Engineer I - Cyber, Third Party Risk Engineer

Western Alliance Bank•Columbus, OH

1d•Onsite

About The Position

As a Third‑Party Cyber Engineer I - Cyber you'll be responsible for reviews of vendor environments, AI‑enabled capabilities, automated assessment outputs, and cloud architectures. The role supports Western Alliance Bank’s Third‑Party Cyber Risk program by identifying material risks, validating security controls, and ensuring alignment with regulatory standards, internal cyber requirements, and enterprise AI governance patterns. Success in this role requires strong analytical skills, familiarity with security frameworks, experience assessing third‑party cyber risk, and the ability to clearly communicate complex technical issues while collaborating across cyber, risk, and business teams. This position is designated as in‑office and is not eligible for remote work.

Requirements

2+ years of experience in cybersecurity, vendor risk management, or security engineering, preferably within a regulated industry.
Bachelor's degree in related field required.
Entry level knowledge of general Financial Services or Banking is preferred.
Entry level to intermediate understanding of Python, PowerShell, Firewall, Proxies, SSL/TLS, Secure Mail Gateways, Application Firewalls, NAC, Vulnerability Scanners, EDR, SIEM and Bash.
Solid understanding of authentication protocols SAML, SSO, SOAR and LDAP.
Entry level to intermediate knowledge of major security frameworks (ISO 27001/27002, NIST CSF, NIST SP 800‑53, SOC reports, SIG/SCA).
Experience reviewing SOC audits, automated assessment outputs, and technical risk evidence.
Entry level to intermediate knowledge of NIST, MITRE and Administration of either or all of an IT Automation platform, SOAR, Firewall, IAM platform, SIEM, cloud cyber defense platform etc.
Intermediate written and verbal communication skills, with the ability to work independently and collaborate effectively across teams.

Responsibilities

Perform cybersecurity assessments of third‑party vendors, focusing on common security domains, including cloud security, IAM, application security, data protection, network security, DevSecOps, and incident response.
Analyze automated assessment results, SOC reports, policies, procedures, penetration tests, and AI‑related documentation to validate evidence accuracy and completeness.
Identify, document, and assess cyber control gaps in third-party environments; request clarification or supplemental evidence where needed; and record planned remediation plans.
Track remediation progress, escalate unresolved issues, and support incident response activities involving third‑party providers.
Produce high-quality cyber risk findings, summaries, and executive reporting.
Partner with Subject Matter Experts (SMEs) to develop accurate, timely responses to due-diligence inquiries from credit rating agencies, customers, and prospective clients, ensuring communication reflects WAB’s security posture and program maturity.
Respond to incoming cyber due diligence requests from credit rating agencies, prospective and current bank clients.
Where possible, identify and support opportunities to enhance program maturity through the use of automation, AI, reporting, and other capabilities.
Support incident response efforts when third-parties are involved.

Benefits

competitive salaries
an ownership stake in the company
medical and dental insurance
time off
a great 401k matching program
tuition assistance program
an employee volunteer program
a wellness program
opportunity to bolster business knowledge
learning the ins and outs of how successful companies operate and manage their finances
invaluable hands-on experience to help grow your career