Bank of America
Data Protection Threat Detection Lead
Bank of America, Charlotte, North Carolina, United States, 28245
Job Description
We are seeking a Data Protection Detection Lead to drive the development, refinement, and oversight of detection logic and content across the Data Monitoring and Protection organization, which includes detection coverage across DLP channels aligned to data exfiltration risks. This is a senior-level, hands-on role responsible for ensuring detection strategies are mapped to enterprise cyber risk, improving signal fidelity, and supporting operational effectiveness across monitored environments.
Key Responsibilities
Develop and maintain security detection use cases across DLP channels (e.g., endpoint, cloud, network).
Drive tuning and refinement of detection logic to improve fidelity and reduce false positives.
Leverage knowledge of proxy architectures and internet connectivity patterns to optimize detection logic, ensure visibility and address evasion techniques.
Partner with control owners (e.g., DLP, Email, Endpoint) to ensure detection alignment with business risk and policy coverage.
Design and document automation playbooks to support consistent detection response workflows, ensuring they can be operationalized by the appropriate teams.
Consult with policy and control owners on new projects and proposed changes to ensure detection coverage remains effective and aligned to data protection requirements.
Review proposed control changes and new technology integrations to validate they meet detection and monitoring requirements.
Map detection logic to threat models, including MITRE ATT&CK, and continuously evaluate coverage gaps.
Collaborate with Response Managers, Threat Intelligence, and Engineering to validate and optimize alerting logic.
Translate validated adversary behaviors from hunt exercises, threat intelligence, and incident trends into refined detection use cases and tuning strategies.
Perform targeted detection-focused hunts within DLP channels to validate coverage and identify gaps.
Review detection health and signal integrity, and lead quality assurance of rule performance.
Create and maintain runbooks and detection documentation to support SOC operations and audit requirements.
Provide technical oversight and mentorship to analysts and detection stakeholders across regions.
Collaborate with audit and risk teams to demonstrate detection control effectiveness and alignment to regulatory expectations.
Core Competencies
Strong analytical skills with the ability to identify detection gaps and operational inefficiencies.
Excellent communication and documentation skills; able to translate technical content for various audiences.
Proactive, collaborative, and capable of working across global teams.
Adept at managing competing priorities and leading through influence.
Required Qualifications
7+ years of experience in cybersecurity roles with a focus on detection, security operations, or threat response.
Deep knowledge of SIEM platforms, EDR, DLP, UEBA, and cloud telemetry (e.g., Splunk, CrowdStrike, Symantec, Microsoft Purview, Sentinel, Wiz).
Experience collaborating with threat hunting or conducting targeted hunts to identify detection gaps and inform use case development.
Familiarity with structured detection logic (EDM, Regex, YARA, Sigma) and signal tuning principles.
Strong understanding of MITRE ATT&CK and threat-informed defense frameworks.
Experience in regulated industries (e.g., financial services) preferred.
Skills
Cyber Security
Data Privacy and Protection
Problem Solving
Process Management
Threat Analysis
Business Acumen
Data and Trend Analysis
Interpret Relevant Laws, Rules, and Regulations
Risk Analytics
Stakeholder Management
Access and Identity Management
Data Governance
Encryption
Information Systems Management
Technology System Assessment
Shift 1st shift (United States of America)
Hours Per Week 40
Seniority level
Mid-Senior level
Employment type
Full-time
Job function
Information Technology
Industries
Banking
#J-18808-Ljbffr
Key Responsibilities
Develop and maintain security detection use cases across DLP channels (e.g., endpoint, cloud, network).
Drive tuning and refinement of detection logic to improve fidelity and reduce false positives.
Leverage knowledge of proxy architectures and internet connectivity patterns to optimize detection logic, ensure visibility and address evasion techniques.
Partner with control owners (e.g., DLP, Email, Endpoint) to ensure detection alignment with business risk and policy coverage.
Design and document automation playbooks to support consistent detection response workflows, ensuring they can be operationalized by the appropriate teams.
Consult with policy and control owners on new projects and proposed changes to ensure detection coverage remains effective and aligned to data protection requirements.
Review proposed control changes and new technology integrations to validate they meet detection and monitoring requirements.
Map detection logic to threat models, including MITRE ATT&CK, and continuously evaluate coverage gaps.
Collaborate with Response Managers, Threat Intelligence, and Engineering to validate and optimize alerting logic.
Translate validated adversary behaviors from hunt exercises, threat intelligence, and incident trends into refined detection use cases and tuning strategies.
Perform targeted detection-focused hunts within DLP channels to validate coverage and identify gaps.
Review detection health and signal integrity, and lead quality assurance of rule performance.
Create and maintain runbooks and detection documentation to support SOC operations and audit requirements.
Provide technical oversight and mentorship to analysts and detection stakeholders across regions.
Collaborate with audit and risk teams to demonstrate detection control effectiveness and alignment to regulatory expectations.
Core Competencies
Strong analytical skills with the ability to identify detection gaps and operational inefficiencies.
Excellent communication and documentation skills; able to translate technical content for various audiences.
Proactive, collaborative, and capable of working across global teams.
Adept at managing competing priorities and leading through influence.
Required Qualifications
7+ years of experience in cybersecurity roles with a focus on detection, security operations, or threat response.
Deep knowledge of SIEM platforms, EDR, DLP, UEBA, and cloud telemetry (e.g., Splunk, CrowdStrike, Symantec, Microsoft Purview, Sentinel, Wiz).
Experience collaborating with threat hunting or conducting targeted hunts to identify detection gaps and inform use case development.
Familiarity with structured detection logic (EDM, Regex, YARA, Sigma) and signal tuning principles.
Strong understanding of MITRE ATT&CK and threat-informed defense frameworks.
Experience in regulated industries (e.g., financial services) preferred.
Skills
Cyber Security
Data Privacy and Protection
Problem Solving
Process Management
Threat Analysis
Business Acumen
Data and Trend Analysis
Interpret Relevant Laws, Rules, and Regulations
Risk Analytics
Stakeholder Management
Access and Identity Management
Data Governance
Encryption
Information Systems Management
Technology System Assessment
Shift 1st shift (United States of America)
Hours Per Week 40
Seniority level
Mid-Senior level
Employment type
Full-time
Job function
Information Technology
Industries
Banking
#J-18808-Ljbffr