Senior Security Engineer

Since 1973, East West Bank has served as a pathway to success. With over 110 locations across the U.S. and Asia, we are the premier financial bridge between the East and West. Our teams of experienced, multi-cultural professionals help guide businesses and community members on both sides of the Pacific looking to explore new markets and create new opportunities, and our sustained growth and expertise in industries like real estate, entertainment and media, private equity and venture capital, and high-tech help build sustainable businesses and expand our associates’ potential for career advancement. 

Headquartered in California, East West Bank (Nasdaq: EWBC) is a top-performing commercial bank with a strong foundation, an enterprising spirit and a commitment to absolute integrity. East West Bank gives people the confidence to reach further.

The Senior Security Engineer will be a member of the Infosec Operations/SOC team, working on a primary mission of incident detection and response. They will participate in establishing and maintaining a corporate wide information security management program to ensure that information assets are adequately protected. As an East West Bank employee, the Senior Information Security Engineer will be part of a growing and stable organization that provides career path development opportunities while serving a growing and profitable market. The Senior Security Engineer will report to the Infosec Operations manager and work with senior members of the team to enhance and mature the security operations program.

• Develop strategies, plans, and processes to achieve security requirements and address identified risks.
• Perform threat hunting and threat modeling to identify, report, and remediate risks, and assist in providing leadership with an overview of relevant risks and threats.
• Assist with and perform security and penetration testing efforts including coordinating, testing, reporting, and remediation of findings.
• Lead improvements in alerting rules and strategy to detect incidents, including creating new alerts and tuning.
• Assist in management and improvement of information security controls, tools, and systems, including EDR, DLP, NDR, and email security.
• Assist in the development of information security architecture, policies, principles and standards.
• Work with business units and with other risk functions to identify security requirements, using methods that may include risk and business impact assessments.
• Perform alert investigation and incident response activities in an on-call rotation, and as required, to meet SLAs.
• Assist in monitoring and response to malicious emails and participate in developing social engineering exercises.
• Assist in vulnerability management remediation and exception efforts including analyzing findings from network scanners and application security tools.

• Experience with information security alert investigation and incident response.
• Experience on a SOC team.
• Familiar with IT/Information Security risk assessment methods and technologies.
• Experience with using and configuring information security tools such as EDR, DLP, Email Security, Phishing Simulation, SIEM, GPO, Vulnerability Scanners, WAF, Mobile Security, CSPM.
• Experience with Vulnerability Management and network scanners.
• Experience with and expertise in at least one of the following areas: Operating System/Endpoint Security, Network Security, Cloud Security, Application Security, Mobile Security, Data Loss Prevention, Security Testing, Threat Hunting, Threat Modeling.
• Knowledge of network infrastructure, including routers, switches, firewalls and associated network protocols and concepts.
• Understanding of core internet protocols (e.g., TCP/IP, DNS, SMTP, HTTP, etc.)
• Experience with Linux security configurations and investigations.
• Additional Qualifications
• Proven trustworthiness and history of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating well.
• Analytical and problem-solving mindset.
• Highly organized and efficient.
• Courage, Tenacity, and Humility.
• Ability to interact with personnel at all levels and across all business units / organizations, and to understand business imperatives.
• Education Requirements
• Preferable, but not required: A bachelor’s degree in an engineering-related field.
• Experience Requirements
• 5+ years of information security experience.
• Certification Requirements
• Preferable, but not required: CISSP, GIAC, CEH.