Vice President Cloud Security Lead Devops Engineer jobs at Bank Of America in Australia, Sydney

Job Description:

Job Description:

The Senior Network Security Engineer has accountability for researching, designing, engineering, implementing, and supporting network security solutions. You will utilize in-depth technical knowledge and business requirements to help design and implement a secure solution.

It is imperative that you have a solid knowledge of Cisco ISE, advanced router/switch ability, 802.11, and 3rd party security controls.

You will regularly collaborate with experts both in country and in other regions, so excellent communication skills are very important. If you are seeking a demanding role within Global Information Security (GIS) and have the required skills, this will be a great opportunity for you. Typically, applicants should have 10+ years of cybersecurity or engineering experience.

Top 3 Job Qualifications:

• Firewall Engineering Experience.
• Splunk 'Search' Module Code Development Experience.
• Network Traffic Analysis Experience.

Required Qualifications:

• Minimum of 10 years of experience in security or engineering discipline.
• Solid experience with designing and deploying security solutions for Network Access Control as well as experience with Firewalls, IDS/IPS, WAF, Proxies, DLP, DDoS, and Malware inspections solutions.
• Demonstrate expertise with Cisco ISE and IEEE 802.1x.
• Experience with Cisco ISE and HPE/Aruba, as well as other with other third-party network security controls such as Bluecoat, FortiGate, Checkpoint, Juniper, F5 ASM, Cisco, or FireEye.
• Solid experience configuring, deploying, installing, and troubleshooting Cisco routers, switches, and components in a medium to large business.
• Cisco ACS RADIUS and TACACS experience.
• Knowledge Private Key Infrastructure (PKI) / Certificate Authority.
• Ability to quickly diagnose the problem areas and come up with solutions and/or workarounds.
• Ability to understand the requirements and analyze the technical feasibility and design against the requirements.
• Able to work effectively with remote locations including onsite/offshore stakeholder streams.
• Knowledge and experience architecting complex enterprise cybersecurity solutions.
• Experience coordinating delivery of project/changes milestones, ensures projects stay on target, escalating and identifying roadblocks.
• Firewall Lockdown experience required.
• Splunk Code development experience.
• Fortinet Firewall Policy Architecture & Engineering knowledge.

Desired Qualifications:

• Ability to work independently, creative thinker/solver.
• Strong communication skills – meaning professional demeanor in all situations and sensitivity to other cultures by adjusting communication styles - preferably experience in working in global industry.
• Be detail oriented and thorough in all aspects of work.
• Demonstrate strong leadership skills to command the attention of your audience and motivate others to work together towards the common goal.
• Bank of America engineering and architecture processes familiarity (desired).

Job Description:

Job Description:

As a Senior Cloud Operations Specialist, you will play a pivotal role in our organization’s growth and evolution. You will be responsible for modernizing our existing and future cloud operations workflows to simplify, optimize and ensure consistency in quality and urgency of investigations within our organization and a well-defined decision matrix for escalations to our partner organizations. You will also collaborate with partner teams to continually identify opportunities to reduce event volume, to increase event fidelity, and to engineer detections for new threats and risks.

Additionally, you will support development and maintenance of innovate training programs to quickly upskill existing cybersecurity operations professionals to operate in an Azure cloud operations environment as well as to be a representative for the organization on cloud related operations in any audit or regulatory examinations.

Key Responsibilities:

• Investigate security events and incidents within cloud environments, utilizing advanced tools and techniques to identify threats and vulnerabilities.

• Design and implement comprehensive workflows for handling security events, ensuring timely and effective response procedures.

• Collaborate with cross-functional teams to develop and refine security policies, procedures, and best practices tailored to Azure cloud security operations.

• Provide guidance and mentorship to junior team members, fostering their professional development and enhancing overall team capabilities.

• Stay abreast of emerging threats, vulnerabilities, and industry trends, continually updating skills and knowledge to maintain expertise in cloud security.

Qualifications:

• Extensive experience (7+ years) in cybersecurity operations, with experience onmulti-cloud (AWS, Azure and Google) environments.

• Proven expertise in investigating security events and incidents within cloud environments, demonstrating strong analytical and problem-solving skills.

• Solid understanding of regulatory compliance requirements, particularly in highly regulated industries (e.g., healthcare, finance, government).

• Experience in designing and implementing workflows for security event investigation and response.

• Strong communication and interpersonal skills, with the ability to effectively collaborate with cross-functional teams and mentor junior team members.

• Ability to thrive in a fast-paced environment, managing multiple priorities and deadlines effectively.

