Staff Engineer II - Cyber

Job Title:

Staff Engineer II - Cyber

Location:

CityScape

What You'Ll Do:

As a Staff Engineer II - Cyber you'll work both independently and as part of a cohesive team to manage and provide ownership of innovative threat detection, security audit, and logging solutions. You'll take the lead to communicate, collaborate and justify cyber recommendations to a broad base of stakeholders throughout the IT, Cyber and Audit department. Western Alliance Bank’s Insider Risk Program is a strategic initiative within the Security Risk & Compliance function, supporting the bank’s growth into a Large Financial Institution. It focuses on identifying, preventing, and mitigating risks to the bank and its customers that may arise from inadvertent or intentional actions by employees, contractors, or third parties.

As the Insider Risk Staff Engineer II, you’ll be a key member of a multidisciplinary team that partners closely with Data Security, the Security Monitoring Center, Privacy, Legal, and HR, among others. You'll manage the full stack (front end and back end) of applications utilized to help Western Alliance Bank prevent, detect and respond to insider risk events of interest. You'll own the review and development of new processes and technologies to enhance the program’s ongoing maturity. Additionally, you'll lead the continuous review and improvement of the defense, auditing, access standards, tactics, and techniques to meet regulatory guidelines as well as owning the resiliency of insider risk applications and platforms via routine disaster recovery exercises. You'll partner with vendors routinely to optimize insider risk products, as well as ensure costs/licenses do not exceed expectations, while maintaining capacity planning to ensure quality and value delivery of insider risk program objectives.

• Proactively identify and fix issues to improve backend service scalability, resiliency, and fault tolerance. Respond to insider risk events of interest in a timely manner alongside team members and key stakeholders. Respond to audit inquiries and ensure processes and procedures are within regulatory guidelines.
• Foster the highest level of engineering practices and follow relevant company procedures, in addition to being held accountable for relevant documentation.
• Design and implement advanced detection logic to surface subtle behavioral anomalies indicative of insider risk across diverse data sources.
• Continuously refine and tune Insider Risk policies to reduce false positives and improve signal-to-noise ratio in alerting workflows.
• Engineer scalable data pipelines to ingest, normalize, and correlate identity, access, and activity data for risk modeling.
• Collaborate with security monitoring, threat intelligence and modeling teams to incorporate contextual enrichment and behavioral baselines into Insider Risk analytics.
• Prototype and evaluate emerging technologies (e.g., ML models, graph analytics) to enhance Insider Risk detection capabilities.
• Revisit Insider Risk tooling architecture design routinely with vendor and peers to either or all: minimize cost, optimize performance, scale, and meet new requirements.

What You'Ll Need:

• 6+ years of related experience in IT--Security, IT--App Support, IT--Development or similar field.
• Bachelor's degree in related field required.
• Previous leadership experience preferred.
• Advanced knowledge of general Financial Services or Banking is preferred.
• Advanced to expert experience with and knowledge of Linux, Python, PowerShell, SIEM and Bash. Solid understanding of authentication protocols SAML, SSO, and LDAP. Solid understanding of concepts regarding SIEM, SOAR, Firewall, Proxies, SSL/TLS, Secure Mail Gateways, Application Firewalls, NAC, Vulnerability Scanners, and EDR.
• Advanced experience with logging infrastructure concepts: syslog; log parsing; log de-duping; methods for log pulling; RFC 5424; CEF Format; JSON; key value pair format; log enrichment; log maintenance; log troubleshooting.
• Solid understanding of load balancers, DNS, SMTP, etc. for troubleshooting application functionality.
• Advanced experience of NIST, MITRE and Administration of either or all of an IT Automation platform, SOAR, Firewall, IAM platform, SIEM, cloud cyber defense platform etc.
• Hands-on experience deploying and operating a User & Entity Behavioral Analytics (UEBA) platform in a mid-large sized corporation, preferably in Financial Services.
• Expertise building Application Program Interfaces (APIs) from source systems of record to bring technical and non-technical indicators into the UEBA.
• Intermediate - Advanced ability to query and extract data from security monitoring systems (e.g., SIEM, EDR, NDR, etc.) for performing Insider Risk analysis.
• Experience correlating UEBA signals with identity, access, and data movement logs to detect anomalous behavior.
• Familiarity with government and industry best practice frameworks for managing Insider Risk (e.g., Carnegie Mellon, SIFMA, MITRE, NIST, etc.).
• Ability to translate behavioral indicators into risk scoring models and escalation thresholds.
• Experience working cross-functionally with Legal, HR, and Compliance teams to investigate and respond to Insider Risk cases.
• Advanced speaking and writing communication skills.

Benefits you’ll love:
We offer all the important things you'd want — like competitive salaries, an ownership stake in the company, medical and dental insurance, time off, a great 401k matching program, tuition assistance program, an employee volunteer program, and a wellness program. In addition, you’ll have the opportunity to bolster your business knowledge, learning the ins and outs of how successful companies operate and manage their finances, giving you invaluable hands-on experience to help grow your career!

About The Company:

Western Alliance Bank is a wholly owned subsidiary of Western Alliance Bancorporation. Alliance Bank of Arizona, Alliance Association Bank, Bank of Nevada, Bridge Bank, First Independent Bank, and Torrey Pines Bank are divisions of Western Alliance Bank; Member FDIC.  AmeriHome Mortgage is a Western Alliance Bank company.

Western Alliance Bancorporation is committed to equal employment and will consider all qualified applicants without regard to race, sex, color, religion, age, nation origin, marital status, disability, protected veteran status, sexual orientation, gender identity or genetic information. Western Alliance Bancorporation is committed to working with and providing reasonable accommodations for individuals with disabilities. If you are an individual with a disability and require a reasonable accommodation to complete any part of the application process and/or need an alternative method of applying, please email HR@westernalliancebank.com or call 602-386-2488.  When contacting us, please provide your contact information and state the nature of your accessibility issue.  We will only respond to inquiries concerning requests that involve a reasonable accommodation in the application process.

© Western Alliance Bancorporation