Expoint - all jobs in one place

The point where experts and best companies meet

Limitless High-tech career opportunities - Expoint

Bank Of America Senior Technology Manager - Application Security 
United States, Illinois, Chicago 
887126041

17.12.2024

Job Description:

Job Description:
This job is responsible for building and leading a team to deliver technology products and services that meet business outcomes. Key responsibilities include developing a technology strategy, ensuring technology solutions comply with applicable standards, promoting design, engineering, and organizational practices, and advocating and advancing modern, Agile solution delivery practices. Job expectations may include coaching, mentoring, providing feedback and hands on career development, identifying emerging talent, fostering leadership skills, and managing stakeholders.

We are seeking a highly skilled and hands-on. This role requires deep technical expertise in secure coding practices, vulnerability scanning, and cloud application security. The Senior Technology Manager will lead technical initiatives focused on security code scanning, application vulnerability scanning using tools such as Invicti, Checkmarx and validating secure coding practices in cloud environments. The Manager will collaborate closely with developers, DevOps, and cloud architects to embed security within the software development lifecycle and cloud infrastructure.


Hands-On Technical Leadership:

  • Provide hands-on leadership in the deployment, configuration, and management of application security scanning tools such as Invicti and Checkmarx.
  • Design and implement application security strategies for cloud-based and on-premises applications, focusing on secure code development and vulnerability management.
  • Serve as a technical subject matter expert on secure coding practices, secure architecture, and vulnerability scanning methods.

Security Code and Vulnerability Scanning:

  • Manage the configuration, customization, and automation of application security scanning tools, enabling comprehensive scanning in CI/CD pipelines.
  • Analyze scan results, triage security findings, and provide detailed remediation guidance to developers.
  • Conduct regular assessments of the scanning tools to optimize their efficiency and accuracy in detecting security vulnerabilities.

Cloud Application Security Validation:

  • Validate that cloud applications adhere to secure coding practices by leveraging static and dynamic analysis tools.
  • Collaborate with cloud architects to design secure application architecture and enforce security policies within cloud environments (AWS, Azure, GCP).
  • Implement and review cloud security configurations, ensuring alignment with security frameworks such as CIS Benchmarks and NIST.

Secure Coding and Developer Enablement:

  • Develop and enforce secure coding guidelines and policies to standardize secure coding practices across development teams.
  • Support secure code reviews, manual penetration tests, and red-team exercises to identify and mitigate complex security flaws.
  • Organize and lead training sessions to enhance developer awareness of common vulnerabilities, security best practices, and secure coding techniques.

Risk Management and Compliance:

  • Evaluate the risk impact of identified vulnerabilities and prioritize remediation efforts based on criticality and business impact.
  • Ensure compliance with security standards (e.g., OWASP Top 10, SANS CWE Top 25) and regulatory requirements.
  • Prepare documentation and evidence for internal audits and external compliance assessments.

Research and Innovation:

  • Stay informed about the latest cybersecurity threats, trends, and emerging technologies relevant to software application security.
  • Evaluate new Application Security CI/CD tools, technologies, and techniques to improve the organization's security posture and stay ahead of potential threats.

Metrics, Reporting, and Continuous Improvement:

  • Define and monitor key performance indicators (KPIs) related to the effectiveness of security scanning tools and the remediation process.
  • Create dashboards and detailed reports to communicate security findings, risk metrics, and remediation progress to stakeholders.
  • Continuously improve the security scanning program by staying current on emerging threats, new vulnerabilities, and the latest security tools.

Qualifications:

  • 7+ years of experience in cybersecurity with a focus on application security, vulnerability management, and cloud application security.
  • Proven experience in deploying, managing, and optimizing application security scanning tools, such as Invicti, Checkmarx, Veracode, or others.
  • Experience in cloud platforms (AWS, Azure, GCP) with a track record of implementing security policies and validating secure coding practices within cloud-native applications.
  • Familiarity with secure code review techniques, both automated and manual, and the ability to identify, evaluate, and address security vulnerabilities across various coding languages (e.g., Java, Python, JavaScript, .NET, etc.).

Preferred Qualifications

  • Bachelor’s or Master’s degree in Computer Science, Cybersecurity, or a related field. Advanced degrees are preferred.

Soft Skills:

  • Demonstrated ability to lead and mentor technical teams, fostering a collaborative and knowledge-sharing environment.
  • Excellent problem-solving and analytical skills, with a proactive approach to identifying and addressing security risks.
  • Strong written and verbal communication skills, with the ability to communicate complex security findings to non-technical stakeholders and collaborate effectively across teams.

Managerial Responsibilities:
This position may also have responsibilities for managing associates. At Bank of America, all managers at this level demonstrate the following responsibilities, in addition to those specific to the role, listed above.

  • Diversity & Inclusion Champion: Models an inclusive environment for employees and clients, aligned to company D&I goals.
  • Manager of Process & Data: Demonstrates deep process knowledge, operational excellence and innovation through a focus on simplicity, data based decision making and continuous improvement.
  • Enterprise Advocate & Communicator: Communicates enterprise decisions, purpose, and results, and connects to team strategy, priorities and contributions.
  • Risk Manager: Ensures proper risk discipline, controls and culture are in place to identify, escalate and debate issues.
  • People Manager & Coach: Provides inspection, coaching and feedback to motivate, differentiate and improve performance.
  • Financial Steward: Actively manages expenses and budgets in alignment with objectives, making sound financial decisions.
  • Enterprise Talent Leader: Assesses talent and builds bench strength for roles across the organization.
  • Driver of Business Outcomes: Delivers results by effectively prioritizing, inspecting and appropriately delegating team work.

Skills:

  • Influence
  • Risk Management
  • Solution Design
  • Stakeholder Management
  • Technical Strategy Development
  • Analytical Thinking
  • Application Development
  • Collaboration
  • Result Orientation
  • Solution Delivery Process
  • Agile Practices
  • Architecture
  • Automation
  • Data Management
  • DevOps Practices
1st shift (United States of America)