girl looking into her desktop
Back to search results

Systems Engineer (PKI)

Addison, Texas

Job Description:

Are you interested in working with the best information security team in the world? Bank of America is hiring top talent to join our team to focus on protecting from cybersecurity risks through world class cybersecurity architecture, engineering, risk management, and governance practices.  

The CST Identity and Authentication Engineering (IAE) PKI Engineering and Digital Certificate Management Services functions within Global Information Security is responsible for defining and implementing the PKI and Certificate management operating model, leading the Governance, Risk, and Compliance management transformation effort and managing critical access operations.  Cryptography and certificate management is considered a key information security capability and this position will be an active participant in the team to drive mature Certificate Management Services and Public Key Infrastructure (PKI) processes and security controls with the in organization.  

This position would report into the CST IAE PKI Governance, Risk, and Compliance team and is pivotal in managing governance activities over PKI and Certificate Management services, including supporting consistency to existing policy, baseline, and process best practices & standards; enhancing those best practices and standards and providing senior management reporting and measurable plans to ensure consistency. 

We invite you to join the Global Information Security team at Bank of America as a SR. Security Engineer.   We are a tight-knit, supportive community focused on delivering the best experience for our customers while remaining sensitive to their unique needs. In this role, you will be using the experience you have gained throughout your career in information security and PKI based systems and tools to develop and maintain PKI security policies and processes.

Responsibilities:

•    Will be an active member of a team focused on building a mature enterprise-wide certificate management services and Public Key Infrastructure capabilities within CST IAE. 
•    Drives maturity of PKI product/service by identifying meaningful metrics to highlight PKI related risks; influencing behavior change within the organization and contributing to the enterprise certificate management and PKI roadmap.
•    Maintains professional and technical process knowledge by keeping abreast of the changing security landscape within the cybersecurity and technology industries, and PKI.
•    Aligns risk and control processes into day to day responsibilities to monitor and mitigate risk.
•    Maintains PKI related policies, standards, and baselines, including Certification Authority CP/CPS. 
•    Effectively communicate PKI/Certificate Management security risks to broad audiences. 
•    Conduct compliance and operational risk assessments on processes where new or heightened risks have materialized or where controls may not be operating at optimal levels.
•    Lead efforts to design and implement monitoring and testing over business processes to assess risk and validate the design and effectiveness of controls which mitigate compliance and operational risks.
•    Takes an active leadership role in maintaining and communicating PKI industry changes, advising and directing business leaders to ensure that PKI requirements are addressed in their respective process and controls so that their day-to-day activities operate in a compliant manner.
•    Review operational events to ensure root cause has been assessed and appropriate remediation plans have been established to strengthen controls. In addition perform thematic review over a series of operational events to assess broader risk trends and themes.
•    Active engagement in Risk and Control related governance routines including the review of risk and control related data and PKI operations
•    Proactively engages other GCOR/BISO including Enterprise Areas of Coverage (EAC) teams to provide comprehensive coverage and oversight over PKI and Certificate Management Operations.
•    Must have some coding or scripting skills to automate newly developed processes and be familiar with MS Sharepint.

Required skills:

•    7+ years of direct experience with PKI and Certificate Management processed and the associated functions. 
•    In-depth knowledge of PKI and its various components, cryptography, certificate management products and services with a focus on operations, governance, risk, and compliance.
•    Keep up on current technologies and maintain awareness of industry trends and threats, focusing on PKI/PKE technologies. 
•    Strong understanding of X509 Certificate, SSL/TLS, IPSEC, Hashing and Cipher Algorithms, and Authentication/Authorization concepts. 
•    In-depth knowledge of the various phases of the Digital Certificate Lifecycle Management
•    Familiarity with PKI Standards, FIPS-140, NIST Standards and Framework, CAB/CA Forum, WebTrust audit, and SOC 2. 
•    Knowledge of the various phases of the Systems Development Life Cycle 
•    Knowledge of policy-based and risk adaptive access controls.
•    Ability to collaborate and work in close partnership across teams and senior leaderships. 
•    Excellent communication skills both oral and written
•    Experience with Venafi and/or KeyFactor certificate management suite
•    Experience with Codesigning
•    Strong proficiency with Hardware Security Module (HSM) technology (SafeNet/nCipher)
•    Strong experience in Public Key Infrastructure (PKI)
•    Demonstrates proven thorough abilities with leveraging creative thinking and problem-solving skills, individual initiative, and thinking “outside of the box” to develop and maintain new processes.
•    Bachelor's degree or equivalent work experience

Desired Skills:
•    Experience in cloud solution development with Azure or AWS architectures as it related to PKI management
•    Understanding of Application and Network security risks, vulnerabilities, and remediation. 
•    Understanding of Authentication products and services.
•    Strong Audit, Risks Management, and Security Compliance experience.  
•    CISSP, CISM, CISA preferred. 

Job Band:

H5

Shift: 

1st shift (United States of America)

Hours Per Week:

40

Weekly Schedule:

Referral Bonus Amount:

0

Job Description:

Are you interested in working with the best information security team in the world? Bank of America is hiring top talent to join our team to focus on protecting from cybersecurity risks through world class cybersecurity architecture, engineering, risk management, and governance practices.  

