Senior Vulnerability Platform Development Manager

Job Description:

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. Responsible Growth is how we run our company and how we deliver for our clients, teammates, communities and shareholders every day.

One of the keys to driving Responsible Growth is being a great place to work for our teammates around the world. We’re devoted to being a diverse and inclusive workplace for everyone. We hire individuals with a broad range of backgrounds and experiences and invest heavily in our teammates and their families by offering competitive benefits to support their physical, emotional, and financial well-being.

Bank of America believes both in the importance of working together and offering flexibility to our employees. We use a multi-faceted approach for flexibility, depending on the various roles in our organization.

Working at Bank of America will give you a great career with opportunities to learn, grow and make an impact, along with the power to make a difference. Join us!

Job Description:
This job is responsible for building and leading a team to deliver technology products and services that meet business outcomes. Key responsibilities include developing a technology strategy, ensuring technology solutions comply with applicable standards, promoting design, engineering, and organizational practices, and advocating and advancing modern, Agile solution delivery practices. Job expectations may include coaching, mentoring, providing feedback and hands on career development, identifying emerging talent, fostering leadership skills, and managing stakeholders.

Position Summary

We are looking for an experienced and dedicated Senior Vulnerability Platform Development Manager to lead our continuous monitoring and vulnerability management initiatives. The successful candidate will oversee the discovery, assessment, prioritization, and remediation of vulnerabilities across our IT infrastructure. This role requires a deep understanding of tools that support vulnerability management (ServiceNow, ect…) , and security best practices to protect our organization’s assets and ensure compliance with industry standards.

As the Sr Manager over our Vulnerability Continuous Monitoring program, you will lead multiple teams in the design, development, test, and delivery of innovative products to identify and reduce security vulnerabilities for our company.  The Manger will contribute to our mission of safeguarding our valuable assets and data from evolving cyber threats. The leader of this dynamic team and make a significant impact on our organization's security posture and lead us through our next generation Continuous Monitoring program. This role is highly visible to senior leadership, auditors, and regulators.

The successful candidate will have demonstrated success in building software products, managing engineering teams, coordinating large-scale projects, effectively communicating with executive and technical audiences, and moving quickly to achieve outcomes. This is a technology leadership role requiring software engineering experience to excel but not focused on personal delivery of code.

Key Responsibilities:

 Leadership and Team Management

• Lead, mentor, and manage a team of Continuous Monitoring developers focused on security operations, vulnerability discovery, and remediation.
• Collaborate with security, IT, and business stakeholders to align vulnerability management efforts with organizational goals and priorities.
• Drive the development and enhancement of Continuous Monitoring modules and integrations related to continuous monitoring and vulnerability management.

Cross Team Leadership

• Works across business and technology at the -executive level to provide vulnerability management solutions that minimize the attack surface and protect the company from cyber-threats.
• Manages relationships with business, technology executives, sponsors, and vendors to identify and address vulnerabilities and respond to cyber security attacks.
• Helps to resolve organizational impediments by sponsoring opportunities that improve processes, while identifying new opportunities to enhance efficiency and gain a competitive advantage.
• Conducts portfolio level resourcing and financial management activities.

Vulnerability Discovery and Asset Prioritization

• Oversee the integration of vulnerability discovery tools (e.g., Qualys, Aqua, SkyBox) with Continuous Monitoring tool (ServiceNow, ect…) to automate the detection of vulnerabilities across systems, applications, and networks.
• Establish and maintain a process for asset prioritization, ensuring that the most critical assets are identified and monitored continuously.
• Develop and implement workflows in Continuous Monitoring to categorize and prioritize discovered vulnerabilities based on asset criticality, risk, and impact.

Vulnerability Assessment and Prioritization

• Manage the assessment of vulnerabilities, ensuring that they are accurately classified and prioritized for remediation based on severity and potential impact.
• Develop and maintain dashboards and reports within Continuous Monitoring to provide real-time visibility into the organization’s vulnerability landscape.
• Implement risk-based prioritization frameworks to guide remediation efforts, focusing on vulnerabilities that pose the greatest risk to the organization

Vulnerability Remediation and Reporting

• Coordinate with IT and security teams to ensure timely remediation of vulnerabilities, using workflows to track progress and resolution.
• Ensure that remediation actions are documented and comply with internal policies and regulatory requirements.
• Generate comprehensive reports for stakeholders, detailing vulnerability status, remediation progress, and risk reduction efforts.

Continuous Monitoring and Process Improvement

• Implement continuous monitoring processes within Continuous Monitoring to detect and respond to emerging vulnerabilities in real time.
• Identify opportunities for improving vulnerability management processes, including automation, reporting, and integration with other security tools.
• Stay informed on the latest vulnerabilities, threats, and industry trends to proactively adapt the organization’s security posture.

Compliance and Risk Management

• Ensure that all vulnerability management activities comply with relevant security standards, regulations, and industry best practices.
• Support audit and compliance efforts by providing accurate and timely information on vulnerability management activities and remediation efforts.
• Manage risk by developing and implementing strategies to mitigate vulnerabilities before they can be exploited.

Research and Innovation:

• Stay informed about the latest cybersecurity threats, trends, and emerging technologies relevant to vulnerability development and security operations.
• Evaluate new Continuous Monitoring tools, technologies, and techniques to improve the organization's security posture and stay ahead of potential threats.

Qualifications:

• Proven experience as a Enterprise Vulnerability Monitoring Developer, with a focus on security operations and vulnerability management.
• Bachelor's or Master's degree in Computer Science, Information Security, or a related field or equivalent experience.
• Proven experience in Continuous Monitoring (ServiceNow, ect…) development and security operations, with a successful track record of leading Continuous Monitoring projects from conception to implementation.
• In-depth knowledge of vulnerability discovery tools (e.g., Qualys, Aqua, SkyBox) and their integration with a Vulnerability Monitoring Platform.
• Proficiency in scripting and development within industry related vulnerability management platforms (e.g., JavaScript, GlideScript) to customize and optimize workflows.
• Strong leadership abilities, with experience in managing technical teams and driving successful outcomes.
• Excellent problem-solving skills, analytical mindset, and a proactive approach to addressing security challenges.

Preferred Qualifications

• Experience in cybersecurity, vulnerability management, and security operations within large enterprises.
• Familiarity with ITIL practices and certification.
• Knowledge of regulatory requirements and compliance related to cybersecurity and vulnerability management.
• Experience in managing security projects and driving process improvements.

Skills:

• Influence
• Risk Management
• Solution Design
• Stakeholder Management
• Technical Strategy Development
• Analytical Thinking
• Application Development
• Collaboration
• Result Orientation
• Solution Delivery Process
• Agile Practices
• Architecture
• Automation
• Data Management
• DevOps Practices

Shift:

1st shift (United States of America)

Hours Per Week: 

40

Pay Transparency details

US - CO - Denver - 1144 15th St - Denver Gis (CO9926), US - DC - Washington - 1800 K St NW - 1800 K Street NW (DC1842)

Pay and benefits information

Pay range

$134,900.00 - $217,000.00 annualized salary, offers to be determined based on experience, education and skill set.

Discretionary incentive eligible

This role is eligible to participate in the annual discretionary plan. Employees are eligible for an annual discretionary award based on their overall individual performance results and behaviors, the performance and contributions of their line of business and/or group; and the overall success of the Company.

Benefits

This role is currently benefits eligible. We provide industry-leading benefits, access to paid time off, resources and support to our employees so they can make a genuine impact and contribute to the sustainable growth of our business and the communities we serve.