CybersecurityJobs.io
← Back to all jobs

Job Description

Bank of America seeks an experienced Application Security Solution Architect to join its Global Information Security team in a Denver, Colorado onsite setting. The role focuses on shaping secure software across the development lifecycle, aligning security requirements with business needs, and advancing secure-by-design practices.

Responsibilities

  • Analyze, design, implement, and deliver secure application security solutions throughout the development lifecycle.
  • Create and reuse secure design patterns to optimize application security while meeting business requirements.
  • Oversee the end-to-end delivery of solution designs, capturing security requirements, assessing risks and opportunities, and aligning with the application security policy.
  • Collaborate with lines of business as well as other security and IT support functions to achieve security goals.
  • Serve as a technical security design resource across the Software Development Lifecycle.
  • Maintain a thought leadership posture in application security technology and stay current with offerings from service providers.
  • Maintain comprehensive product design documentation and assume ownership of the solution architecture for application security platforms and components.
  • Provide expert guidance on application security design decisions, standards, and operational practices.
  • Act as an active member of the Secure by Design Center of Excellence to define and govern best practices in software development platforms engineering, operations, design patterns, and governance.
  • Drive architecture review discussions by producing platform architecture artifacts and influencing architectural decisions.
  • Maintain blueprints, portfolio-level designs, and reference architectures for application security products.
  • Advise teams handling high complexity on security platforms and escalate risks and issues as appropriate.
  • Communicate problems, risks, and challenges to stakeholders across engineering, operations, developers, information security, and senior leadership.

Requirements

  • Knowledge of application security laws, rules, regulations, and guidelines relevant to the financial services sector, including OWASP, NIST, ISO/EC, CIS, SOX, OCC, PCI, DGPR, FISMA, and FFIEC.
  • CISSP certification is advantageous.
  • Understanding of application security and penetration testing methodologies, techniques, and technologies.
  • Familiarity with software development lifecycle tools and methodologies that support automated security compliance integration within various pipelines is an advantage.
  • 5+ years of hands-on experience in application security within a large and complex organization.
  • Security knowledge spanning core technology infrastructure, cloud technologies, and application security practices.
  • Experience with development tools, SAST, DAST, Bill of Materials, Penetration Testing, Threat Modeling, common development pipelines, and cloud or on-premise designs and architectures.
  • Ability to articulate data-driven plans and partner with stakeholders to implement solutions that reduce risk and ensure Secure by Design.
  • Strong attention to detail and advanced analytical capabilities.
  • Excellent communication and presentation skills, with strong organizational abilities to manage multiple tasks.
  • Hands-on involvement in large and complex projects.
  • Proficiency in data management and metadata handling to support analytics and decision making.

Technologies

  • Static Application Security Testing (SAST)
  • Dynamic Application Security Testing (DAST)
  • Penetration Testing
  • Threat Modeling

Job Description

The successful candidate will analyze and design secure application security solutions, develop secure patterns aligned with business needs, and oversee delivery with a focus on security requirements and policy compliance. They will work across business lines and IT functions as a technical security design resource during the Software Development Lifecycle, maintaining up-to-date knowledge of security technology and provider offerings. The role includes maintaining product design documentation and the architecture for application security platforms, delivering expert guidance on standards and operational practices, and contributing to the Secure by Design Center of Excellence. The individual will produce platform architecture artifacts, manage portfolio-level designs and reference architectures, and provide guidance to highly complex teams while escalating risks when necessary. Communication with engineering, operations, developers, information security, and leadership is a key component of this position.

Skills

  • Analytical Thinking
  • Architecture
  • Result Orientation
  • Solution Design
  • Technical Strategy Development
  • Application Development
  • Collaboration
  • Data Management
  • DevOps Practices
  • Risk Management
  • Agile Practices
  • Automation
  • Influence
  • Solution Delivery Process
  • Test Engineering

Shift

1st shift (United States of America)

Hours per Week

40

Similar Jobs