Bank of America Mobile Security Engineer in Chicago, Illinois

Job Description:

Mobile Security Engineer is a key individual contributor who reports to the Senior Mobile Security Engineer/Architect lead on the GIS Cybersecurity Technology team. The Mobile Security Engineers are responsible for mobile security across broad portfolio of systems which include large scale employee mobile and consumer facing mobile apps, assessment and introduction of new, emerging mobile technologies. Mobile Security Engineers are responsible for architecture, engineering and design of mobile security solutions/systems, with accountability for research, design, engineering, implementation, and support of a broad spectrum of mobile security initiatives which include both software and hardware.

This role will include analysis of mobile apps, mobile vulnerabilities, mobile frameworks, mobile device/app management, mobile development solutions, and assessment of risks introduced by mobility; working knowledge of mobile based operating systems are required E.g. iOS and Android. Some key areas of focus: Vulnerability analysis, MTD, MARS, EA/DMZ request, Threat Models/Rapid Threat Assessments, MDM/MAM configuration, Test.

The ideal candidate will possess expertise in several of the following areas:

  • Mobile App Development

  • Mobile Device Management/MDM and OS patching

  • Mobile App Management/MAM and app updates/patching

  • Mobile App Containerization and Wrapper Technologies

  • Mobile Operating Systems and Platforms

  • Mobile Testing, Quality Assurance and Security Verification

  • Mobile App Signing and Certificate Governance

  • Mobile Authentication (FIDO, OAuth, etc.)

  • Mobile Code Protection, Obfuscation and Tamper Resistance

  • RESTful Services

  • Mobile Threat Modeling

  • Mobile Vulnerabilities (CVE, CVSS, CWE ratings, etc.)

Required Skills and Responsibilities:

  • Mobile specific technical skills

  • Mobile app software development experience including app signing across platforms preferable

  • Mobile app software delivery experience preferable

  • Familiarity with mobile security vulnerability assessment techniques during design, development and testing

  • Familiarity with mobile platform attack and defense techniques

  • Familiarity with MDM, MAM

  • Experience with iOS and Android platforms

  • Experience with Swift, Objective-C and Java for mobile development

  • Experience with mobile security testing and QA

  • Experience conducting mobile security reviews preferable

  • Knowledge of mobile app penetration/testing

  • Contribute to the continued development of mobile ecosystem governance for internal MARS (mobile app registry system) system and ensuring bank apps adhere to bank policies, standards and guidelines

  • Collaborate with architecture, BISO, LOB and enterprise teams regarding mobile device and app management implementations and deployments; mobile app and certificate signing processes and related policies

  • Partner to create threat models and rapid threat assessments supporting enterprise systems (MAM, MDM) and bank mobile apps, threat models will enumerate threats by attack surface, and identify countermeasure options `

  • Collaborate with internal GIS and enterprise teams to use tools within the SDLC relevant to strengthening mobile security including partnering with mobile developer/solutions architect support; promote use of threat modeling, reference design patterns, source code analysis, mobile ethical hacks, brand identity, vulnerability detection.

  • Partner to identify and implement defensive controls for bank mobile devices, and aid in implementing methods and processes for production deployment E.g. Mobile Threat Defense [Lookout, Skycure, Zimperium, etc] in partnership with CSD and CTO/FC teams

  • Build and execute on a hardening checklist for different platforms – iOS, Android, Blackberry. Define security design patterns for Strong Authentication, Encryption, and Integrity, further refine Mobile Security Playbook, Mobile Security Capabilities Catalog and wiki.

  • Pro-actively engage stakeholders, including development managers, developers, architects, and governance bodies in the Bank to achieve security objectives

  • Deliver multiple technology projects across multiple teams

  • Regularly interact with senior technology and business management, requiring the ability to explain complex technical matters in a way both technical and non-technical personnel can understand

  • Collaboratively develop technical architectures, processes and procedures pursuant to mobile application security objectives together with business and technical partners

  • Develop policies, processes and procedures to advance mobile ecosystem governance security objectives for adoption throughout the Bank

  • Contribute to and interpret enterprise policies, standards, and baselines and mentor personnel with less experience or knowledge of the same

  • Ability to undertake and complete tasks independently, meet schedules and delivery timelines, and to move swiftly from concepts and theory to action.

Required Experience Level:

  • 5-10 years of experience with mobile or information security, working with mobile app dev teams and / or software development, at least 2 years of experience focused on mobile security

  • Bachelor’s Degree in Computer Science, Engineering or equivalent or higher in CS, IT, a related technical or engineering field.

  • CISSP or similar professional certification, or commensurate experience

Desired Skills:

  • Experience with Threat Modeling

  • Experience working in the financial sector

  • Demonstrated understanding of security vulnerabilities, attacks and ability to apply/implement appropriate controls or find new ones based on new technology being developed.

  • You are enthusiastic and committed to your work. You do this because you love it.

We are building a team of great Mobile Security Engineering resources who will work together to architect, design, build and deliver secure mobile solutions at scale. If this sounds like you then please get in touch.

Posting Date : 07/20/2018

Location :

Chicago, IL, 135 S LA SALLE ST (IL4135),

Charlotte, NC, 201 N TRYON ST (NC1022),

  • United States

Travel : No

Full / Part-time : Full time

Hours Per Week : 40

Shift : 1st shift

Assistance for Applicants with Disabilities

Bank of America is committed to ensuring that our online application process provides an equal employment opportunity to all job seekers, including individuals with disabilities. If you believe you need a reasonable accommodation in order to search for a job opening or to submit an application, please visit the Applicants with Disabilities page at http://careers.bankofamerica.com/us/applicants-with-disabilities .

Diversity & Inclusion

At Bank of America, our commitment to diversity and inclusion is helping us to create not only a great place to work, but also an environment where our employees, our customers and our communities around the world can reach their goals and connect with each other. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.

Frequently Asked Questions

Need to know how to apply online, view a list of your submitted job applications or reset your password? Visit our FAQ at http://careers.bankofamerica.com/us/faq section for answers to these questions and more.