The CST Identity and Authentication Engineering (IAE) PKI Engineering and Digital Certificate Management Services functions within Global Information Security is responsible for defining and implementing the PKI and Certificate management operating model, leading the Governance, Risk, and Compliance management transformation effort and managing critical access operations.  Cryptography and certificate management is considered a key information security capability and this position will be an active participant in the team to drive mature Certificate Management Services and Public Key Infrastructure (PKI) processes and security controls with the in organization.  

This position would report into the CST IAE PKI Governance, Risk, and Compliance team and is pivotal in managing governance activities over PKI and Certificate Management services, including supporting consistency to existing policy, baseline, and process best practices & standards; enhancing those best practices and standards and providing senior management reporting and measurable plans to ensure consistency. 

We invite you to join the Global Information Security team at Bank of America as a SR. Security Engineer.   We are a tight-knit, supportive community focused on delivering the best experience for our customers while remaining sensitive to their unique needs. In this role, you will be using the experience you have gained throughout your career in information security and PKI based systems and tools to develop and maintain PKI security policies and processes.

Responsibilities:

•    Will be an active member of a team focused on building a mature enterprise-wide certificate management services and Public Key Infrastructure capabilities within CST IAE. 
•    Drives maturity of PKI product/service by identifying meaningful metrics to highlight PKI related risks; influencing behavior change within the organization and contributing to the enterprise certificate management and PKI roadmap.
•    Maintains professional and technical process knowledge by keeping abreast of the changing security landscape within the cybersecurity and technology industries, and PKI.
•    Aligns risk and control processes into day to day responsibilities to monitor and mitigate risk.
•    Maintains PKI related policies, standards, and baselines, including Certification Authority CP/CPS. 
•    Effectively communicate PKI/Certificate Management security risks to broad audiences. 
•    Conduct compliance and operational risk assessments on processes where new or heightened risks have materialized or where controls may not be operating at optimal levels.
•    Lead efforts to design and implement monitoring and testing over business processes to assess risk and validate the design and effectiveness of controls which mitigate compliance and operational risks.
•    Takes an active leadership role in maintaining and communicating PKI industry changes, advising and directing business leaders to ensure that PKI requirements are addressed in their respective process and controls so that their day-to-day activities operate in a compliant manner.
•    Review operational events to ensure root cause has been assessed and appropriate remediation plans have been established to strengthen controls. In addition perform thematic review over a series of operational events to assess broader risk trends and themes.
•    Active engagement in Risk and Control related governance routines including the review of risk and control related data and PKI operations
•    Proactively engages other GCOR/BISO including Enterprise Areas of Coverage (EAC) teams to provide comprehensive coverage and oversight over PKI and Certificate Management Operations.
•    Must have some coding or scripting skills to automate newly developed processes and be familiar with MS Sharepint.

Required skills:

•    7+ years of direct experience with PKI and Certificate Management processed and the associated functions. 
•    In-depth knowledge of PKI and its various components, cryptography, certificate management products and services with a focus on operations, governance, risk, and compliance.
•    Keep up on current technologies and maintain awareness of industry trends and threats, focusing on PKI/PKE technologies. 
•    Strong understanding of X509 Certificate, SSL/TLS, IPSEC, Hashing and Cipher Algorithms, and Authentication/Authorization concepts. 
•    In-depth knowledge of the various phases of the Digital Certificate Lifecycle Management
•    Familiarity with PKI Standards, FIPS-140, NIST Standards and Framework, CAB/CA Forum, WebTrust audit, and SOC 2. 
•    Knowledge of the various phases of the Systems Development Life Cycle 
•    Knowledge of policy-based and risk adaptive access controls.
•    Ability to collaborate and work in close partnership across teams and senior leaderships. 
•    Excellent communication skills both oral and written
•    Experience with Venafi and/or KeyFactor certificate management suite
•    Experience with Codesigning
•    Strong proficiency with Hardware Security Module (HSM) technology (SafeNet/nCipher)
•    Strong experience in Public Key Infrastructure (PKI)
•    Demonstrates proven thorough abilities with leveraging creative thinking and problem-solving skills, individual initiative, and thinking “outside of the box” to develop and maintain new processes.
•    Bachelor's degree or equivalent work experience

Desired Skills:
•    Experience in cloud solution development with Azure or AWS architectures as it related to PKI management
•    Understanding of Application and Network security risks, vulnerabilities, and remediation. 
•    Understanding of Authentication products and services.
•    Strong Audit, Risks Management, and Security Compliance experience.  
•    CISSP, CISM, CISA preferred. 

Shift:

1st shift (United States of America)

Hours Per Week: 

40

Learn more about this role

Full time

JR-21067437

Band: H5

Manages People: No

Travel: Yes, 5% of the time

Manager:

Talent Acquisition Contact:

Nicolas Skaric

Referral Bonus:

0

Street Address

Primary Location:
16001 N Dallas Pkwy, TX, Addison, 75001