• Responsible for responding to information security incidents by investigating the method, scope, and implications of the incident
• Information security incidents include, but are not limited to: suspected data breaches; suspected cases of fraud; waste and abuse using Bank of the West information systems; and unauthorized system access. Responsible for deploying investigative tools throughout the enterprise to support the investigative mission. Coordinate as necessary with information technology groups to deploy and maintain tools to support investigations Develop the resources to quickly access logs and other data in order to perform investigations in a timely manner
• Responsible to make decisions about how to prove or disprove a given information security incident, including deciding when all available channels for evidence gathering are exhausted
• Utilize support from other employees to obtain evidence, conduct interviews, and deploy monitoring tools
• Subject to oversight, the Engineer will conduct monitoring of the use of information systems at Bank of the West to include messaging systems
• Significant contribution to the internal governance of Bank of the West and indirectly to the reputation of the company
• Engineer may task and deploy temporary staff and/or contractors on a project basis
• Responsibilities: • Survey the IT environment and identify existing event logging; explore opportunities for improving them • Connect with IT personnel to develop the ability to quickly obtain access to critical IT infrastructure in the event of an incident; Obtain autonomous access to event logs and devices as appropriate • Coordinate resources and drive the implementation of investigation and monitoring tools throughout the enterprise • Conduct examinations of logs, hard drives, network traffic, and other data to support targeted investigations • Communicate the results of investigations in both written and verbal reports • Conduct targeted IT environment activity monitoring as directed • Participate in the evaluation, planning, and implementation of information security controls • Receive incident reports and document incidents according to procedure • Travel as necessary in support of these job functions • Support these functions by working extended and/or late hours when timely response is critical Skills: • Excellent written and verbal communications skills; including the ability to communicate important findings of an investigation to a non-technical audience • Ability to prioritize and re-prioritize tasks in a rapidly changing environment • Ability to conduct investigations and/or audits and document the results of the investigation to support a formal report or court proceeding • Ability to work independently, complete required tasks with minimum supervision • Ability to maintain and improve skills through both structured training and independent research • Skilled experience with a number of programming languages, such as C, C++, Perl, and Python • Skilled experience with major operating systems, such as Windows, UNIX, Linux OS including Administration and Security • An in-depth understanding of networking protocols, computer hardware configurations; and networking devices • Hands-on experience conducting investigations with forensic imaging tools such as EnCase and/or ProDiscover • Hands-on experience with network traffic investigation tools such as Layer 2 sniffers, log aggregation/correlation tools, and intrusion detection systems Experience: • Experience conducting audits and investigations is a plus • At least 7 years experience with significant job responsibilities tied to networking and information system environments • Substantial experience working with Information Security is desired • Experience as a criminal investigator is valued Education: • Bachelor’s Degree or equivalent work experience Certifications: • Certification with one or more computer or network monitoring or investigation tools such as Encase and ProDisover are highly desirable • Security certifications such as CISA, CISSP are desirable

Links: