Bank of America is seeking to improve the security and compliance of its cloud infrastructure and workloads by developing software solutions to provide compliance evidencing and effectiveness measurements.
Requirements
- Experience: Significant experience in cybersecurity across multiple domains, with a strong focus on cloud security and integrating controls as code.
- Technical Expertise: Deep knowledge of cloud platforms (AWS, Azure, GCP) and significant experience building and operating cloud-native security tools and services.
- Programming & Scripting: Proficiency in programming and scripting languages (e.g., Python, Go, Shell) used for automation and security integration.
- Infrastructure as Code (IaC): Significant Hands-on experience building Cloud Services with IaC tools such as Terraform, CloudFormation, or similar.
- DevSecOps: Strong understanding of DevSecOps principles and experience integrating security into CI/CD pipelines and operational processes.
- Certifications: Relevant certifications such as AWS Solutions Architect; AWS Security Specialty AWS Certified Security; AWS Certified Developer; Azure Developer Associate & Azure Security Engineer Associate; Certified Kubernetes Application Developer.
Responsibilities
- Design & Implementation: Design, develop and integrate solutions to gather security control evidence across multiple cloud platforms (e.g., AWS, Azure, GCP) to ensure the security and compliance of cloud infrastructure and workloads.
- Controls Evidencing and Enforcement: Identify security controls applicable to CI/CD pipeline and in the runtime environments to prevent misconfigurations, enforce security best practices and security standards.
- Compliance & Governance: Demonstrate that our cloud environments comply with internal control requirements and regulatory obligations, with robust reporting and dashboards.
- Advocacy: Communicate the possibilities the Cloud Provides for Cybersecurity vision and roadmap to stakeholders and the team and drive user adoption.
- Collaboration: Work closely with DevOps, engineering, and IT teams to integrate security best practices into CI/CD pipelines, ensuring secure and efficient deployment processes.
- Documentation: Maintain comprehensive documentation of security controls, policies, and procedures for cloud environments.
Other
- Bachelor's degree or higher in a relevant field
- Travel requirements: Not specified
- Clearance requirements: Not specified
- Visa requirements: Not specified
- Strong written and verbal communication skills, with the ability influence at all levels by explain complex security concepts to non-technical stakeholders.
