Cloud & Mobile Malware Control Owner

Job Description:

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. We do this by driving Responsible Growth and delivering for our clients, teammates, communities and shareholders every day.

Being a Great Place to Work is core to how we drive Responsible Growth. This includes our commitment to being an inclusive workplace, attracting and developing exceptional talent, supporting our teammates’ physical, emotional, and financial wellness, recognizing and rewarding performance, and how we make an impact in the communities we serve.

Bank of America is committed to an in-office culture with specific requirements for office-based attendance and which allows for an appropriate level of flexibility for our teammates and businesses based on role-specific considerations.

At Bank of America, you can build a successful career with opportunities to learn, grow, and make an impact. Join us!
 

Job Description:
This job is responsible for leading evaluations of cyber security threats and enhancing defensive capabilities to reduce the bank's risk of exposure. Key responsibilities include conducting analyses of the threat environment and threats to the bank, including post incident analysis, applying a multi-faceted situational awareness of cyber security process to protect against threats, and implementing proactive defensive actions for the security, continuity, and confidentiality of information.

Seeking a highly skilled and motivated cybersecurity professional to serve as the Cloud & Mobile Malware Control Owner within the Global Malware Defense team. This role is critical to advancing the enterprise’s malware prevention and detection capabilities across cloud and mobile platforms. As the Cloud & Mobile Malware Control Owner, you will lead efforts to assess, enhance, and govern malware controls specific to cloud services (AWS, Azure, GCP) and mobile technologies, ensuring alignment with enterprise security standards and threat management strategies.

Key Responsibilities
•    Control Ownership & Governance:
•    Own and manage malware controls related to cloud and mobile platforms. Ensure controls are effective, measurable, and aligned with enterprise risk tolerance.
•    Threat Management & Response:
•    Collaborate with incident response teams to triage and respond to malware threats targeting cloud and mobile environments. Support post-incident reviews and drive improvements.
•    Technology Risk Oversight:
•    Identify and assess risks associated with cloud and mobile malware threats. Partner with risk and oversight teams to implement mitigation strategies.
•    Operational Integration:
•    Work across operational teams to integrate malware controls into existing workflows and technologies. Ensure seamless execution and reporting of control effectiveness.
•    Metrics & Reporting:
•    Develop and maintain operational metrics and dashboards to track control performance. Provide regular updates to leadership and stakeholders.
•    Collaboration & Communication:
•    Engage with cross-functional teams including GIS, cloud engineering, mobile development, and enterprise risk. Communicate technical findings and strategic recommendations clearly to both technical and non-technical audiences.
•    Continuous Improvement:
•    Stay current with emerging malware tactics targeting cloud and mobile platforms. Lead initiatives to enhance detection, prevention, and response capabilities.

Minimum 5 Years of Experience

Required Qualifications
•    5+ years of experience in malware analysis and incident response, with a focus on cloud and/or mobile platforms.
•    Strong understanding of cloud service provider security models (AWS, Azure, GCP).
•    Experience with mobile malware analysis (Android/iOS), including static and dynamic techniques.
•    Familiarity with cloud-native security tools and mobile threat defense platforms.
•    Ability to assess malware threats and extract Indicators of Compromise (IoCs).
•    Strong documentation and reporting skills.
•    Experience working in large enterprise environments with cross-functional teams.

Desired Qualifications
•    Experience with sandbox technologies and virtualized analysis environments.
•    Knowledge of mobile app reverse engineering tools (e.g., JADX, Frida, MobSF).
•    Familiarity with cloud logging and monitoring tools (e.g., CloudTrail, Azure Monitor).
•    Experience with SIEM platforms and event correlation.
•    Knowledge of forensic artifacts in cloud and mobile environments.
•    Experience with mobile security products like Lookout, CrowdStrike Mobile
•    Experience with Microsoft Defender, Microsoft Sentinel, AWS Guard Duty, Google Cloud Security Center)

Certifications (Desired but not Required)
•    CCSP, CCSK, GPCS, GMOB, GCIH, GREM, GCFA, GCFE, CISSP, or equivalent certifications.
 

Skills:

• Cyber Security

• Data Privacy and Protection

• Problem Solving

• Process Management

• Threat Analysis

• Access and Identity Management

• Business Acumen

• Interpret Relevant Laws, Rules, and Regulations

• Risk Analytics

• Stakeholder Management

• Data Governance

• Data and Trend Analysis

• Incident Management

• Information Systems Management

• Technology System Assessment

Shift:

Hours Per Week: