Cyber Security Technology (CST) Operations End of Life (EOL) Management

Job Description:

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. We do this by driving Responsible Growth and delivering for our clients, teammates, communities and shareholders every day.

Being a Great Place to Work is core to how we drive Responsible Growth. This includes our commitment to being an inclusive workplace, attracting and developing exceptional talent, supporting our teammates’ physical, emotional, and financial wellness, recognizing and rewarding performance, and how we make an impact in the communities we serve.

Bank of America is committed to an in-office culture with specific requirements for office-based attendance and which allows for an appropriate level of flexibility for our teammates and businesses based on role-specific considerations.

At Bank of America, you can build a successful career with opportunities to learn, grow, and make an impact. Join us!
 

Bank of America is seeking a highly motivated and experienced Risk Lead to join our CST Operations team, with a dedicated focus on identifying, managing, and remediating End of Life (EOL) technologies across development and production environments. This role is critical to reducing operational and security risk across our technology estate. You will partner closely with engineering teams, application owners, and governance groups to proactively uncover EOL items, coordinate remediation pathways, and drive sustainable lifecycle management practices. The ideal candidate brings strong infrastructure expertise, a risk focused mindset, and the ability to operate independently in a complex enterprise environment.

Key Responsibilities
•    Lead identification, assessment, and tracking of EOL/EoS (End of Life / End of Support) operating systems, middleware, databases, and software components across CST supported environments.
•    Partner with application and engineering teams to develop remediation plans, migration strategies, and risk reduction roadmaps.
•    Perform deep dive analysis of affected systems to determine business impact, technical dependencies, and remediation feasibility.
•    Support infrastructure planning and environment design to minimize future EOL exposure.
•    Conduct research and implement engineering solutions to replace, upgrade, or mitigate EOL technologies.
•    Collect technical information to evaluate existing or proposed systems and recommend lifecycle aligned alternatives.
•    Troubleshoot complex issues related to infrastructure, system performance, and integration points during remediation activities.
•    Apply strong knowledge of network, platform, and security fundamentals to ensure compliant end state solutions.
•    Work within an Agile operational model to deliver engineering and risk remediation tasks efficiently.
•    Manage multiple concurrent remediation initiatives with attention to detail and accurate risk reporting.

Required Qualifications:
•    5–7+ years of experience supporting infrastructure in a large enterprise environment.
•    Strong background in handling Linux/Windows Systems, including troubleshooting and root cause analysis.
•    Demonstrated experience working with production engineering/operations teams.
•    Ability to identify and analyze EOL components across Linux, middleware, databases, and commercial/custom applications.
•    Familiarity with MS SQL and Oracle, including ability to run basic queries.
•    Strong understanding of Change and Incident Management processes.
•    Experience working within Agile teams and development support environments.
•    Proven ability to manage multiple competing projects and drive them to closure.
•    Highly detail oriented with strong analytical and documentation skills.
•    Ability to work independently and quickly learn new technologies.
•    Experience using monitoring tools to diagnose system behavior.
•    Excellent written and verbal communication skills with a strong collaboration mindset.
•    Strong written & verbal skills combined with a passion for collaboration and teamwork.

Desired Qualifications:
•    Experience with container platforms such as OpenShift or Docker.
•    Understanding of Windows Server and IIS based web applications.
•    Scripting and automation skills (Python, PowerShell, Perl, VBScript) within a DevOps environment.
•    Experience with server and application patching processes.
•    Understanding of networking protocols (HTTP, HTTPS, TCP, SMTP, SNMP, DNS).
•    Hands on experience with CI/CD and collaboration tools such as Jenkins, Ansible, Git, Subversion, JIRA, Confluence.
•    Familiarity with encryption technologies (HSM, OpenSSL).
•    Worked with teams handling highly available applications
•    Experience with centralized logging platforms such as Splunk.
•    Strong working knowledge of Continuous Monitoring and Vulnerability Management practices.
•    Experience developing or reviewing Enhanced Remediation Programs (ERPs) to support Exception Management processes.
•    Proven ability to assess, document, and validate risk compensating and mitigating controls in alignment with the GT Risk Framework.
•    Demonstrated experience partnering with vendors to drive timely remediation of identified vulnerabilities.
•    Experience collaborating with application managers to ensure vulnerabilities are remediated within established SLAs (e.g., P2: 60 days, P3: 100 days).
•    Provide escalation support to accountable teams, ensuring high risk vulnerabilities are prioritized and remediated within published SLAs.
•    Working knowledge of GIS Dashboard early warning reports and the ability to interpret and act on key insights.
•    Familiarity with Key Risk Review (KRR) routines, with the ability to drive continuous improvement and maintain green metrics.

Skills:

• Customer and Client Focus
• Interpret Relevant Laws, Rules, and Regulations
• Policies, Procedures, and Guidelines
• Problem Solving
• Quality Assurance
• Business Process Analysis
• Data Privacy and Protection
• Innovative Thinking
• Risk Analytics
• Stakeholder Management
• Business Acumen
• Business Continuity Management
• Data Governance
• External Resource Management
• Information Systems Management

Shift:

Hours Per Week: