Bank Of America Senior Application Security Architect 

United States, Colorado, Denver 

813016642

Job Description:

Job Description:

The architect will participate the security assessments for various emerging technologies, such as blockchain/DLT, GenAI, and Postquantum to provide input from application security perspective.

Primary Responsibilities

• Engage technology teams, security architects, solution architects, enterprise architects and application architects to identify and understand significant application security architectures used at the bank
• Lead the technology architectural strategy development for GIS Application Security domain.
• Lead the development and annual refresh of GIS application security blueprint and capability model updates.
• Manage and update an enterprise library of application security defect remediation guidance
• Contribute to security risk assessment and study for the emerging technologies.
• Pro-actively engage stakeholders, including development managers, developers, architects, and governance bodies in the Bank to achieve security objectives
• Regularly interact with senior technology and business management, requiring the ability to explain complex technical matters in a way both technical and non-technical personnel can understand
• Manage business partner relationships to deliver a seamless and responsive workflow
• Align with information security architects to understand the trajectory of evolving information security control technologies and processes

Required Skills

• 10 -15 years of progressive experience in application security and / or software development, at least 2 years of experience in application security
• Knowledge of one or more enterprise application platforms and secure development in the same
• Knowledge of relevant standards, including IETF (e.g., HTTP, TLS, and networking), W3 (e.g., HTML, JavaScript, DOM) as well as platform-specific standards
• Exposure to application security testing techniques
• Able to read and write software in at least one programming language such as C, C++, .Net, Java, Python
• Comprehensive understanding of at least one application security life cycle, up to and including operations, maintenance and decommissioning
• Knowledge of at least one application security testing methodology / approach, including formal methods, system level security, SAST / DAST, threat modeling, ethical hacking and crowd-sourcing
• Experience with business planning, governance and management of application development or application security functions at a systemically important financial institution
• Ability to document and summarize the solutions and guidelines around application security and associated topics

Desired Skills:

• Bachelor’s degree or higher in CS, IT, a related technical or engineering field
• Application development or security testing experience
• Experience working in the financial sector
• CISSP or similar professional certification, or commensurate experience
• Technical writing skills
• Cyber security experience at a systemically important financial institution
• Experience working at a bank, credit union, money services business, or similar
• Experience with online collaboration tools and technologies such as SharePoint, Slack, HipChat, video conferencing
• Experience with source control, agile development, bug tracking, build automation, and change control platforms
• Experience with dynamic application security defensive technology, such as WAF, RASP, and compiler security mechanisms and language-theoretic security
• Knowledge of NIST 800 series, FIPS standards, ISO 27000 series, CSA and related standards

This job will be open and accepting applications for a minimum of seven days from the date it was posted.

1st shift (United States of America)