Browser security lead

Bank of America – Addison, TX

Job Description:

The browser security lead is an expert in design patterns, standards, theory, and implementation of past, present and future web browser technology at Bank of America.

The lead is a champion who ensures the viability of meeting enterprise cyber-security objectives using web technology, and possesses an intimate level of knowledge of browser architecture and internals, particularly as expressed against contemporary web applications and web-enabled frameworks (e.g., WebRTC, PWAs, REST APIs and websockets frameworks). The lead uses deep technology skills to understand technology risks associated to browsers and client-side web application contexts, and assists software architects, control owners, and technology strategy teams in identifying and navigating architecturally significant technology and risk landscapes. The lead partners with technology leaders from other enterprise technology functions in designing and fulfilling the enterprise browser strategy.

Primary Responsibilities

  • Research, understand, and interpret browser security requirements into practical control objectives and controls
  • Evaluates the fulfillment / achievement of browser security objectives across enterprise and third-party web applications
  • Active participant in browser standards and innovation processes, understands browser technology roadmap and anticipates and articulates architectural ramifications of changes to browser technology
  • Identify enterprise risks, including risks of known unknowns and unknown unknowns, related to browser technology
  • Subject matter expertise in application security of one or more major enterprise web application platforms used by Bank of America, incl. but not limited to Java / J2EE, .Net, Mobile (iOS and / or Android), Big Data, Python, Mainframe
  • Apply and interpret application security objectives in context of designated platforms
  • Identify, champion, and supervise the implementation of defensive controls, methods and processes within Bank applications
  • Contribute to an enterprise library of application security components and systems through vendor selection, evaluation, and original contributions
  • Pro-actively engage stakeholders, including development managers, developers, architects, and governance bodies in the Bank to achieve security objectives
  • Deliver multiple technology projects across multiple teams
  • Regularly interact with senior technology and business management, requiring the ability to explain complex technical matters in a way both technical and non-technical personnel can understand
  • Manage business partner relationships to deliver a seamless and responsive workflow
  • Collaboratively develop technical architectures, processes and procedures pursuant to application security objectives together with business and technical partners
  • Deliver training and collaborate with internal and approved external knowledge-sharing bodies
  • Develop processes and procedures to advance application security objectives, suitable for adoption throughout the Bank
  • Contribute to and interpret enterprise policies, standards, and baselines and mentor personnel with less experience or knowledge of the same

    Required Skills

  • Expert knowledge of one or more browser implementations, preferably among Chrome (or Chromium-family), Safari, Firefox
  • Knowledge of relevant standards and standards activity, including IETF (e.g., HTTP, TLS, and networking), W3 (e.g., WebSockets, PWAs/Service Workers) as well as platform-specific standards
  • Exposure to application security testing techniques
  • Able to read and write software in at least one programming languages such as C, C++, .Net, Java, Python
  • Comprehensive understanding of at least one application security life cycle, up to and including operations, maintenance and decommissioning
  • Knowledge of at least three application security testing methodologies and approaches, including formal methods, system level security, SAST / DAST, threat modeling, ethical hacking and crowd-sourcing
  • Knowledge of cryptographic algorithms, architectures
  • Experience with business planning, governance and management of application development or application security functions at a systemically important financial institution
  • Ability to write policies, standards and baselines around application security and associated topics

    Required Experience Level:

  • 5-10 years of progressive experience in application security and / or software development, at least 2 years of experience with client-side web programming
  • Bachelors degree or higher in CS, IT, a related technical or engineering field
  • Experience working in the financial sector
  • CISSP or similar professional certification, or commensurate experience
  • Desired Skills:

  • Technical writing skills
  • Public speaking skills
  • Cyber security experience at a systemically important financial institution
  • Experience working at a bank, credit union, money services business, or similar
  • Experience with online collaboration tools and technologies such as Sharepoint, Slack, HipChat, video conferencing
  • Experience with source control, agile development, bug tracking, build automation, and change control platforms
  • Understanding of contemporary networking technologies, e.g., TCP/IP, routing, subnetworking, firewalls, VPN and DMZ
  • Knowledge of one or more contemporary endpoint architectures, including Mac, Windows (workstation and/or server), Linux, iOS, Android, mainframe
  • Experience with dynamic application security defensive technology, such as WAF, RASP, and compiler security mechanisms and language-theoretic security
  • Knowledge of NIST 800 series, FIPS standards, ISO 27000 series, CSA and related standards
  • Shift:

    1st shift (United States of America)

    Hours Per Week:


    All Jobs in Addison, TX

    • Apps Dev Tech Lead Analyst

      Citi Irving, TX

      View Job
    • Senior Product Development Manager

      Verizon Irving, TX

      View Job
    • Senior Product Development Manager

      Verizon Irving, TX

      View Job
    • Lead Java Developer

      Verizon Irving, TX

      View Job
    • Inside Sales and Customer Service

      Telvista-1607 LBJ Freeway, Dallas, TX 75234 Dallas, TX

      View Job
    • Tech Support Rep 1

      GTL Irving, TX

      View Job
    • Executive Housekeeper

      Homewood Suites by Hilton Denton Denton, TX

      View Job
    • Store Manager

      H&M Dallas, TX

      View Job
    • Software Architect (R&D)

      Cvent Dallas, TX

      View Job
    • Director, IT Strategy, Manufacturing

      Gartner Irving, TX

      View Job
    • Business Intelligence Administrator II (Epic Clarity Reporting)

      Texas Health Resources Arlington, TX

      View Job

    Featured Articles

    How to Stay Healthy at Work – Employees Health Tips

    30 August 2018

    We spend most of our waking hours in the workplace. Sitting in a chair for hours in front of a computer screen can take a toll on your physical health, this coupled with endless deadlines, meetings and phone calls lead to stress which will impact your mental well-bein

    read more..

    Struts Online Training Program For IT Students

    20 April 2016

    It along with servlet programmers and JSP allows building web applications using the Apache Struts framework. It allows form beans, custom tags, model-view-controller mappings, input validation and tiles view-building framework. Programmers build scalable and maintainable data-driven web application

    read more..

    Want OPT Extension? Here Are Some Tips

    25 September 2015

    Optional Practical for international students is of 12 months long. It can be carried out in chunks while the student is pursuing the graduation. Once the graduation is completed, they have to use the OPT time period as one whole slot. After the OPT work status end th

    read more..

    10 Factors to Consider at Job Search for International Students in USA

    10 February 2017

    A number of international students are now studying in the USA. The job opportunities for international students studying in the USA are very good as they are given a chance to work for a certain period of time. Finding a job after graduation is not an easy process for international students. Th

    read more..

    Thanks For Your Feedback

    Attach A Resume First