Application Security Architecture Portfolio Analyst Lead
Chicago, IL

Job Description

Job Description:

Bank of America employs tens of thousands of developers who implement thousands of applications in millions of lines of code. Our effectiveness in application security hinges upon a sound comprehension of the myriad architectures of the solutions we bank on.

The architect is responsible for engaging with enterprise architects, solution architects, and analysts to identify and capture artifacts of application architecture, decorate these artifacts with application security attributes, process interconnections, and technology interaction points. The architect engages with control functions, such as information security officers, to ensure that the information is timely and presented in ways that control functions can consume.

The architect will be responsible for interpreting standards and baselines that establish enterprise security objectives and accountability among stakeholders, and will engage stakeholders to understand spirit and the letter of policy governance documents as well as enterprise context. As needed, the architect will escalate to architect leads and policy governance representatives in situations where standards and baselines may need to be revised in light of evolving business requirements.

The architect will regularly interact with technical as well as non-technical personnel and will leverage communications skills to understand conflicting points of view and build rapport with stakeholders of varying and diverse background, interests, and abilities.

With a background in security of specific technologies, the architect will share experience and expertise with team members and will participate in peer reviews of execution and delivery of application security architecture services.

Primary Responsibilities

* Engage technology teams, enterprise architects and application architects to identify and understand significant architectures used at the bank
* Align with information security architects to understand the trajectory of evolving information security control technologies and processes
* Contribute to the development of enterprise application security objectives and metrics
* Build and manage an enterprise library of application security assemblies components and systems
* Pro-actively engage stakeholders, including development managers, developers, architects, and governance bodies in the Bank to achieve security objectives
* Deliver multiple technology projects across multiple teams
* Regularly interact with senior technology and business management, requiring the ability to explain complex technical matters in a way both technical and non-technical personnel can understand
* Manage business partner relationships to deliver a seamless and responsive workflow
* Collaboratively develop technical architectures, processes and procedures pursuant to application security objectives together with business and technical partners
* Contribute to and interpret enterprise policies, standards, and baselines

Required Skills


* Knowledge of one or more enterprise application platforms and secure development in the same
* Knowledge of relevant standards, including IETF (e.g., HTTP, TLS, and networking), W3 (e.g., HTML, Javascript, DOM) as well as platform-specific standards
* Exposure to application security testing techniques
* Able to read and write software in at least one programming language such as C, C++, .Net, Java, Python
* Comprehensive understanding of at least one application security life cycle, up to and including operations, maintenance and decommissioning
* Knowledge of at least one application security testing methodology / approach, including formal methods, system level security, SAST / DAST, threat modeling, ethical hacking and crowd-sourcing
* Experience with business planning, governance and management of application development or application security functions at a systemically important financial institution
* Ability to write policies, standards and baselines around application security and associated topics

Required Experience Level:


* 5-10 years of progressive experience in application security and / or software development, at least 2 years of experience in application security
* Bachelor's degree or higher in CS, IT, a related technical or engineering field

Desired Skills:


* Application development or security testing experience
* Experience working in the financial sector
* CISSP or similar professional certification, or commensurate experience
* Technical writing skills
* Public speaking skills
* Cyber security experience at a systemically important financial institution
* Experience working at a bank, credit union, money services business, or similar
* Experience with online collaboration tools and technologies such as Sharepoint, Slack, HipChat, video conferencing
* Experience with source control, agile development, bug tracking, build automation, and change control platforms
* Understanding of contemporary networking technologies, e.g., TCP/IP, routing, subnetworking, firewalls, VPN and DMZ
* Knowledge of one or more contemporary endpoint architectures, including Mac, Windows (workstation and/or server), Linux, iOS, Android, mainframe
* Experience with dynamic application security defensive technology, such as WAF, RASP, and compiler security mechanisms and language-theoretic security
* Knowledge of NIST 800 series, FIPS standards, ISO 27000 series, CSA and related standards
*

Posting Date: 06/12/2019

Location: Chicago, IL, 135 S LA SALLE ST (IL4135), Addison, TX, 16001 N Dallas Pkwy (TX8044), - United States

Travel: No

Full / Part-time: Full time

Hours Per Week: 40

Shift: 1st shift