Required Skills:

• Understanding ofmulti-cloud (AWS, Azure and Google) environmentsand its associated technologies, both from Security and Cloud Ops perspective.

• 8+ years relevant Cyber Security experience with at least five (5) years in Cloud SOC and/or Purple Team roles.

• Experience designing and implementing technical solutions to enhance visibility, alerting capabilities, and reduce risk within Cloud IaaS, PaaS, and M365 environments.

• Experience reviewing applications, infrastructure, and architectural designs to identify threats and vulnerabilities.

• Experience with a range of Azure native services and tools.

• Experience writing and modifying Analytic Rules.

• Experience designing and implementing SOAR capabilities within Azure.

• Deep understanding of Cyber Security control environments and their relationship to zero-trust networks.

• Understanding of Terraform.

• Understanding of threat frameworks, such as MITRE ATT&CK for Cloud and D3FEND.

• Understanding of Risk Management principles.

• Experience in building, configuring, operating and/or securing cloud infrastructure and applications with either native cloud service provider capabilities or 3rd party vendor tools.

• Proven ability to leverage Cloud native capabilities to build custom reports and dashboards.

• Ability to independently assess risks and identify vulnerabilities in infrastructure with an eagerness to suggest new processes, policies, and overall improvements to internal security controls.

• Ability to perform root cause analyses.

• Experience partnering with incident response teams, threat intelligence researchers, Red/Purple teams, and/or HUNT researchers.

• Ability to support 24x7x365 global support through rotational on-call.

• Highly organized and motivated self-starter who can deliver results with minimal direction.

• Ability to navigate and collaborate effectively within a geographically complex and dispersed global corporation.

• Excellent verbal and written communication skills with ability to distill key data points and effectively present information.

Preferable Certifications:

• AZ-500: Azure Security Engineer Associate

• CISSP

Job Description:

Job Description:

The Network Security Engineer has accountability for researching, designing, engineering, implementing, and supporting network security solutions. You will utilize in-depth technical knowledge and business requirements to help design and implement a secure solution.

It is imperative that you have a solid knowledge of Cisco ISE, advanced router/switch ability, 802.11, and 3rd party security controls.

You will regularly collaborate with experts both in country and in other regions, so excellent communication skills are very important. If you are seeking a demanding role within Global Information Security (GIS) and have the required skills, this will be a great opportunity for you. Typically, applicants should have 5+ years of cybersecurity or engineering experience.

Top 3 Job Qualifications

• Firewall Engineering Experience.
• Splunk 'Search' Module Code Development Experience.
• Network Traffic Analysis Experience.

Required Qualifications

• Minimum of 5 years of experience in security or engineering discipline.
• Solid experience with designing and deploying security solutions for Network Access Control as well as experience with Firewalls, IDS/IPS, WAF, Proxies, DLP, DDoS, and Malware inspections solutions.
• Demonstrate expertise with Cisco ISE and IEEE 802.1x.
• Experience with Cisco ISE and HPE/Aruba, as well as other with other third-party network security controls such as Bluecoat, FortiGate, Checkpoint, Juniper, F5 ASM, Cisco, or FireEye.
• Solid experience configuring, deploying, installing, and troubleshooting Cisco routers, switches, and components in a medium to large business.
• Cisco ACS RADIUS and TACACS experience.
• Knowledge Private Key Infrastructure (PKI) / Certificate Authority.
• Ability to quickly diagnose the problem areas and come up with solutions and/or workarounds.
• Ability to understand the requirements and analyze the technical feasibility and design against the requirements.
• Able to work effectively with remote locations including onsite/offshore stakeholder streams.
• Knowledge and experience architecting complex enterprise cybersecurity solutions.
• Experience coordinating delivery of project/changes milestones, ensures projects stay on target, escalating and identifying roadblocks.
• Firewall Lockdown experience required.
• Splunk Code development experience.
• Fortinet Firewall Policy Architecture & Engineering knowledge.

Desired Qualifications

• Ability to work independently, creative thinker/solver.
• Strong communication skills – meaning professional demeanor in all situations and sensitivity to other cultures by adjusting communication styles - preferably experience in working in global industry.
• Be detail oriented and thorough in all aspects of work.
• Demonstrate strong leadership skills to command the attention of your audience and motivate others to work together towards the common goal.
• Bank of America engineering and architecture processes familiarity (desired).

Job Description:

Job Description:

As an Azure Senior Cloud Operations Specialist, you will play a pivotal role in our organization’s growth and evolution. You will be responsible for modernizing our existing and future cloud operations workflows to simplify, optimize and ensure consistency in quality and urgency of investigations within our organization and a well-defined decision matrix for escalations to our partner organizations. You will also collaborate with partner teams to continually identify opportunities to reduce event volume, to increase event fidelity, and to engineer detections for new threats and risks.

