Security Engineer III

Our team excels in risk assessment by leveraging extensive industry knowledge, analytical skills, and a systematic approach to identify and mitigate risks. We ensure effective risk management tailored to BOKF's needs through comprehensive evaluations, continuous monitoring, and interdepartmental collaboration. By reviewing operations, providing feedback on best practices, and identifying opportunities to enhance controls, we help BOKF achieve its objectives and improve overall risk management.

As a Cyber Security Engineer III, you will lead the implementation of advanced security systems, conduct in-depth threat analysis and vulnerability assessments, and develop custom security configurations and rules. Your role involves overseeing incident response efforts, providing expert guidance, and mentoring junior engineers and analysts. You will stay updated on emerging security threats and technologies, lead projects with minimal oversight, and develop advanced intrusion detection/prevention systems. Additionally, you will conduct forensic and root cause analyses of security incidents, collaborate with security risk management, legal and compliance teams as necessary to ensure regulatory obligations are met. As well as author complex code for custom security solutions. Advanced analysis of security data and logs, and the application of advanced risk management principles in strategic decision-making are key competencies.

Our team is centered on vigilance, analytical thinking, and collaboration. Team members work together to identify, assess, and mitigate risks, creating an environment where growth and skill enhancement are highly valued. This proactive and cooperative approach ensures the bank's stability and resilience in a dynamic financial landscape.

• You will lead the implementation of advanced security architectures and custom security policies.
• You will conduct in-depth threat analysis, vulnerability assessments, and forensic analysis of security incidents.
• You will oversee incident response efforts and provide expert guidance.
• You will mentor and train junior engineers and analysts.
• You will stay updated on emerging security threats and technologies.
• You will collaborate with legal and compliance teams to ensure regulatory compliance.
• You will lead projects and deliver with minimal oversight, applying advanced risk management principles.

The level of knowledge is normally acquired through completion of a Bachelor's Degree in Information Security, Computer Science, or a related field of study and 5+ years' experience in Cyber Security or a related technical field, or 7+ years of Cyber Security experience or an equivalent combination of education and experience.

Preferred Master's degree, CISSP, or equivalent experience/certifications.

• Advanced demonstrated ability to configure and optimize security tools such as firewalls, IDS/IPS, and SIEM systems, ensuring peak performance and tailored security measures.
• Solid understanding of threat intelligence, with experience in identifying and mitigating known attack vectors through proactive threat hunting and analysis.
• Proficiency in responding to security incidents, including the ability to conduct initial triage, contain threats, and perform root cause analysis using forensic tools.
• Capable of leading small security-focused projects, managing timelines, resources, and cross-functional teams.
• Strong analytical and problem-solving skills, with the ability to approach challenges methodically and develop effective solutions under pressure.
• Advanced scripting skills in languages like Python, Bash, or PowerShell to automate repetitive tasks, improve security monitoring, and streamline incident response processes.
• Proficiency in securing cloud environments (AWS, Azure, GCP), including experience with cloud-native security tools and best practices for hybrid environments.
• Strong understanding of encryption technologies, including SSL/TLS, VPNs, and data encryption standards, with the ability to implement and manage these technologies effectively.
• Ability to translate complex technical concepts into clear, concise information for non-technical stakeholders, facilitating better understanding and decision-making.
• Experience in performing data analysis for security using tools like Excel, Splunk, or Elasticsearch to develop security metrics and support data-driven decision-making.
• In-depth understanding of risk management principles, with experience in assessing vulnerabilities and recommending mitigation strategies to reduce risk to acceptable levels.