Data Protection Threat Detection Lead

Job Description:

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. We do this by driving Responsible Growth and delivering for our clients, teammates, communities and shareholders every day.

Being a Great Place to Work is core to how we drive Responsible Growth. This includes our commitment to being an inclusive workplace, attracting and developing exceptional talent, supporting our teammates' physical, emotional, and financial wellness, recognizing and rewarding performance, and how we make an impact in the communities we serve.

Bank of America is committed to an in-office culture with specific requirements for office-based attendance and which allows for an appropriate level of flexibility for our teammates and businesses based on role-specific considerations.

At Bank of America, you can build a successful career with opportunities to learn, grow, and make an impact. Join us!

Job Description:

We are seeking a Data Protection Detection Lead to drive the development, refinement, and oversight of detection logic and content across the Data Monitoring and Protection organization, which includes detection coverage across DLP channels aligned to data exfiltration risks. This is a senior-level, hands-on role responsible for ensuring detection strategies are mapped to enterprise cyber risk, improving signal fidelity, and supporting operational effectiveness across monitored environments.

The ideal candidate brings deep experience in Security Operations, targeted hunt and threat behavior analysis, strong analytical skills, and a practical understanding of how to translate complex threat scenarios into actionable detection content. This role partners closely with control owners, engineering teams, and threat intelligence functions to ensure detection capabilities remain current and effective.

• Develop and maintain security detection use cases across DLP channels (e.g., endpoint, cloud, network).
• Drive tuning and refinement of detection logic to improve fidelity and reduce false positives.
• Leverage knowledge of proxy architectures and internet connectivity patterns to optimize detection logic, ensure visibility and address evasion techniques.
• Partner with control owners (e.g., DLP, Email, Endpoint) to ensure detection alignment with business risk and policy coverage.
• Design and document automation playbooks to support consistent detection response workflows, ensuring they can be operationalized by the appropriate teams.
• Consult with policy and control owners on new projects and proposed changes to ensure detection coverage remains effective and aligned to data protection requirements.
• Review proposed control changes and new technology integrations to validate they meet detection and monitoring requirements.
• Map detection logic to threat models, including MITRE ATT&CK, and continuously evaluate coverage gaps.
• Collaborate with Response Managers, Threat Intelligence, and Engineering to validate and optimize alerting logic.
• Translate validated adversary behaviors from hunt exercises, threat intelligence, and incident trends into refined detection use cases and tuning strategies.
• Perform targeted detection-focused hunts within DLP channels to validate coverage and identify gaps.
• Review detection health and signal integrity, and lead quality assurance of rule performance.
• Create and maintain runbooks and detection documentation to support SOC operations and audit requirements.
• Provide technical oversight and mentorship to analysts and detection stakeholders across regions.
• Collaborate with audit and risk teams to demonstrate detection control effectiveness and alignment to regulatory expectations.

• Strong analytical skills with the ability to identify detection gaps and operational inefficiencies.
• Excellent communication and documentation skills; able to translate technical content for various audiences.
• Proactive, collaborative, and capable of working across global teams.
• Adept at managing competing priorities and leading through influence.

• 7+ years of experience in cybersecurity roles with a focus on detection, security operations, or threat response.
• Deep knowledge of SIEM platforms, EDR, DLP, UEBA, and cloud telemetry (e.g., Splunk, CrowdStrike, Symantec, Microsoft Purview, Sentinel, Wiz).
• Experience collaborating with threat hunting or conducting targeted hunts to identify detection gaps and inform use case development
• Familiarity with structured detection logic (EDM, Regex, YARA, Sigma) and signal tuning principles.
• Strong understanding of MITRE ATT&CK and threat-informed defense frameworks.
• Experience in regulated industries (e.g., financial services) preferred.

• Cyber Security
• Data Privacy and Protection
• Problem Solving
• Process Management
• Threat Analysis
• Business Acumen
• Data and Trend Analysis
• Interpret Relevant Laws, Rules, and Regulations
• Risk Analytics
• Stakeholder Management
• Access and Identity Management
• Data Governance
• Encryption
• Information Systems Management
• Technology System Assessment