Additionally, you will support development and maintenance of innovate training programs to quickly upskill existing cybersecurity operations professionals to operate in an Azure cloud operations environment as well as to be a representative for the organization on cloud related operations in any audit or regulatory examinations.

Key Responsibilities:

• Investigate security events and incidents within cloud environments, utilizing advanced tools and techniques to identify threats and vulnerabilities.
• Design and implement comprehensive workflows for handling security events, ensuring timely and effective response procedures.
• Collaborate with cross-functional teams to develop and refine security policies, procedures, and best practices tailored to Azure cloud security operations.
• Provide guidance and mentorship to junior team members, fostering their professional development and enhancing overall team capabilities.
• Stay abreast of emerging threats, vulnerabilities, and industry trends, continually updating skills and knowledge to maintain expertise in cloud security.

Qualifications:

• Extensive experience (7+ years) in cybersecurity operations, with a focus on Azure.
• Proven expertise in investigating security events and incidents within cloud environments, demonstrating strong analytical and problem-solving skills.
• Solid understanding of regulatory compliance requirements, particularly in highly regulated industries (e.g., healthcare, finance, government).
• Experience in designing and implementing workflows for security event investigation and response.
• Strong communication and interpersonal skills, with the ability to effectively collaborate with cross-functional teams and mentor junior team members.
• Ability to thrive in a fast-paced environment, managing multiple priorities and deadlines effectively.

Required Skills:

• Understanding of Azure and its associated technologies, both from Security and Cloud Ops perspective.
• 8+ years relevant Cyber Security experience with at least five (5) years in Cloud SOC and/or Purple Team roles.
• Experience designing and implementing technical solutions to enhance visibility, alerting capabilities, and reduce risk within Cloud IaaS, PaaS, and M365 environments.
• Experience reviewing applications, infrastructure, and architectural designs to identify threats and vulnerabilities.
• Experience with a range of Azure native services and tools.
• Experience writing and modifying Analytic Rules.
• Experience designing and implementing SOAR capabilities within Azure.
• Deep understanding of Cyber Security control environments and their relationship to zero-trust networks.
• Understanding of Terraform.
• Understanding of threat frameworks, such as MITRE ATT&CK for Cloud and D3FEND.
• Understanding of Risk Management principles.
• Experience in building, configuring, operating and/or securing cloud infrastructure and applications in Azure with either native cloud service provider capabilities or 3rd party vendor tools.
• Proven ability to leverage Azure native capabilities to build custom reports and dashboards.
• Ability to independently assess risks and identify vulnerabilities in infrastructure with an eagerness to suggest new processes, policies, and overall improvements to internal security controls.
• Ability to perform root cause analyses.
• Experience partnering with incident response teams, threat intelligence researchers, Red/Purple teams, and/or HUNT researchers.
• Ability to support 24x7x365 global support through rotational on-call.
• Highly organized and motivated self-starter who can deliver results with minimal direction.
• Ability to navigate and collaborate effectively within a geographically complex and dispersed global corporation.
• Excellent verbal and written communication skills with ability to distill key data points and effectively present information.

Preferable Certifications:

• AZ-500: Azure Security Engineer Associate
• CISSP
• CISM

Job Overview:

The Cloud Security Specialist is responsible for designing, implementing, and managing security controls across multi-cloud environments, with a specific emphasis on Azure and AWS platforms, to ensure the protection of organizational data and systems. This role requires deep expertise in cloud security, architecture principles, and industry standards. The ideal candidate will work closely with various teams to ensure the security of cloud-based applications, data, and infrastructure.

Key Responsibilities:

• Lead the design and implementation of secure cloud architectures and solutions, ensuring alignment with business objectives and security requirements.
• Maintain and update risk registers and ensure continuous monitoring of cloud security risks.
• Act as a liaison between the security team and other departments to promote a security-first culture.

• Security Controls -
  • Define and implement security controls and policies for cloud environments, ensuring compliance with industry standards (e.g., ISO 27001, NIST, GDPR, HIPAA) and bank security policies.
  • Continuously improve security controls and processes to enhance the organization's security posture.
  • Develop and maintain documentation for security controls, policies, and procedures.

• Policy as Code (PaC) Implementation -
  • Policies are increasingly managed as code, requiring developers skilled in scripting and programming to define, customize, and automate these policies using tools like HashiCorp Sentinel, Open Policy Agent (OPA), and Terraform.

• Integration with CI/CD Pipelines -
  • Developers ensure that security policies are embedded in CI/CD workflows to enforce compliance during the development and deployment phases.

