Job Description:

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. We do this by driving Responsible Growth and delivering for our clients, teammates, communities and shareholders every day.

Being a Great Place to Work is core to how we drive Responsible Growth. This includes our commitment to being a diverse and inclusive workplace, attracting and developing exceptional talent, supporting our teammates’ physical, emotional, and financial wellness, recognizing and rewarding performance, and how we make an impact in the communities we serve.

At Bank of America, you can build a successful career with opportunities to learn, grow, and make an impact. Join us!

Job Description:

Come join an exciting team within Global Information Security (GIS). Cyber Security Technology (CST) is a globally distributed team responsible for cyber security innovation, architecture, engineering, solutions and capabilities development, cyber resiliency, access management engineering, data strategy, deployment maintenance, technical project management and information technology security control support.

We are seeking a highly skilled and experienced Application Developer to build software solutions that provide compliance evidencing and effectiveness measurements for cloud security controls. This role requires hands-on experience with AWS/Azure and modern SDLC practices. You will partner with cross-functional teams to design, implement, and maintain robust security solutions that protect cloud infrastructure from emerging threats while meeting functional, non-functional, and regulatory requirements.

Key Responsibilities

• Design & Implementation: Design, develop, and integrate solutions to gather security control evidence across multiple cloud platforms (e.g., AWS or Azure) to ensure the security and compliance of cloud infrastructure and workloads.
• Controls Evidencing and Enforcement: Identify security controls applicable to CI/CD pipelines and runtime environments to prevent misconfigurations and enforce security best practices and standards.
• Software Engineering Delivery: Develop and deliver software solutions that meet functional, non-functional, and regulatory compliance requirements; write, test, debug, and maintain code primarily using Java and/or Python and related technologies.
• Vulnerability management: hands-on experience with SCA, SAST, DAST vulnerability identification and remediation.
• CI/CD & DevSecOps: Engage in continuous integration and deployment activities including automating build, test, and release pipelines; integrate security best practices into CI/CD processes and operational workflows.
• Quality & Reliability: Troubleshoot defects, perform root-cause analysis, ensure software quality through unit, integration, and regression testing; contribute to code reviews.
• Collaboration: Work closely with cross-functional teams to refine requirements and deliver secure, maintainable capabilities.
• Compliance & Governance: Demonstrate cloud environments comply with internal control requirements and regulatory obligations using robust reporting and dashboards.

Experience & Qualifications

• Cloud: Hands-on experience with AWS or Azure and software development life cycles (SDLCs). Deep knowledge of cloud platforms (AWS, Azure) and experience building and operating cloud-native services and business critical workloads.
• Programming: Strong hands-on experience with Python, Java, or other object-oriented programming (OOP) languages; ability to write clean, testable, maintainable code.
• DevSecOps / CI/CD: Strong understanding of DevSecOps principles; hands-on experience with CI/CD pipelines and related tooling and automating build/test/release workflows.
• Infrastructure as Code (IaC): Hands-on experience with Terraform, or CloudFormation
• Containers: Experience with Docker and orchestration tools such as Kubernetes.
• Databases: Solid knowledge of relational databases (Oracle, MySQL, PostgreSQL) and NoSQL; ability to write complex SQL queries and perform thorough data validations.
• APIs & Systems Integration: Experience building and integrating with REST APIs and system interfaces, with emphasis on maintainability, availability, reliability, performance, and security.

Preferred Technical Skills

• Cybersecurity: Significant experience in cybersecurity across multiple domains, with a strong focus on cloud security and integrating controls as code. Experienced in secure coding practices, authentication protocols, cryptography basics, identity and access management, and familiarity with security testing and vulnerability assessment.
• AI/ML: hands-on experience with agent-first development.

Soft Skills

• Self-Starter: Takes initiative without needing constant direction; independently drives tasks and projects forward.
• Proactive: Anticipates challenges and opportunities, addresses issues before they escalate, and actively seeks improvements.
• Intellectual / Analytical: Demonstrates strong analytical and problem-solving abilities; quickly grasp of complex concepts and technologies.
• Deliver Fast: Focused on timely delivery while maintaining quality; able to work efficiently under deadlines.
• Eager to Learn: Continuously develops skills to stay current with emerging technologies and best practices.
• Sense of Urgency: Understands criticality of tasks and responds quickly and decisively in high-impact situations.
• Planful: Thoughtfully sets, proactively manages, and predictably achieves commitments through strategy, process, communication, and delivery.
• Ownership: Accepts full responsibility for delivery outcomes and collaborates to address problems as they arise.
• Connected: Maintains orientation to how priorities connect to broader objectives and partner teams.
• Consistency: Drives adoption of logical, efficient, and sustainable processes and tools to achieve predictable results.
• Accuracy: Achieves business value within defined tolerances across measurable parameters (scope, schedule, cost).