Job Description:

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. Responsible Growth is how we run our company and how we deliver for our clients, teammates, communities and shareholders every day.

One of the keys to driving Responsible Growth is being a great place to work for our teammates around the world. We’re devoted to being a diverse and inclusive workplace for everyone. We hire individuals with a broad range of backgrounds and experiences and invest heavily in our teammates and their families by offering competitive benefits to support their physical, emotional, and financial well-being.

Bank of America believes both in the importance of working together and offering flexibility to our employees. We use a multi-faceted approach for flexibility, depending on the various roles in our organization.

Working at Bank of America will give you a great career with opportunities to learn, grow and make an impact, along with the power to make a difference. Join us!

The Network Services organization is seeking a talented Cyber Security Engineer to join the External Networks – Product Governance and Compliance team. This position will provide technical consulting in the delivery of multiple functions for the Threat Prevention and Perimeter Security domains within the External Networks organization of Bank of America. These functions include supporting new Proxy and Threat Prevention infrastructure deployments, solution integration with network and monitoring processes, supporting internal consulting and request fulfillment services, engineering for complex infrastructure and configuration changes, and supporting operations teams as an escalation point. Additionally, overseeing compliance related programs including our proxy rule review and remediation, configuration management, and certificate management processes to ensure adherence to engineering and information security baselines.

Key Responsibilities

• Support the planning, design, deployment and testing of Proxy and Threat Prevention infrastructure solutions and complex configuration changes on network proxies, content inspection, malware detection and SSL decryption solutions.
• Collaborate with enterprise architecture, release and deployment, and operations teams through the lifecycle of the Bank’s cyber security solutions including the design, implementation, testing, tools integration and transition to operations teams.
• Support compliance functions including the proxy rule review and remediation program, configuration management program, certificate management program and in partnership with the risk teams, lines-of-business, and operations teams.
• Provide level 3 technical support as an escalation point to our front-line network operations and security operations teams. Will be part of a weekly on-call rotation with the rest of the Security Sustained Engineering team.
• Provide technical consulting on proxy and firewall solutions to support application teams and operations teams for new application deployments and changes.
• Design change implementation plans and technical work instructions for downstream deployment teams following best practices, engineering standards and security principles.
• Lead the resolution of complex technical problems and incidents through methodical analysis and evaluation of various technical factors and criteria.
• Lead strategic projects and initiatives providing technical direction and expertise and owning various deliverables throughout the project lifecycle.
• Review capacity and performance metrics to ensure adequate health and performance of network solutions.

Required Skills:

• At a minimum 5 years of experience in network security or cyber security engineering or equivalent technical experience.
• Strong subject matter expertise in at least one of the following technologies and respective management systems (in order of desirability):
  • Skyhigh / McAfee Web Gateway proxies
  • Broadcom / Bluecoat web proxies
  • F5 LTM/GTM and SSL Orchestrator
  • Skyhigh FireEye Malware detection (NX/VX/CM platforms)
  • VMWare NSX Defender (formerly Lastline)
  • Firewalls (Fortinet or Checkpoint platforms)
• Must have extensive knowledge on fundamental networking concepts and protocols including TCP/IP, HTTP/HTTPS, SSL, DNS, DHCP, basic routing/switching, load balancing (LTM/GTM), SOCKS, 802.1X, AD, authentication protocols such as LDAP, NTLM or Kerberos, etc.
• Understanding of cryptography concepts, SSL certificates, SSL decryption/inspection, HSM/HSMaaS.
• Understanding of network authentication protocols including Kerberos, NTLM, LDAP, Basic authentication.
• Proven hands-on troubleshooting skills, network-based forensics, and proficient with log analysis and packet captures.
• Experience with network management and monitoring tools including but not limited to Splunk, HP NNMi, IBM Watson, HPNA, or similar tools.

Desired Skills:

• B.S. in Computer Science, Information Technology, Systems Engineering or equivalent degree is preferred.
• Technical leadership, management, project management or release management experience is a plus.
• Experience in automation and scripting is a big plus (Python, Java, etc.)
• Professional level certifications in networking or network security technologies is a plus (i.e. CCIE, CCNP, Security+, CCSP, CISSP, or similar)
• ITIL certification or background on service management concepts (Request, Change, Incident, Problem)

Shift:

1st shift (United States of America)

Hours Per Week:

40