Logo
Bank of America

Senior Vulnerability Platform Development Manager

Bank of America, Denver, Colorado, United States, 80285


Senior Vulnerability Platform Development Manager

Chicago, Illinois;Washington, District of Columbia; Denver, Colorado

Job Description:

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. Responsible Growth is how we run our company and how we deliver for our clients, teammates, communities and shareholders every day.

One of the keys to driving Responsible Growth is being a great place to work for our teammates around the world. We’re devoted to being a diverse and inclusive workplace for everyone. We hire individuals with a broad range of backgrounds and experiences and invest heavily in our teammates and their families by offering competitive benefits to support their physical, emotional, and financial well-being.

Bank of America believes both in the importance of working together and offering flexibility to our employees. We use a multi-faceted approach for flexibility, depending on the various roles in our organization.

Working at Bank of America will give you a great career with opportunities to learn, grow and make an impact, along with the power to make a difference. Join us!

Job Description:

This job is responsible for building and leading a team to deliver technology products and services that meet business outcomes. Key responsibilities include developing a technology strategy, ensuring technology solutions comply with applicable standards, promoting design, engineering, and organizational practices, and advocating and advancing modern, Agile solution delivery practices. Job expectations may include coaching, mentoring, providing feedback and hands on career development, identifying emerging talent, fostering leadership skills, and managing stakeholders.

Position Summary

We are looking for an experienced and dedicated Senior Vulnerability Platform Development Manager to lead our continuous monitoring and vulnerability management initiatives. The successful candidate will oversee the discovery, assessment, prioritization, and remediation of vulnerabilities across our IT infrastructure. This role requires a deep understanding of tools that support vulnerability management (ServiceNow, ect…) , and security best practices to protect our organization’s assets and ensure compliance with industry standards.

As the Sr Manager over our Vulnerability Continuous Monitoring program, you will lead multiple teams in the design, development, test, and delivery of innovative products to identify and reduce security vulnerabilities for our company. The Manger will contribute to our mission of safeguarding our valuable assets and data from evolving cyber threats. The leader of this dynamic team and make a significant impact on our organization's security posture and lead us through our next generation Continuous Monitoring program. This role is highly visible to senior leadership, auditors, and regulators.

The successful candidate will have demonstrated success in building software products, managing engineering teams, coordinating large-scale projects, effectively communicating with executive and technical audiences, and moving quickly to achieve outcomes. This is a technology leadership role requiring software engineering experience to excel but not focused on personal delivery of code.

Key Responsibilities:

Leadership and Team Management

Lead, mentor, and manage a team of Continuous Monitoring developers focused on security operations, vulnerability discovery, and remediation.

Collaborate with security, IT, and business stakeholders to align vulnerability management efforts with organizational goals and priorities.

Drive the development and enhancement of Continuous Monitoring modules and integrations related to continuous monitoring and vulnerability management.

Cross Team Leadership

Works across business and technology at the -executive level to provide vulnerability management solutions that minimize the attack surface and protect the company from cyber-threats.

Manages relationships with business, technology executives, sponsors, and vendors to identify and address vulnerabilities and respond to cyber security attacks.

Helps to resolve organizational impediments by sponsoring opportunities that improve processes, while identifying new opportunities to enhance efficiency and gain a competitive advantage.

Conducts portfolio level resourcing and financial management activities.

Vulnerability Discovery and Asset Prioritization

Oversee the integration of vulnerability discovery tools (e.g., Qualys, Aqua, SkyBox) with Continuous Monitoring tool (ServiceNow, ect…) to automate the detection of vulnerabilities across systems, applications, and networks.

Establish and maintain a process for asset prioritization, ensuring that the most critical assets are identified and monitored continuously.

Develop and implement workflows in Continuous Monitoring to categorize and prioritize discovered vulnerabilities based on asset criticality, risk, and impact.

Vulnerability Assessment and Prioritization

Manage the assessment of vulnerabilities, ensuring that they are accurately classified and prioritized for remediation based on severity and potential impact.

Develop and maintain dashboards and reports within Continuous Monitoring to provide real-time visibility into the organization’s vulnerability landscape.

Implement risk-based prioritization frameworks to guide remediation efforts, focusing on vulnerabilities that pose the greatest risk to the organization

Vulnerability Remediation and Reporting

Coordinate with IT and security teams to ensure timely remediation of vulnerabilities, using workflows to track progress and resolution.

