For more than 40 years, East West Bank has served as a pathway to success. With over 130 locations across the U.S. and Greater China, we are the premier financial bridge between the East and West. Our teams of experienced, multi-cultural professionals help guide businesses and community members on both sides of the Pacific looking to explore new markets and create new opportunities. And our sustained growth and expertise in industries like real estate, entertainment and media, private equity and venture capital, high-tech and aviation help build sustainable businesses and expand our employees’ potential for career advancement.
Headquartered in California, East West Bank (Nasdaq: EWBC) is a top performing commercial bank with an exclusive focus on the U.S. and Greater China markets. With assets of $37.7 billion, we’re ranked among the 30 largest banks in the United States and currently top 5 in “America’s 100 Best Banks” by Forbes, a list where we've consistently been in the top 15 since 2010. With a strong foundation, an enterprising spirit and a commitment to absolute integrity, East West Bank gives people the confidence to reach further.
We are currently seeking a Senior Security Engineer. This position will participate in establishing and maintaining a corporate wide information security management program to ensure that information assets are adequately protected. As an East West Bank employee, you will be part of a growing and stable organization that provides career path development opportunities while serving a growing and profitable market. As a valuable East West Bank team member, your duties (not limited to) will include:
- Under the direction of the Information Security-Team Lead, develop strategies and plans to achieve security requirements and address identified risks.
- Assist in the development of security architecture and security policies, principles and standards.
- Gather, analyze and assess the current and future threat landscape, and assist in providing leadership with a realistic overview of risks and threats in the enterprise environment.
- Work with business units and with other risk functions to identify security requirements, using methods that may include risk and business impact assessments.
- Perform security testing and vulnerability assessments to identify security strengths and weaknesses, to assess the effective ness of existing controls, and to recommend remedial action.
- Perform incident management and response activities as a member of the bank’s incident management team. As required, assist in triage, response and mitigation, post mortem analyses, and forensic analyses.
- Review audit trails, system logs and other monitoring data sources regularly and ensure they are in compliance with policies and audit requirements.
- 7-10 years of IT and network security experience
- In - depth knowledge of risk assessment methods and technologies
- Proficient use of various tools and techniques, including risk, business impact, control and vulnerability assessments, used to identify business needs and determine control requirements.
- Excellent technical knowledge of Microsoft Windows operating systems and a wide range of security technologies, such as network security appliances, identity and access management systems, anti- malware solutions , automated policy compliance, logging and filtering tools , and desktop security solutions.
- Know ledge of network infrastructure, including routers, switches, firewalls and associated network protocols and concepts.
- Experience in system and application technology security testing, including static and dynamic code review, vulnerability scanning and penetration testing.
- Experience with IDS/IPS/SIEM and related security tools and technologies, such as Nitro / McAfee SIEM and SecurityOnion.
- Familiarity with router and firewall operations and maintenance.
- Ability to interact with personnel at all levels and across all business units / organizations, and to understand business imperatives.
- Strong knowledge in of all core internet protocols (e.g., TCP/IP, DNS, SMTP, HTTP, etc.)
- Experience working with security tools such as SIEM, vulnerability scanning, laptop data encryption, endpoint data protection, and application pen testing
- An undergraduate degree is required, preferably engineering related.
- Technical certifications are a plus but not necessary, 7-10 years of IT or network security experience with a passion in Info Sec.