1+ months

Developer /Application Security Platform Engineer

Chicago, IL 60664
**Job Description:**



Are you passionate about working with the best information security team in the world? Bank of America is hiring top talent to join our team.



The Cyber Security Technology (CST) function within Global Information Security is responsible for innovation and architecture, engineering, solutions and capabilities development, deployment maintenance and support of information technology security controls. The CST team is also responsible for the management of the program/project management teams.



This role is for an individual contributor to backfill an engineering position in the Developer Security Platform team. The team provides SAST, DAST and IAST solutions to enterprise security control groups and the developer community enterprise wide.



The immediate responsibility of the successful candidate will be to join the team in migrating the enterprise SAST solution from a custom SaaS offering built around Fortify SCA to Checkmarx CxSAST. Participation in other projects underway or planned could include implementation of a new software composition analysis (SCA) product; implementing automated IAST capability in QA; re-designing self-service DAST offerings. Future proof of concept evaluation on new products which could become projects, in partnership with R&D, should also be expected.



Team members manage the deployed products from a traditional application support standpoint, through established processes for performance monitoring, capacity utilization, exception analysis and similar tasks. Operation of the tools is performed by separate teams. Live support is provided to operations teams using the products to assess applications and also enterprise developers seeking to automate and integrate the products into their SDLC.



**Job Preparation**



There are two demonstrated success paths to this role:



Application Developer



This person is a top performer in an enterprise application development role. They have some professional exposure to application security and/or have taken demonstrable steps to move into an application security role. Exposure can be in the form of exercising application security products or remediating results from a central security groups assessment of their application. Candidates will have current practitioner level skills in enterprise level SDLC tools and processes.



Application Security Engineer



This person has dedicated security experience, either imbedded in an application development organization or central security group. They have been directly responsible for working with developers to remediate code vulnerabilities from SAST, DAST and/or IAST results. Candidates will have team experience in selecting, implementing and managing application security tools on an enterprise scale.



**Required Skills:**



+ .NET or Java Web Application development on an enterprise scale

+ Code review practice, functional and quality focus

+ Technical leadership in design, development and/or support

+ Application/product management experience

+ Software testing, QA or security leadership

+ Utilization of APIs such as RESTful Services

+ Scripting ability in Python or similar language

+ Committed interest to AppSec



**Desired Skills:**



+ Vulnerability rating and analysis (CVE, CVSS, CWE ratings) utilization

+ Proficiency with a static analyzer such as Checkmarx, Fortify SCA or Coverity

+ Understanding of application security vulnerabilities and preventions

+ CISSP, GISSP or other relevant secure coding certification(s)

+ iOS or Android Mobile application development for consumer applications

+ Technical specification development, both internally and for vendor software

+ Threat modeling of application architecture

+ Business experience in and/or supporting the financial sector

+ Security vulnerability assessment techniques during design, development and testing

+ Operation of enterprise policy and standards for technologies and development

+ Engagement of key stakeholders, both technical and senior leadership



**Preferred Experience Level:**



+ 5 plus years of experience with public internet web and/or consumer mobile development

+ 2 years of experience involved in testing, QA or security related activities (can be concurrent)

+ Bachelors Degree in Computer Science, Engineering or equivalent experience



We are a team of great application security engineers who work as a team to architect, design, build and deliver secure security solutions at scale.If this sounds like you then please, lets talk.



**Enterprise Role Overview:**



Key individual contributor, with accountability for researching, designing, engineering, implementing, and supporting information security & directory technology systems (software & hardware). Utilizes in-depth technical knowledge and business requirements to design & implement secure solutions to meet customer / client needs while protecting the Bank's assets. Develops and implements security standards, procedures, and guidelines for multiple platforms and diverse environment (e.g. client server, distributed, mainframe, etc.). Exercises judgment within broadly defined practices and policies in selecting methods, techniques, and evaluation criterion for obtaining results. Work leadership may be provided by assigning work and resolving problems. Typically 5-7 years of IT experience.



**Posting Date** : 07/16/2019



**Location** :

Chicago, IL, 135 S LA SALLE ST (IL4135),

Addison, TX, 16001 N Dallas Pkwy (TX8044),

- United States



**Travel** : Yes, 5% of the time



**Full / Part-time** : Full time



**Hours Per Week** : 40



**Shift** : 1st shift



**Assistance for Applicants with Disabilities**



Bank of America is committed to ensuring that our online application process provides an equal employment opportunity to all job seekers, including individuals with disabilities. If you believe you need a reasonable accommodation in order to search for a job opening or to submit an application, please visit the Applicants with Disabilities page at http://careers.bankofamerica.com/us/applicants-with-disabilities .



**Diversity & Inclusion**



At Bank of America, our commitment to diversity and inclusion is helping us to create not only a great place to work, but also an environment where our employees, our customers and our communities around the world can reach their goals and connect with each other. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.



**Frequently Asked Questions**



Need to know how to apply online, view a list of your submitted job applications or reset your password? Visit our FAQ at http://careers.bankofamerica.com/us/faq section for answers to these questions and more.

Industry

  • Banking / Finance
Posted: 2019-06-14 Expires: 2019-09-28

Success begins with building relationships.

At Bank of America, our customers are at the center of everything we do. Our focus is on helping each one find the right financial solutions. With a wide range of career opportunities available, we invite you to realize your career goals with us while assisting customers with what matters most to them.

Welcome to Careers at Bank of America.


Sponsored by:
Farm Credit Services of America Logo
Sponsored by:
Bank of America Logo

Featured Jobs[ View All ]

Featured Employers

Before you go...

Our free job seeker tools include alerts for new jobs, saving your favorites, optimized job matching, and more! Just enter your email below.

Share this job:

Developer /Application Security Platform Engineer

Bank of America
Chicago, IL 60664

Join us to start saving your Favorite Jobs!

Sign In Create Account
Powered ByCareerCast