• Custom Solutions Development -
  • Off-the-shelf security tools often need customization to fit organizational requirements. Developers can write custom modules, scripts, or extensions to adapt these tools effectively.

• Collaboration with Security Teams -
  • Developers act as a bridge between security and DevOps teams, ensuring that security policies align with operational workflows without hindering development agility.

• Governance and Regulatory Compliance -
  • Conduct regular security assessments and audits of cloud environments to identify and mitigate risks.
  • Conduct risk assessments to identify potential security threats and vulnerabilities in cloud environments.
  • Evidence Package Creation - Package evidence of security policies deployment and effectiveness proving to non-technical audience, Audit and Governance Teams, the effectiveness of security policies.
  • Participate in internal and external audits to demonstrate compliance with cloud security requirements.

Required Skills:

• 5 years of experience in cloud security.
• Currently hold active AWS Security Specialty or Azure AZ-500 certification.
• In-depth understanding of cloud security principles, best practices, and industry frameworks such as OWASP Top 10, NIST, CSA, CIS benchmarks.
• Familiarity in programming and scripting languages such as Python, TF, Go, or JavaScript.
• Experience building and implementing IaC/PaC governance strategies with appropriate tooling (e.g., Terraform, CloudFormation, OPA, HashiCorp Sentinel, etc.).
• Strong understanding of CI/CD pipelines and DevOps practices.
• Hands-on experience with cloud-native and third-party security solutions, including Cloud Security Posture Management (CSPM) and Cloud Workload Protection (CWPP).
• Demonstrated capability to translate technical information into a format that a non-technical audience will understand and clear communication skills.

Desired Skills:

• Relevant industry certifications such as ISC2 and SANS GIAC are highly desirable.
• Strong communication and interpersonal skills to work effectively with cross-functional teams.
• Ability to manage multiple projects and priorities in a fast-paced environment.

Key Responsibilities:

• Oversee and execute assigned areas of audit work for Global Markets business in Asia Pacific, providing day to day guidance to teammates.
• Execute audit strategy for the sound application of risk-based auditing by defining audit scope, audit program, and test procedures.
• Typically acts as Auditor-in-Charge (AIC) for Global Markets audits. When leading an audit engagement, is responsible for day-to-day coaching, mentoring, and performance feedback. Fosters an inclusive work environment.
• Oversee assessment and coverage of risks and emerging risks for Australia.
• Oversees audit testing to ensure timely execution within quality standards and conformance to audit policies and procedures.
• Assesses issues for impact to business processes (Global Markets (GM) businesses and the relevant control functions), controls and strategies, recommends severity ratings and escalation of broad themes or trends.
• Drafts quality and timely audit reports and shares results with business leaders.
• Manages business partner relationships when conducting specific audits; primary engagement is with line management.
• Candidate will be required to engage with senior management within Audit and the line of business, audit teams and also face off regulators.
• Exercises critical thinking and judgment to effectively influence management to improve the control environment.

Key Requirements:

• Minimum of 10-12 years or more of working experience in a Global Markets Audit team covering Front Office trading activities.
• Excellent analytical skills and strong communication skills to effectively engage with both stakeholders and regulators.
• In-depth knowledge and Audit execution background of Global Markets business and relevant control functions and strong understanding of local regulatory requirements in Australia.
• Ability to work in a team environment, focus on high quality execution and lead audit assignments.

Job Description:

Joining the G&C team, you will actively engage with the broader GBO team to ensure obligations are met and projects strategically managed for delivery within agreed timelines.

This position requires frequent interaction with local Payment Operations, GFCC and Compliance partners and requires the ability to handle multiple workstreams at once.

Responsibilities:

• Perform daily regulatory reporting; actively manage and mitigate regulatory risk.
• Implement change resulting from regulatory mandates and for offshoring plans.
• Be accountable for the management of and closure of operational control gaps.
• Articulate clearly and concisely. Adhere to “identify, escalate, debate” principle.
• Achieve satisfactory results from internal audits and targeted risk assessments.
• Be comfortable delivering in a high pressure and evolving working environment.
• Demonstrate consistency, be reliable and organized, endeavor to meet deadlines.
• Be a team player with conduct consistent with BofA core values and principles.

Valuable experience:

• 5+ years GB/GM Operations Operational Risk experience, particularly in Payment Ops
• Some experience in regulatory reporting and processes improvement
• Ability to effectively partner with and influence other business units.
• A track record in managing operational and/or regulatory risk
• An understanding of the Australian regulatory environment
• Experience with AUSTRAC: IFTI, Section 49 and TTR reporting