Senior Technology Manager - Application Security

Job Description:

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. Responsible Growth is how we run our company and how we deliver for our clients, teammates, communities and shareholders every day.

One of the keys to driving Responsible Growth is being a great place to work for our teammates around the world. We’re devoted to being a diverse and inclusive workplace for everyone. We hire individuals with a broad range of backgrounds and experiences and invest heavily in our teammates and their families by offering competitive benefits to support their physical, emotional, and financial well-being.

Bank of America believes both in the importance of working together and offering flexibility to our employees. We use a multi-faceted approach for flexibility, depending on the various roles in our organization.

Working at Bank of America will give you a great career with opportunities to learn, grow and make an impact, along with the power to make a difference. Join us!

Job Description:
This job is responsible for building and leading a team to deliver technology products and services that meet business outcomes. Key responsibilities include developing a technology strategy, ensuring technology solutions comply with applicable standards, promoting design, engineering, and organizational practices, and advocating and advancing modern, Agile solution delivery practices. Job expectations may include coaching, mentoring, providing feedback and hands on career development, identifying emerging talent, fostering leadership skills, and managing stakeholders.

Position Summary

We are seeking a highly skilled and hands-on Senior Technology Manager specializing in Application Security. This role requires deep technical expertise in secure coding practices, vulnerability scanning, and cloud application security. The Senior Technology Manager will lead technical initiatives focused on security code scanning, application vulnerability scanning using tools such as Invicti, Checkmarx and validating secure coding practices in cloud environments. The Manager will collaborate closely with developers, DevOps, and cloud architects to embed security within the software development lifecycle and cloud infrastructure.

As the Sr. Manager over our Application Security program, you will lead multiple teams in the design, development, test, and delivery of innovative products to identify and reduce security vulnerabilities during the CI/CD process. The Manger will contribute to our mission of safeguarding our valuable assets and data from evolving cyber threats. The leader of this dynamic team and make a significant impact on our organization's security posture and lead us through our Application Security program. This role is highly visible to senior leadership, auditors, and regulators.

The successful candidate will have demonstrated success in building software products, managing engineering teams, coordinating large-scale projects, effectively communicating with executive and technical audiences, and moving quickly to achieve outcomes. This is a technology leadership role requiring software engineering experience to excel but not focused on personal delivery of code.

Key Responsibilities:

Hands-On Technical Leadership:

• Provide hands-on leadership in the deployment, configuration, and management of application security scanning tools such as Invicti and Checkmarx.
• Design and implement application security strategies for cloud-based and on-premises applications, focusing on secure code development and vulnerability management.
• Serve as a technical subject matter expert on secure coding practices, secure architecture, and vulnerability scanning methods.

Security Code and Vulnerability Scanning:

• Manage the configuration, customization, and automation of application security scanning tools, enabling comprehensive scanning in CI/CD pipelines.
• Analyze scan results, triage security findings, and provide detailed remediation guidance to developers.
• Conduct regular assessments of the scanning tools to optimize their efficiency and accuracy in detecting security vulnerabilities.

Cloud Application Security Validation:

• Validate that cloud applications adhere to secure coding practices by leveraging static and dynamic analysis tools.
• Collaborate with cloud architects to design secure application architecture and enforce security policies within cloud environments (AWS, Azure, GCP).
• Implement and review cloud security configurations, ensuring alignment with security frameworks such as CIS Benchmarks and NIST.

Secure Coding and Developer Enablement:

• Develop and enforce secure coding guidelines and policies to standardize secure coding practices across development teams.
• Support secure code reviews, manual penetration tests, and red-team exercises to identify and mitigate complex security flaws.
• Organize and lead training sessions to enhance developer awareness of common vulnerabilities, security best practices, and secure coding techniques.

Risk Management and Compliance:

• Evaluate the risk impact of identified vulnerabilities and prioritize remediation efforts based on criticality and business impact.
• Ensure compliance with security standards (e.g., OWASP Top 10, SANS CWE Top 25) and regulatory requirements.
• Prepare documentation and evidence for internal audits and external compliance assessments.

Research and Innovation:

• Stay informed about the latest cybersecurity threats, trends, and emerging technologies relevant to software application security.
• Evaluate new Application Security CI/CD tools, technologies, and techniques to improve the organization's security posture and stay ahead of potential threats.

Metrics, Reporting, and Continuous Improvement:

• Define and monitor key performance indicators (KPIs) related to the effectiveness of security scanning tools and the remediation process.
• Create dashboards and detailed reports to communicate security findings, risk metrics, and remediation progress to stakeholders.
• Continuously improve the security scanning program by staying current on emerging threats, new vulnerabilities, and the latest security tools.

Qualifications:

• 7+ years of experience in cybersecurity with a focus on application security, vulnerability management, and cloud application security.
• Proven experience in deploying, managing, and optimizing application security scanning tools, such as Invicti, Checkmarx, Veracode, or others.
• Experience in cloud platforms (AWS, Azure, GCP) with a track record of implementing security policies and validating secure coding practices within cloud-native applications.
• Familiarity with secure code review techniques, both automated and manual, and the ability to identify, evaluate, and address security vulnerabilities across various coding languages (e.g., Java, Python, JavaScript, .NET, etc.).

Preferred Qualifications

• Bachelor’s or Master’s degree in Computer Science, Cybersecurity, or a related field. Advanced degrees are preferred.

Soft Skills:

• Demonstrated ability to lead and mentor technical teams, fostering a collaborative and knowledge-sharing environment.
• Excellent problem-solving and analytical skills, with a proactive approach to identifying and addressing security risks.
• Strong written and verbal communication skills, with the ability to communicate complex security findings to non-technical stakeholders and collaborate effectively across teams.

Managerial Responsibilities:
This position may also have responsibilities for managing associates. At Bank of America, all managers at this level demonstrate the following responsibilities, in addition to those specific to the role, listed above.

• Diversity & Inclusion Champion: Models an inclusive environment for employees and clients, aligned to company D&I goals.
• Manager of Process & Data: Demonstrates deep process knowledge, operational excellence and innovation through a focus on simplicity, data based decision making and continuous improvement.
• Enterprise Advocate & Communicator: Communicates enterprise decisions, purpose, and results, and connects to team strategy, priorities and contributions.
• Risk Manager: Ensures proper risk discipline, controls and culture are in place to identify, escalate and debate issues.
• People Manager & Coach: Provides inspection, coaching and feedback to motivate, differentiate and improve performance.
• Financial Steward: Actively manages expenses and budgets in alignment with objectives, making sound financial decisions.
• Enterprise Talent Leader: Assesses talent and builds bench strength for roles across the organization.
• Driver of Business Outcomes: Delivers results by effectively prioritizing, inspecting and appropriately delegating team work.

Skills:

• Influence
• Risk Management
• Solution Design
• Stakeholder Management
• Technical Strategy Development
• Analytical Thinking
• Application Development
• Collaboration
• Result Orientation
• Solution Delivery Process
• Agile Practices
• Architecture
• Automation
• Data Management
• DevOps Practices

Shift:

Hours Per Week: