Bank of the West Jobs

Job Information

Bank of the West Cybersecurity Engineer II in Omaha, Nebraska

Cybersecurity Engineer II


At Bank of the West, our people are having a positive impact on the world. We’re investing where we feel we can make the most impact, like advancing diversity and women entrepreneurship programs, financing for more small businesses, and promoting programs for sustainable energy. From our locations across the U.S., Bank of the West is taking action to help protect the planet, improve people’s lives, and strengthen communities. We are part of BNP Paribas, a global leader supporting the UN Sustainable Development Goals (SDGs). Yes, we’re a bank, but as the bank for a changing world, we are continually seeking to improve the ways we help our customers, while contributing to more sustainable and equitable growth.

Job Description Summary

We are currently seeking a Vulnerability Management Analyst/Engineer with experience in Threat & Vulnerability Management to be located in our Omaha site. This position will report into the Americas IT Production Security Vulnerability Management team.

Essential Job Functions

  • Understands and advises on enterprise policies and technical standards with specific regard to vulnerability management and secure configuration.

  • Able to successfully partner with other security and IT infrastructure professionals to assess potential impact from vulnerabilities specific to BNP’s environment and determine appropriate mitigating controls.

  • Identify and recommend appropriate measures to manage and remediate vulnerabilities with the focus on reducing potential impacts on information resources to an acceptable level based upon BNP’s policies and standards.

  • Build strong partnerships with technical teams to promote best practices for managing vulnerabilities in an agile manner; across traditional infrastructure and in cloud environments.

  • Ability to fully understand business requirements and work with business partners to define appropriate solutions; meeting both security mandates and business needs.

  • Review and/or escalate exception requests submitted to the VM team

  • Using a risk based approach, analyze BNP’s vulnerability data against open / closed information sources to best prioritize vulnerability hygiene activities.

  • Develop and improve KPIs, metrics, and trend analysis for vulnerability management functions.

  • Assist the team to maintain appropriate documentation that defines the Threat & Vulnerability Management Program, policies, and procedures.

Other Job Duties

  • Performs other duties as assigned.


Required Experience

  • Requires advanced knowledge of job area typically obtained through advanced education combined with experience.

  • May have practical knowledge of project management.

  • Requires 5 years minimum prior relevant experience.

  • B.S. in Computer Science or equivalent field

  • CISSP, CISM or similar industry certification

  • 5 years’ experience in Vulnerability Management or related field

  • 5 years’ experience working knowledge of Information Security best practices, policies, standards, and baselines, including industry standards and guidelines from ISO 27001/27002, NIST, CIS, and OWASP

  • 5 years’ technical working experience/knowledge of operating systems, databases, web applications, mobile devices, middleware, and other computing devices/software components.


  • Expertise knowledge of the Vulnerability Management process including vulnerability identification, false negative/positives identification & elimination

  • Strong knowledge of Qualys, Rapid7, Tenable, Tanium or similar vulnerability assessment tools; including configuration and maintenance, scan execution, agent deployment and oversight

  • Basic knowledge of Security Standards/Controls specified under various IT governance and compliance models (NIST, HIPAA, PCI, GDPR, ISO 27001&27002).

  • Knowledge of technology and security topics including operating systems, network security, protocols, application security, infrastructure hardening and security baselines.

  • Reporting gaps in a meaningful way that addresses a business risk as well as providing technical solutions to the operations teams in remediation is key.

  • Experience with data analytics and visualization tools e.g. Splunk, Power BI, etc.

  • Knowledge of scripting languages

  • Excellent analytical and problem solving skills

  • Excel at prioritizing work and other demands for self and team including making risk-based decisions about remediation recommendations

  • Effective written, verbal communication skills. Ability to effectively communicate with technical and non-technical resources

  • Ability to participate in cross functional teams, including offsite, remote and offshore resources

  • Previous experience working in large-scale environments with diverse technologies

  • 1-3 years of preferred information security experience (experience in and understanding of all security domains).

  • Experience in a regulated industry highly desirable; financial services preferred.

  • Knowledge of Information Security Tool deployment and operations.

  • Knowledge of enterprise architecture.

  • Ability to design mixed-technology solutions.

  • Ability to conduct ROI and gap analysis for potential and existing products.

  • Ability to work with little guidance.

  • Strong written and verbal communication skills.

  • Solid problem solving and analytical skills.

  • Must be resourceful, creative, innovative, results driven and adaptable.

  • Cybersecurity Engineer- Forensics.

  • Responsible for and/or managing the identification, collection, and analysis of electronic data, with the goal of preserving any evidence in its most original form while performing a structured investigation that is legally defensible.

  • In concert with the banks HR, Legal, Corporate Security and Information Security Departments.

  • Performs eDiscovery tasks as required in support of requests from Legal and HR in the support of litigation for and against the Bank.

  • Conducts examination of logs, hard drives, network traffic, and other data to support targeted investigations.

  • Cybersecurity Engineer- EVC (Event Center).

  • Responsible for supporting security solutions within the Cybersecurity Office.

  • Assists the business, security and technical subject matter experts to deploy security controls and processes.

  • Manage the tool lifecycle by maintaining and supporting security tools.

  • Escalates and reports security incidents to partners in order for appropriate action to be taken.

  • Deliver timely and high quality work products to meet client’s expectations.

  • Defines, analyzes, evaluates, and aids in the implementation of security solutions to meet business needs.

  • Reviews, monitors, recommends and reports enhancement opportunities to meet bank and industry policies, standards, and guidance.

  • Cybersecurity Engineer -Business Consultants.

  • Partners, communicates and consults with business and key stakeholders to relay technical security concepts in a clear and concise manner.

  • Deliver timely and high quality work products to meet client’s expectations.

  • Defines, analyzes, evaluates, and aids in the implementation of security solutions to meet business needs.

  • Reviews, monitors, recommends and reports enhancement opportunities to meet bank and industry policies, standards, and guidance.

Equal Employment Opportunity Policy

Bank of the West is an Equal Opportunity employer and proud to provide equal employment opportunity to all job seekers without regard to any status protected by applicable law. Bank of the West is also an Affirmative Action employer - Minority / Female / Disabled / Veteran.

Bank of the West will consider for employment qualified applicants with criminal histories pursuant to the San Francisco Fair Chance Ordinance subject to the requirements of all state and federal laws and regulations.

Job: Security

Location: United States-Nebraska-Omaha

Requisition ID: 060951