Cyber Security Research & Analysis Specialist (SQL / Python required)

Bank of America•Washington, DC

2d•Onsite

About The Position

The Cyber Security Assurance, Attack Surface Research and Analysis team delivers hands on asset research on the Bank’s network (attack surface) to identify, measure, and interpret the Bank’s technology exposure and vulnerability exploitability. This role is responsible for high quality queries, datasets, and visualizations that leverage enterprise platforms and security data sources. The successful candidate will investigate infrastructure and vulnerability asset data to determine vulnerability risk for both technical and non‑technical audiences. The successful candidate will be highly collaborative, analytical, detail oriented, ensuring insights are accurate and delivered on time. Work as part of a team developing methods to quickly reference systems of record (SOR’s), systems of origin (SOO’s) and other available data stores for a comprehensive reliable and timely view of the Bank’s attack surface and vulnerability exploitability potential, with the goal of enabling answers to the following three questions as quickly as possible. Do we have it? Are we vulnerable? Is it exploitable?

Requirements

Experience with SQL Server Integration Services (SSIS), including: DevOps integration, C# script tasks, Packaging, deployment, and conditional workflows
Python development experience used for automation, data processing, and integration (not statistical or ML modeling)
SQL database and Python development experience used for automation, data processing, and integration (not statistical or ML modeling)
Strong experience with SQL Server development, including: Indexes, constraints, table switching, Transaction management, error handling, and activity logging
Strong analytical, problem‑solving, and conceptual thinking skills
Self‑motivated, detail‑oriented, and able to manage work independently
Strong verbal and written communication skills, with the ability to clearly explain technical findings in meetings and documentation
Hands‑on experience with data ingestion and ETL pipelines (batch and near‑real‑time)
Experience with SSRS, including subscriptions, report management, Tablix, matrix, and cascading parameters
Basic Understanding of networked infrastructure, including: Servers, switches, load balancers, and related components, basic network segmentation and exposure concepts
Excellent research skills with the ability to: Identify relevant data sources related to enterprise technologies, understand how systems operate and are used across the firm, persistently investigate and validate findings

Responsibilities

Create SQL and python scripts within Qualys, Tanium and BladeLogic to query datasets, to support attack surface visibility and vulnerability analysis
Perform hands on analysis of large scale datasets to correlate to security and vulnerabilities
Use Python and SQL to automate data ingestion, transformation, enrichment, and quality validation (ETL)
Develop and maintain visualizations and reports in Power BI or MS-Reporting Services (SSRS)
MS-Integration Services (SSIS) that support operational teams, cyber leadership, and risk stakeholders
Understand the Bank’s Data network and architecture to work in a team to answer: Do we have it? Are we vulnerable? Is it exploitable?
Clearly communicate findings through written analysis and live discussions, including executive‑level summaries.