Bank of America Mobile Security Engineer in Chicago, Illinois
Mobile Security Engineer is a key individual contributor who reports to the Senior Mobile Security Engineer/Architect lead on the GIS Cybersecurity Technology team. The Mobile Security Engineers are responsible for mobile security across broad portfolio of systems which include large scale employee mobile and consumer facing mobile apps, assessment and introduction of new, emerging mobile technologies. Mobile Security Engineers are responsible for architecture, engineering and design of mobile security solutions/systems, with accountability for research, design, engineering, implementation, and support of a broad spectrum of mobile security initiatives which include both software and hardware.
This role will include analysis of mobile apps, mobile vulnerabilities, mobile frameworks, mobile device/app management, mobile development solutions, and assessment of risks introduced by mobility; working knowledge of mobile based operating systems are required E.g. iOS and Android. Some key areas of focus: Vulnerability analysis, MTD, MARS, EA/DMZ request, Threat Models/Rapid Threat Assessments, MDM/MAM configuration, Test.
The ideal candidate will possess expertise in several of the following areas:
Mobile App Development
Mobile Device Management/MDM and OS patching
Mobile App Management/MAM and app updates/patching
Mobile App Containerization and Wrapper Technologies
Mobile Operating Systems and Platforms
Mobile Testing, Quality Assurance and Security Verification
Mobile App Signing and Certificate Governance
Mobile Authentication (FIDO, OAuth, etc.)
Mobile Code Protection, Obfuscation and Tamper Resistance
Mobile Threat Modeling
Mobile Vulnerabilities (CVE, CVSS, CWE ratings, etc.)
Required Skills and Responsibilities:
Mobile specific technical skills
Mobile app software development experience including app signing across platforms preferable
Mobile app software delivery experience preferable
Familiarity with mobile security vulnerability assessment techniques during design, development and testing
Familiarity with mobile platform attack and defense techniques
Familiarity with MDM, MAM
Experience with iOS and Android platforms
Experience with Swift, Objective-C and Java for mobile development
Experience with mobile security testing and QA
Experience conducting mobile security reviews preferable
Knowledge of mobile app penetration/testing
Contribute to the continued development of mobile ecosystem governance for internal MARS (mobile app registry system) system and ensuring bank apps adhere to bank policies, standards and guidelines
Collaborate with architecture, BISO, LOB and enterprise teams regarding mobile device and app management implementations and deployments; mobile app and certificate signing processes and related policies
Partner to create threat models and rapid threat assessments supporting enterprise systems (MAM, MDM) and bank mobile apps, threat models will enumerate threats by attack surface, and identify countermeasure options `
Collaborate with internal GIS and enterprise teams to use tools within the SDLC relevant to strengthening mobile security including partnering with mobile developer/solutions architect support; promote use of threat modeling, reference design patterns, source code analysis, mobile ethical hacks, brand identity, vulnerability detection.
Partner to identify and implement defensive controls for bank mobile devices, and aid in implementing methods and processes for production deployment E.g. Mobile Threat Defense [Lookout, Skycure, Zimperium, etc] in partnership with CSD and CTO/FC teams
Build and execute on a hardening checklist for different platforms – iOS, Android, Blackberry. Define security design patterns for Strong Authentication, Encryption, and Integrity, further refine Mobile Security Playbook, Mobile Security Capabilities Catalog and wiki.
Pro-actively engage stakeholders, including development managers, developers, architects, and governance bodies in the Bank to achieve security objectives
Deliver multiple technology projects across multiple teams
Regularly interact with senior technology and business management, requiring the ability to explain complex technical matters in a way both technical and non-technical personnel can understand
Collaboratively develop technical architectures, processes and procedures pursuant to mobile application security objectives together with business and technical partners
Develop policies, processes and procedures to advance mobile ecosystem governance security objectives for adoption throughout the Bank
Contribute to and interpret enterprise policies, standards, and baselines and mentor personnel with less experience or knowledge of the same
Ability to undertake and complete tasks independently, meet schedules and delivery timelines, and to move swiftly from concepts and theory to action.
Required Experience Level:
5-10 years of experience with mobile or information security, working with mobile app dev teams and / or software development, at least 2 years of experience focused on mobile security
Bachelor’s Degree in Computer Science, Engineering or equivalent or higher in CS, IT, a related technical or engineering field.
CISSP or similar professional certification, or commensurate experience
Experience with Threat Modeling
Experience working in the financial sector
Demonstrated understanding of security vulnerabilities, attacks and ability to apply/implement appropriate controls or find new ones based on new technology being developed.
You are enthusiastic and committed to your work. You do this because you love it.
We are building a team of great Mobile Security Engineering resources who will work together to architect, design, build and deliver secure mobile solutions at scale. If this sounds like you then please get in touch.
Posting Date : 07/20/2018
Chicago, IL, 135 S LA SALLE ST (IL4135),
Charlotte, NC, 201 N TRYON ST (NC1022),
- United States
Travel : No
Full / Part-time : Full time
Hours Per Week : 40
Shift : 1st shift
Assistance for Applicants with Disabilities
Bank of America is committed to ensuring that our online application process provides an equal employment opportunity to all job seekers, including individuals with disabilities. If you believe you need a reasonable accommodation in order to search for a job opening or to submit an application, please visit the Applicants with Disabilities page at http://careers.bankofamerica.com/us/applicants-with-disabilities .
Diversity & Inclusion
At Bank of America, our commitment to diversity and inclusion is helping us to create not only a great place to work, but also an environment where our employees, our customers and our communities around the world can reach their goals and connect with each other. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.
Frequently Asked Questions
Need to know how to apply online, view a list of your submitted job applications or reset your password? Visit our FAQ at http://careers.bankofamerica.com/us/faq section for answers to these questions and more.