Bank of America
Senior Vulnerability Platform Development Manager
Bank of America, Washington, District of Columbia, us, 20022
Senior Vulnerability Platform Development Manager
Chicago, Illinois; Washington, District of Columbia; Denver, Colorado
Job Description:
At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. Responsible Growth is how we run our company and how we deliver for our clients, teammates, communities and shareholders every day.
One of the keys to driving Responsible Growth is being a great place to work for our teammates around the world. We’re devoted to being a diverse and inclusive workplace for everyone. We hire individuals with a broad range of backgrounds and experiences and invest heavily in our teammates and their families by offering competitive benefits to support their physical, emotional, and financial well-being.
Bank of America believes both in the importance of working together and offering flexibility to our employees. We use a multi-faceted approach for flexibility, depending on the various roles in our organization.
Working at Bank of America will give you a great career with opportunities to learn, grow and make an impact, along with the power to make a difference. Join us!
Position Summary:
This job is responsible for building and leading a team to deliver technology products and services that meet business outcomes. Key responsibilities include developing a technology strategy, ensuring technology solutions comply with applicable standards, promoting design, engineering, and organizational practices, and advocating and advancing modern, Agile solution delivery practices. Job expectations may include coaching, mentoring, providing feedback and hands-on career development, identifying emerging talent, fostering leadership skills, and managing stakeholders.
We are looking for an experienced and dedicated
Senior Vulnerability Platform Development Manager
to lead our continuous monitoring and vulnerability management initiatives. The successful candidate will oversee the discovery, assessment, prioritization, and remediation of vulnerabilities across our IT infrastructure. This role requires a deep understanding of tools that support vulnerability management (ServiceNow, etc.), and security best practices to protect our organization’s assets and ensure compliance with industry standards. As the Sr Manager over our Vulnerability Continuous Monitoring program, you will lead multiple teams in the design, development, test, and delivery of innovative products to identify and reduce security vulnerabilities for our company. The Manager will contribute to our mission of safeguarding our valuable assets and data from evolving cyber threats. This role is highly visible to senior leadership, auditors, and regulators. The successful candidate will have demonstrated success in building software products, managing engineering teams, coordinating large-scale projects, effectively communicating with executive and technical audiences, and moving quickly to achieve outcomes. This is a technology leadership role requiring software engineering experience to excel but not focused on personal delivery of code. Key Responsibilities: Leadership and Team Management:
Lead, mentor, and manage a team of Continuous Monitoring developers focused on security operations, vulnerability discovery, and remediation. Collaborate with security, IT, and business stakeholders to align vulnerability management efforts with organizational goals and priorities. Drive the development and enhancement of Continuous Monitoring modules and integrations related to continuous monitoring and vulnerability management.
Cross Team Leadership:
Work across business and technology at the executive level to provide vulnerability management solutions that minimize the attack surface and protect the company from cyber threats. Manage relationships with business, technology executives, sponsors, and vendors to identify and address vulnerabilities and respond to cyber security attacks. Help to resolve organizational impediments by sponsoring opportunities that improve processes, while identifying new opportunities to enhance efficiency and gain a competitive advantage. Conduct portfolio level resourcing and financial management activities.
Vulnerability Discovery and Asset Prioritization:
Oversee the integration of vulnerability discovery tools (e.g., Qualys, Aqua, SkyBox) with Continuous Monitoring tool (ServiceNow, etc.) to automate the detection of vulnerabilities across systems, applications, and networks. Establish and maintain a process for asset prioritization, ensuring that the most critical assets are identified and monitored continuously. Develop and implement workflows in Continuous Monitoring to categorize and prioritize discovered vulnerabilities based on asset criticality, risk, and impact.
Vulnerability Assessment and Prioritization:
Manage the assessment of vulnerabilities, ensuring that they are accurately classified and prioritized for remediation based on severity and potential impact. Develop and maintain dashboards and reports within Continuous Monitoring to provide real-time visibility into the organization’s vulnerability landscape. Implement risk-based prioritization frameworks to guide remediation efforts, focusing on vulnerabilities that pose the greatest risk to the organization.
Vulnerability Remediation and Reporting:
Coordinate with IT and security teams to ensure timely remediation of vulnerabilities, using workflows to track progress and resolution. Ensure that remediation actions are documented and comply with internal policies and regulatory requirements. Generate comprehensive reports for stakeholders, detailing vulnerability status, remediation progress, and risk reduction efforts.