Ensure that remediation actions are documented and comply with internal policies and regulatory requirements.

Generate comprehensive reports for stakeholders, detailing vulnerability status, remediation progress, and risk reduction efforts.

Continuous Monitoring and Process Improvement

Implement continuous monitoring processes within Continuous Monitoring to detect and respond to emerging vulnerabilities in real time.

Identify opportunities for improving vulnerability management processes, including automation, reporting, and integration with other security tools.

Stay informed on the latest vulnerabilities, threats, and industry trends to proactively adapt the organization’s security posture.

Compliance and Risk Management

Ensure that all vulnerability management activities comply with relevant security standards, regulations, and industry best practices.

Support audit and compliance efforts by providing accurate and timely information on vulnerability management activities and remediation efforts.

Manage risk by developing and implementing strategies to mitigate vulnerabilities before they can be exploited.

Research and Innovation:

Stay informed about the latest cybersecurity threats, trends, and emerging technologies relevant to vulnerability development and security operations.

Evaluate new Continuous Monitoring tools, technologies, and techniques to improve the organization's security posture and stay ahead of potential threats.

Qualifications:

Proven experience as a Enterprise Vulnerability Monitoring Developer, with a focus on security operations and vulnerability management.

Bachelor's or Master's degree in Computer Science, Information Security, or a related field or equivalent experience.

Proven experience in Continuous Monitoring (ServiceNow, ect…) development and security operations, with a successful track record of leading Continuous Monitoring projects from conception to implementation.

In-depth knowledge of vulnerability discovery tools (e.g., Qualys, Aqua, SkyBox) and their integration with a Vulnerability Monitoring Platform.

Proficiency in scripting and development within industry related vulnerability management platforms (e.g., JavaScript, GlideScript) to customize and optimize workflows.

Strong leadership abilities, with experience in managing technical teams and driving successful outcomes.

Excellent problem-solving skills, analytical mindset, and a proactive approach to addressing security challenges.

Preferred Qualifications

Experience in cybersecurity, vulnerability management, and security operations within large enterprises.

Familiarity with ITIL practices and certification.

Knowledge of regulatory requirements and compliance related to cybersecurity and vulnerability management.

Experience in managing security projects and driving process improvements.

Skills:

Influence

Risk Management

Solution Design

Stakeholder Management

Technical Strategy Development

Analytical Thinking

Application Development

Collaboration

Result Orientation

Solution Delivery Process

Agile Practices

Architecture

Automation

Data Management

DevOps Practices

Shift:

1st shift (United States of America)

Hours Per Week:

40

Bank of America and its affiliates consider for employment and hire qualified candidates without regard to race, religious creed, religion, color, sex, sexual orientation, genetic information, gender, gender identity, gender expression, age, national origin, ancestry, citizenship, protected veteran or disability status or any factor prohibited by law, and as such affirms in policy and practice to support and promote the concept of equal employment opportunity and affirmative action, in accordance with all applicable federal, state, provincial and municipal laws. The company also prohibits discrimination on other bases such as medical condition, marital status or any other factor that is irrelevant to the performance of our teammates.

To view the "EEO is the Law" poster, CLICK HERE (https://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf) .

To view the "EEO is the Law" Supplement, CLICK HERE (https://www.dol.gov/ofccp/regs/compliance/posters/pdf/OFCCP_EEO_Supplement_Final_JRF_QA_508c.pdf) .

View the LA County Fair Chance Ordinance (https://dcba.lacounty.gov/wp-content/uploads/2024/08/FCOE-Official-Notice-Eng-Final-8.30.2024.pdf) .

Bank of America aims to create a workplace free from the dangers and resulting consequences of illegal and illicit drug use and alcohol abuse. Our Drug-Free Workplace and Alcohol Policy (“Policy”) establishes requirements to prevent the presence or use of illegal or illicit drugs or unauthorized alcohol on Bank of America premises and to provide a safe work environment.

To view Bank of America’s Drug-free Workplace and Alcohol Policy, CLICK HERE .

This communication provides information about certain Bank of America benefits. Receipt of this document does not automatically entitle you to benefits offered by Bank of America. Every effort has been made to ensure the accuracy of this communication. However, if there are discrepancies between this communication and the official plan documents, the plan documents will always govern. Bank of America retains the discretion to interpret the terms or language used in any of its communications according to the provisions contained in the plan documents. Bank of America also reserves the right to amend or terminate any benefit plan in its sole discretion at any time for any reason.