Cybersecurity Analyst - Penetration Testing

Zions Bancorporation is one of the nation's premier financial services companies, consisting of a collection of great banks with combined total assets exceeding $70 billion. Zions operates banking divisions under local management teams and community identities in 11 states. Zions is included in the S&P 500 and NASDAQ Financial 100 indices. We are currently seeking a Cybersecurity Analyst - Penetration Tester to join our team. The Cybersecurity Analyst will perform security tests on networks, web-based applications, and computer systems. Design tests and tools to try to break into security-protected applications and networks to probe for vulnerabilities. This person will play a key role in keeping our employees and customers data safe and secure. Th Cybersecurity Analyst will be:

• Maintaining knowledge of the latest tactics, techniques and procedures for pen testing and support in the evaluation of new penetration testing tools.
• Testing methods to pinpoint ways that attackers could exploit weaknesses in security systems.
• Partnering with the internal cyber vulnerability management team on vulnerability identification and analysis.
• Assisting in Red Team exercises and partnering with the Cyber Security Operation Center.
• Conducting network and system security tests, which evaluate how well an organization's system conforms to a set of established criteria.
• Responsible to make suggestions on security policy improvements and work to enhance methodology material.
• Conducting thorough research and testing.
• Documenting and presenting findings along with writing security reports and discussing solutions with internal teams.
• Keeping up to date on security software packages and learning new security protocols and computer technologies that could be exploited.
• Other duties as assigned

• Must have 3+ years of penetration testing experience
• Must have experience utilizing Burp Suite or ZAP (Zed Attack Proxy)
• Hands on experience with programming languages such as Ruby or Python
• Experience with security assessment tools (Aircrack-ng, SQLmap, or Nessus)
• Experience with some security frameworks (NIST, SOX, HIPAA, or ISO)
• Background with knowledge of operating systems (Linux, Unix, or Windows)
• Solid understanding of networking and system administration.
• Understand cryptography, reverse engineering, web applications, databases, and wireless technologies.
• Excellent problem-solving skills to determine the most effective way to correct issues that arise
• Ability to review data and analyze the processes needed to correct security issues
• Working knowledge of regulatory guidelines and standards, compliance standards and policies, audit techniques, regulatory issues, operations, and procedures as they relate to the organization is preferred
• Certified Ethical Hacker (CE|H) or equivalent is a plus.
• Requires a Bachelor's in Computer Science, Information Systems or a related field and 4+ yrs IT and Information Security, Vulnerability Management and/or Threat Intelligence work experience with a broad exposure to systems analysis, networks, operating systems, web applications, development, database design and administration or other directly related experience.
• A combination of education and experience may meet qualifications.