Continuous Monitoring and Process Improvement:
Implement continuous monitoring processes within Continuous Monitoring to detect and respond to emerging vulnerabilities in real time. Identify opportunities for improving vulnerability management processes, including automation, reporting, and integration with other security tools. Stay informed on the latest vulnerabilities, threats, and industry trends to proactively adapt the organization’s security posture.
Compliance and Risk Management:
Ensure that all vulnerability management activities comply with relevant security standards, regulations, and industry best practices. Support audit and compliance efforts by providing accurate and timely information on vulnerability management activities and remediation efforts. Manage risk by developing and implementing strategies to mitigate vulnerabilities before they can be exploited.
Research and Innovation:
Stay informed about the latest cybersecurity threats, trends, and emerging technologies relevant to vulnerability development and security operations. Evaluate new Continuous Monitoring tools, technologies, and techniques to improve the organization's security posture and stay ahead of potential threats.
Qualifications: Proven experience as a Enterprise Vulnerability Monitoring Developer, with a focus on security operations and vulnerability management. Bachelor's or Master's degree in Computer Science, Information Security, or a related field or equivalent experience. Proven experience in Continuous Monitoring (ServiceNow, etc.) development and security operations, with a successful track record of leading Continuous Monitoring projects from conception to implementation. In-depth knowledge of vulnerability discovery tools (e.g., Qualys, Aqua, SkyBox) and their integration with a Vulnerability Monitoring Platform. Proficiency in scripting and development within industry related vulnerability management platforms (e.g., JavaScript, GlideScript) to customize and optimize workflows. Strong leadership abilities, with experience in managing technical teams and driving successful outcomes. Excellent problem-solving skills, analytical mindset, and a proactive approach to addressing security challenges. Preferred Qualifications: Experience in cybersecurity, vulnerability management, and security operations within large enterprises. Familiarity with ITIL practices and certification. Knowledge of regulatory requirements and compliance related to cybersecurity and vulnerability management. Experience in managing security projects and driving process improvements. Skills: Influence Risk Management Solution Design Stakeholder Management Technical Strategy Development Analytical Thinking Application Development Collaboration Result Orientation Solution Delivery Process Agile Practices Architecture Automation Data Management DevOps Practices Shift: 1st shift (United States of America) Hours Per Week: 40 Bank of America and its affiliates consider for employment and hire qualified candidates without regard to race, religious creed, religion, color, sex, sexual orientation, genetic information, gender, gender identity, gender expression, age, national origin, ancestry, citizenship, protected veteran or disability status or any factor prohibited by law, and as such affirms in policy and practice to support and promote the concept of equal employment opportunity and affirmative action, in accordance with all applicable federal, state, provincial and municipal laws.
#J-18808-Ljbffr
Senior Vulnerability Platform Development Manager
to lead our continuous monitoring and vulnerability management initiatives. The successful candidate will oversee the discovery, assessment, prioritization, and remediation of vulnerabilities across our IT infrastructure. This role requires a deep understanding of tools that support vulnerability management (ServiceNow, etc.), and security best practices to protect our organization’s assets and ensure compliance with industry standards. As the Sr Manager over our Vulnerability Continuous Monitoring program, you will lead multiple teams in the design, development, test, and delivery of innovative products to identify and reduce security vulnerabilities for our company. The Manager will contribute to our mission of safeguarding our valuable assets and data from evolving cyber threats. This role is highly visible to senior leadership, auditors, and regulators. The successful candidate will have demonstrated success in building software products, managing engineering teams, coordinating large-scale projects, effectively communicating with executive and technical audiences, and moving quickly to achieve outcomes. This is a technology leadership role requiring software engineering experience to excel but not focused on personal delivery of code. Key Responsibilities: Leadership and Team Management:
Lead, mentor, and manage a team of Continuous Monitoring developers focused on security operations, vulnerability discovery, and remediation. Collaborate with security, IT, and business stakeholders to align vulnerability management efforts with organizational goals and priorities. Drive the development and enhancement of Continuous Monitoring modules and integrations related to continuous monitoring and vulnerability management.
