Job Information
Bank of America Cloud Security Vulnerability Management Program Specialist in Washington, District Of Columbia
Cloud Security Vulnerability Management Program Specialist
Denver, Colorado;Washington, District of Columbia; Chicago, Illinois
To proceed with your application, you must be at least 18 years of age.
Acknowledge (https://ghr.wd1.myworkdayjobs.com/Lateral-US/job/Denver/Cloud-Security-Vulnerability-Management-Program-Specialist_26014448)
Bank of America employees are required to meet all posting eligibility requirements prior to applying for any new position.
Acknowledge (https://ghr.wd1.myworkdayjobs.com/Lateral-US/job/Denver/Cloud-Security-Vulnerability-Management-Program-Specialist_26014448)
Refer a friend
To proceed with your application, you must be at least 18 years of age.
Acknowledge (https://ghr.wd1.myworkdayjobs.com/Lateral-US/job/Denver/Cloud-Security-Vulnerability-Management-Program-Specialist_26014448)
Bank of America employees are required to meet all posting eligibility requirements prior to applying for any new position.
Acknowledge (https://ghr.wd1.myworkdayjobs.com/Lateral-US/job/Denver/Cloud-Security-Vulnerability-Management-Program-Specialist_26014448)
Job Description:
At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. We do this by driving Responsible Growth and delivering for our clients, teammates, communities and shareholders every day.
Being a Great Place to Work is core to how we drive Responsible Growth. This includes our commitment to being an inclusive workplace, attracting and developing exceptional talent, supporting our teammates’ physical, emotional, and financial wellness, recognizing and rewarding performance, and how we make an impact in the communities we serve.
At Bank of America, you can build a successful career with opportunities to learn, grow, and make an impact. Join us!
Job Summary:
We are seeking a skilled and motivated Cloud Security Vulnerability Management Program Specialist to support the Cloud Security Assurance (CSA) organization by ensuring enterprise cloud workloads are securely configured, continuously monitored, and protected throughout their runtime lifecycle. This role is focused on identifying workload-level vulnerabilities, insecure configurations, and runtime behaviors that could expose systems to compromise, service disruption, or unauthorized access across hybrid and multi-cloud environments.
The Cloud Security Vulnerability Management Program Specialist is responsible for maintaining visibility into workload security posture across virtual machines, containers, and supporting compute services. This includes vulnerability assessment, configuration validation, and runtime monitoring to detect drift from defined security baselines and identify suspicious or policy-violating activity. The role requires strong understanding of cloud workload architectures, operating system security fundamentals, and shared responsibility models to accurately assess risk and prioritize remediation.
This role partners closely with infrastructure, platform, engineering, and operations teams to ensure vulnerability findings are actionable, risk-assessed, and remediated appropriately. The Cloud Security Vulnerability Management Program Specialist plays a critical role in strengthening workload security maturity by operationalizing Cloud Security tooling, supporting audit and regulatory requirements, and providing leadership with transparent, risk-based reporting on workload security posture.
The Cloud Security Vulnerability Management Program Specialist operates in fast-paced, enterprise-scale environments and contributes to the development and maintenance of workload security standards, baselines, and documentation that support consistent governance and assurance across all in-scope compute platforms.
Job Responsibilities
Ensure cloud workloads are protected and monitored in alignment with CSA security standards and defined baselines.
Maintain continuous visibility into workload security posture across virtual machines, containers, and compute platforms.
Identify workload vulnerabilities, misconfigurations, and insecure operating system or platform settings.
Monitor runtime activity to detect suspicious behavior, privilege escalation, policy violations, and drift from security baselines.
Build, maintain, and tune vulnerability detections aligned to vulnerability management and runtime protection requirements.
Support onboarding and operationalization of cloud security tooling across environments and workload types.
Partner with infrastructure, DevOps, and platform teams to drive remediation of workload security risks.
Triage vulnerability findings, assess risk and impact, and support prioritization of remediation efforts.
Provide workload security posture reporting, metrics, and risk transparency to CSA leadership.
Contribute to workload security standards, baseline documentation, and audit readiness activities.
Required Skills
Understanding of Cloud Native security concepts and runtime security principles.
Experience identifying and managing workload vulnerabilities and insecure configurations.
Knowledge of cloud compute services, operating systems, and containerized workloads.
Familiarity with vulnerability management and runtime detection techniques.
Strong analytical, documentation, and collaboration skills.
Desired Qualifications
Experience supporting cloud or workload security assurance programs.
Hands-on experience with Cloud Security Vulnerability Management tools (e.g., Aqua, Prisma Cloud, Wiz, Defender).
Familiarity with Linux security fundamentals.
Experience supporting audit or compliance-driven security reviews.
Bachelor’s degree in a technical or security-related field.
Relevant cloud or security certifications preferred.
This job will be open and accepting applications for a minimum of seven days from the date it was posted
Shift:
1st shift (United States of America)
Hours Per Week:
40
Bank of America and its affiliates consider for employment and hire qualified candidates without regard to race, religious creed, religion, color, sex, sexual orientation, genetic information, gender, gender identity, gender expression, age, national origin, ancestry, citizenship, protected veteran or disability status or any factor prohibited by law, and as such affirms in policy and practice to support and promote the concept of equal employment opportunity, in accordance with all applicable federal, state, provincial and municipal laws. The company also prohibits discrimination on other bases such as medical condition, marital status or any other factor that is irrelevant to the performance of our teammates.
View your "Know your Rights (https://www.eeoc.gov/sites/default/files/2023-06/22-088_EEOC_KnowYourRights6.12.pdf) " poster.
View the LA County Fair Chance Ordinance (https://dcba.lacounty.gov/wp-content/uploads/2024/08/FCOE-Official-Notice-Eng-Final-8.30.2024.pdf) .
Bank of America aims to create a workplace free from the dangers and resulting consequences of illegal and illicit drug use and alcohol abuse. Our Drug-Free Workplace and Alcohol Policy (“Policy”) establishes requirements to prevent the presence or use of illegal or illicit drugs or unauthorized alcohol on Bank of America premises and to provide a safe work environment.
Bank of America is committed to an in-office culture with specific requirements for office-based attendance and which allows for an appropriate level of flexibility for our teammates and businesses based on role-specific considerations. Should you be offered a role with Bank of America, your hiring manager will provide you with information on the in-office expectations associated with your role. These expectations are subject to change at any time and at the sole discretion of the Company. To the extent you have a disability or sincerely held religious belief for which you believe you need a reasonable accommodation from this requirement, you must seek an accommodation through the Bank’s required accommodation request process before your first day of work.
This communication provides information about certain Bank of America benefits. Receipt of this document does not automatically entitle you to benefits offered by Bank of America. Every effort has been made to ensure the accuracy of this communication. However, if there are discrepancies between this communication and the official plan documents, the plan documents will always govern. Bank of America retains the discretion to interpret the terms or language used in any of its communications according to the provisions contained in the plan documents. Bank of America also reserves the right to amend or terminate any benefit plan in its sole discretion at any time for any reason.