Bank Of America Cloud & Mobile Malware Control Owner 

United States, Illinois, Chicago 

745187422

This job is responsible for leading evaluations of cyber security threats and enhancing defensive capabilities to reduce the bank's risk of exposure. Key responsibilities include conducting analyses of the threat environment and threats to the bank, including post incident analysis, applying a multi-faceted situational awareness of cyber security process to protect against threats, and implementing proactive defensive actions for the security, continuity, and confidentiality of information.

Key Responsibilities
• Control Ownership & Governance:
• Own and manage malware controls related to cloud and mobile platforms. Ensure controls are effective, measurable, and aligned with enterprise risk tolerance.
• Threat Management & Response:
• Collaborate with incident response teams to triage and respond to malware threats targeting cloud and mobile environments. Support post-incident reviews and drive improvements.
• Technology Risk Oversight:
• Identify and assess risks associated with cloud and mobile malware threats. Partner with risk and oversight teams to implement mitigation strategies.
• Operational Integration:
• Work across operational teams to integrate malware controls into existing workflows and technologies. Ensure seamless execution and reporting of control effectiveness.
• Metrics & Reporting:
• Develop and maintain operational metrics and dashboards to track control performance. Provide regular updates to leadership and stakeholders.
• Collaboration & Communication:
• Engage with cross-functional teams including GIS, cloud engineering, mobile development, and enterprise risk. Communicate technical findings and strategic recommendations clearly to both technical and non-technical audiences.
• Continuous Improvement:
• Stay current with emerging malware tactics targeting cloud and mobile platforms. Lead initiatives to enhance detection, prevention, and response capabilities.

Minimum 5 Years of Experience

• 5+ years of experience in malware analysis and incident response, with a focus on cloud and/or mobile platforms.
• Strong understanding of cloud service provider security models (AWS, Azure, GCP).
• Experience with mobile malware analysis (Android/iOS), including static and dynamic techniques.
• Familiarity with cloud-native security tools and mobile threat defense platforms.
• Ability to assess malware threats and extract Indicators of Compromise (IoCs).
• Strong documentation and reporting skills.
• Experience working in large enterprise environments with cross-functional teams.

Desired Qualifications
• Experience with sandbox technologies and virtualized analysis environments.
• Knowledge of mobile app reverse engineering tools (e.g., JADX, Frida, MobSF).
• Familiarity with cloud logging and monitoring tools (e.g., CloudTrail, Azure Monitor).
• Experience with SIEM platforms and event correlation.
• Knowledge of forensic artifacts in cloud and mobile environments.
• Experience with mobile security products like Lookout, CrowdStrike Mobile
• Experience with Microsoft Defender, Microsoft Sentinel, AWS Guard Duty, Google Cloud Security Center)

Certifications (Desired but not Required)
• CCSP, CCSK, GPCS, GMOB, GCIH, GREM, GCFA, GCFE, CISSP, or equivalent certifications.

Skills:

• Cyber Security

• Data Privacy and Protection

• Problem Solving

• Process Management

• Threat Analysis

• Access and Identity Management

• Business Acumen

• Interpret Relevant Laws, Rules, and Regulations

• Risk Analytics

• Stakeholder Management

• Data Governance

• Data and Trend Analysis

• Incident Management

• Information Systems Management

• Technology System Assessment