Cross Team Leadership:
Work across business and technology at the executive level to provide vulnerability management solutions that minimize the attack surface and protect the company from cyber threats. Manage relationships with business, technology executives, sponsors, and vendors to identify and address vulnerabilities and respond to cyber security attacks. Help to resolve organizational impediments by sponsoring opportunities that improve processes, while identifying new opportunities to enhance efficiency and gain a competitive advantage. Conduct portfolio level resourcing and financial management activities.
Vulnerability Discovery and Asset Prioritization:
Oversee the integration of vulnerability discovery tools (e.g., Qualys, Aqua, SkyBox) with Continuous Monitoring tool (ServiceNow, etc.) to automate the detection of vulnerabilities across systems, applications, and networks. Establish and maintain a process for asset prioritization, ensuring that the most critical assets are identified and monitored continuously. Develop and implement workflows in Continuous Monitoring to categorize and prioritize discovered vulnerabilities based on asset criticality, risk, and impact.
Vulnerability Assessment and Prioritization:
Manage the assessment of vulnerabilities, ensuring that they are accurately classified and prioritized for remediation based on severity and potential impact. Develop and maintain dashboards and reports within Continuous Monitoring to provide real-time visibility into the organization’s vulnerability landscape. Implement risk-based prioritization frameworks to guide remediation efforts, focusing on vulnerabilities that pose the greatest risk to the organization.
Vulnerability Remediation and Reporting:
Coordinate with IT and security teams to ensure timely remediation of vulnerabilities, using workflows to track progress and resolution. Ensure that remediation actions are documented and comply with internal policies and regulatory requirements. Generate comprehensive reports for stakeholders, detailing vulnerability status, remediation progress, and risk reduction efforts.
Continuous Monitoring and Process Improvement:
Implement continuous monitoring processes within Continuous Monitoring to detect and respond to emerging vulnerabilities in real time. Identify opportunities for improving vulnerability management processes, including automation, reporting, and integration with other security tools. Stay informed on the latest vulnerabilities, threats, and industry trends to proactively adapt the organization’s security posture.
Compliance and Risk Management:
Ensure that all vulnerability management activities comply with relevant security standards, regulations, and industry best practices. Support audit and compliance efforts by providing accurate and timely information on vulnerability management activities and remediation efforts. Manage risk by developing and implementing strategies to mitigate vulnerabilities before they can be exploited.
Research and Innovation:
Stay informed about the latest cybersecurity threats, trends, and emerging technologies relevant to vulnerability development and security operations. Evaluate new Continuous Monitoring tools, technologies, and techniques to improve the organization's security posture and stay ahead of potential threats.
Qualifications: Proven experience as a Enterprise Vulnerability Monitoring Developer, with a focus on security operations and vulnerability management. Bachelor's or Master's degree in Computer Science, Information Security, or a related field or equivalent experience. Proven experience in Continuous Monitoring (ServiceNow, etc.) development and security operations, with a successful track record of leading Continuous Monitoring projects from conception to implementation. In-depth knowledge of vulnerability discovery tools (e.g., Qualys, Aqua, SkyBox) and their integration with a Vulnerability Monitoring Platform. Proficiency in scripting and development within industry related vulnerability management platforms (e.g., JavaScript, GlideScript) to customize and optimize workflows. Strong leadership abilities, with experience in managing technical teams and driving successful outcomes. Excellent problem-solving skills, analytical mindset, and a proactive approach to addressing security challenges. Preferred Qualifications: Experience in cybersecurity, vulnerability management, and security operations within large enterprises. Familiarity with ITIL practices and certification. Knowledge of regulatory requirements and compliance related to cybersecurity and vulnerability management. Experience in managing security projects and driving process improvements. Skills: Influence Risk Management Solution Design Stakeholder Management Technical Strategy Development Analytical Thinking Application Development Collaboration Result Orientation Solution Delivery Process Agile Practices Architecture Automation Data Management DevOps Practices Shift: 1st shift (United States of America) Hours Per Week: 40 Bank of America and its affiliates consider for employment and hire qualified candidates without regard to race, religious creed, religion, color, sex, sexual orientation, genetic information, gender, gender identity, gender expression, age, national origin, ancestry, citizenship, protected veteran or disability status or any factor prohibited by law, and as such affirms in policy and practice to support and promote the concept of equal employment opportunity and affirmative action, in accordance with all applicable federal, state, provincial and municipal laws.
#J-18808-Ljbffr