Application Security Architecture Portfolio Analyst Lead

Bank of America – Addison, TX

Job Description:

Bank of America employs tens of thousands of developers who implement thousands of applications in millions of lines of code. Our effectiveness in application security hinges upon a sound comprehension of the myriad architectures of the solutions we bank on.

The architect is responsible for engaging with enterprise architects, solution architects, and analysts to identify and capture artifacts of application architecture, decorate these artifacts with application security attributes, process interconnections, and technology interaction points. The architect engages with control functions, such as information security officers, to ensure that the information is timely and presented in ways that control functions can consume.

The architect will be responsible for interpreting standards and baselines that establish enterprise security objectives and accountability among stakeholders, and will engage stakeholders to understand spirit and the letter of policy governance documents as well as enterprise context. As needed, the architect will escalate to architect leads and policy governance representatives in situations where standards and baselines may need to be revised in light of evolving business requirements.

The architect will regularly interact with technical as well as non-technical personnel and will leverage communications skills to understand conflicting points of view and build rapport with stakeholders of varying and diverse background, interests, and abilities.

With a background in security of specific technologies, the architect will share experience and expertise with team members and will participate in peer reviews of execution and delivery of application security architecture services.

Primary Responsibilities

  • Engage technology teams, enterprise architects and application architects to identify and understand significant architectures used at the bank
  • Align with information security architects to understand the trajectory of evolving information security control technologies and processes
  • Contribute to the development of enterprise application security objectives and metrics
  • Build and manage an enterprise library of application security assemblies components and systems
  • Pro-actively engage stakeholders, including development managers, developers, architects, and governance bodies in the Bank to achieve security objectives
  • Deliver multiple technology projects across multiple teams
  • Regularly interact with senior technology and business management, requiring the ability to explain complex technical matters in a way both technical and non-technical personnel can understand
  • Manage business partner relationships to deliver a seamless and responsive workflow
  • Collaboratively develop technical architectures, processes and procedures pursuant to application security objectives together with business and technical partners
  • Contribute to and interpret enterprise policies, standards, and baselines

    Required Skills

  • Knowledge of one or more enterprise application platforms and secure development in the same
  • Knowledge of relevant standards, including IETF (e.g., HTTP, TLS, and networking), W3 (e.g., HTML, Javascript, DOM) as well as platform-specific standards
  • Exposure to application security testing techniques
  • Able to read and write software in at least one programming language such as C, C++, .Net, Java, Python
  • Comprehensive understanding of at least one application security life cycle, up to and including operations, maintenance and decommissioning
  • Knowledge of at least one application security testing methodology / approach, including formal methods, system level security, SAST / DAST, threat modeling, ethical hacking and crowd-sourcing
  • Experience with business planning, governance and management of application development or application security functions at a systemically important financial institution
  • Ability to write policies, standards and baselines around application security and associated topics

    Required Experience Level:

  • 5-10 years of progressive experience in application security and / or software development, at least 2 years of experience in application security
  • Bachelors degree or higher in CS, IT, a related technical or engineering field

    Desired Skills:

  • Application development or security testing experience
  • Experience working in the financial sector
  • CISSP or similar professional certification, or commensurate experience
  • Technical writing skills
  • Public speaking skills
  • Cyber security experience at a systemically important financial institution
  • Experience working at a bank, credit union, money services business, or similar
  • Experience with online collaboration tools and technologies such as Sharepoint, Slack, HipChat, video conferencing
  • Experience with source control, agile development, bug tracking, build automation, and change control platforms
  • Understanding of contemporary networking technologies, e.g., TCP/IP, routing, subnetworking, firewalls, VPN and DMZ
  • Knowledge of one or more contemporary endpoint architectures, including Mac, Windows (workstation and/or server), Linux, iOS, Android, mainframe
  • Experience with dynamic application security defensive technology, such as WAF, RASP, and compiler security mechanisms and language-theoretic security
  • Knowledge of NIST 800 series, FIPS standards, ISO 27000 series, CSA and related standards
  • Shift:

    1st shift (United States of America)

    Hours Per Week:


    This job posting is no longer available on OPTnation.
    Find similar jobs: on Job Search

    All Jobs in Addison, TX

    • Enterprise Content Management Platform Lead

      Wells Fargo Irving, TX

      View Job
    • Architecture Lead Analyst

      Citi Irving, TX

      View Job
    • Solutions Architect-Credit Delivery Products

      Texas Capital Bank Richardson, TX

      View Job
    • General Engineer/Operations Research Analyst (Interdisciplinary)

      Transportation Security Administration Dallas, TX

      View Job
    • General Engineer/Operations Research Analyst (Interdisciplinary)

      Transportation Security Administration Dallas, TX

      View Job
    • Azure Application Architect

      Quisitive Dallas, TX

      View Job
    • Agile Business Analyst/Product Owner - Global Identity Access Manageme

      JP Morgan Chase Lewisville, TX

      View Job
    • Senior Engagement Manager - Salesforce

      Deloitte Dallas, TX

      View Job
    • Agile Business Analyst - Global Identity Access Management

      JP Morgan Chase Lewisville, TX

      View Job
    • Data Governance Lead

      McKesson Dallas-Fort Worth, TX

      View Job
    • Senior Manager, Enterprise Application Services

      Triumph Group Arlington, TX

      View Job

    Featured Articles

    H-1B Visa Application Process Rules Released With No Changes in H1B VISA

    03 April 2017

    The H1B visa application(s) were lined up to launch Monday April 3rd, and the President Donald Trump's proposed policy changes appears to be absent and not effective for this year. The USCIS started accepting H1B visa application(s

    read more..

    SAP Testing Online Training For IT Developers

    28 April 2016

    SAP Testing is an integrated effort that requires skills and expertise of various resources like ABAP developers, SMEs, business analysts and functional configuration resources. It is a complex and esoteric module. It uses applications like SAP EP and R/3 for testing. It allows two paths: SIT (syste

    read more..

    Top 8 Skills To Become Successful In 21st Century

    22 December 2015

    Many of the time it happens that we are constantly influenced by how we behave in various situations and conditions. Our reactions and actions on everything thing these days are observed and judged. This plays an important role in creating our public image. Much of em

    read more..

    SAP LSO Online Training In USA For Developers

    02 May 2016

    SAP LSO stands for SAP Learning Solution. It consists of a Web-based learning portal, course administrator portal, instructor portal, an authoring environment, and training management in the ERP system. It opens the door for development. It can be integrated into company software that is already ins

    read more..

    Thanks For Your Feedback

    Attach A Resume First