. Proficient in both Linux and Windows operating systems.

. Understanding of application protocols.

. Demonstrates strong competence with issues relating to IPS management, network architecture as it pertains to intrusion detection, and event correlation and management.

. Fluent in at least one of the following: Python, Ruby, Power Shell, C#, Bash, Perl, C++.

. Experience with packet capture and network traffic analysis.

. 3+ years of experience in intrusion analysis for large-scale enterprise environment.

. Experience with STIX, TAXI, OpenIOC, and other threat intelligence schemas.

. Experience collecting, processing, and analyzing open source intelligence.

. Strong written and verbal communication skills.

. Knowledge of information security frameworks and governance standards; NIST, ISO/IEC 17799:2005 and 27001.

. Knowledge of audit frameworks such as COSO and COBIT.

. Knowledge of regulatory compliance standards. (PCI, GLBA, HIPAA, SOX, and SAS70).

. Ability to lead projects or small teams.

Fifth Third Bank is proud to have an engaged and inclusive culture and to promote and ensure equal employment opportunity in all employment decisions regardless of race, color, gender, national origin, religion, age, disability, sexual orientation, gender identity, military status, veteran status or any other legally protected status.