Cloud & Mobile Malware Control Owner Chicago, Illinois;Washington, District of Columbia; Denver, Colorado **To proceed with your application, you must be at least 18 years of age.** Acknowledge Refer a friend **To proceed with your application, you must be at least 18 years of age.** Acknowledge (https://ghr.wd1.myworkdayjobs.com/Lateral-US/job/Chicago/Cloud---Mobile-Malware-Control-Owner\_25043047-2) **Job Description:** At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. We do this by driving Responsible Growth and delivering for our clients, teammates, communities and shareholders every day. Being a Great Place to Work is core to how we drive Responsible Growth. This includes our commitment to being an inclusive workplace, attracting and developing exceptional talent, supporting our teammates’ physical, emotional, and financial wellness, recognizing and rewarding performance, and how we make an impact in the communities we serve. Bank of America is committed to an in-office culture with specific requirements for office-based attendance and which allows for an appropriate level of flexibility for our teammates and businesses based on role-specific considerations. At Bank of America, you can build a successful career with opportunities to learn, grow, and make an impact. Join us! **Job Description:** This job is responsible for leading evaluations of cyber security threats and enhancing defensive capabilities to reduce the bank's risk of exposure. Key responsibilities include conducting analyses of the threat environment and threats to the bank, including post incident analysis, applying a multi-faceted situational awareness of cyber security process to protect against threats, and implementing proactive defensive actions for the security, continuity, and confidentiality of information. **Seeking a highly skilled and motivated cybersecurity professional to serve as the Cloud & Mobile Malware Control Owner within the Global Malware Defense team. This role is critical to advancing the enterprise’s malware prevention and detection capabilities across cloud and mobile platforms. As the Cloud & Mobile Malware Control Owner, you will lead efforts to assess, enhance, and govern malware controls specific to cloud services (AWS, Azure, GCP) and mobile technologies, ensuring alignment with enterprise security standards and threat management strategies.** **Key Responsibilities** • Control Ownership & Governance: • Own and manage malware controls related to cloud and mobile platforms. Ensure controls are effective, measurable, and aligned with enterprise risk tolerance. • Threat Management & Response: • Collaborate with incident response teams to triage and respond to malware threats targeting cloud and mobile environments. Support post-incident reviews and drive improvements. • Technology Risk Oversight: • Identify and assess risks associated with cloud and mobile malware threats. Partner with risk and oversight teams to implement mitigation strategies. • Operational Integration: • Work across operational teams to integrate malware controls into existing workflows and technologies. Ensure seamless execution and reporting of control effectiveness. • Metrics & Reporting: • Develop and maintain operational metrics and dashboards to track control performance. Provide regular updates to leadership and stakeholders. • Collaboration & Communication: • Engage with cross-functional teams including GIS, cloud engineering, mobile development, and enterprise risk. Communicate technical findings and strategic recommendations clearly to both technical and non-technical audiences. • Continuous Improvement: • Stay current with emerging malware tactics targeting cloud and mobile platforms. Lead initiatives to enhance detection, prevention, and response capabilities. Minimum 5 Years of Experience **Required Qualifications** • 5+ years of experience in malware analysis and incident response, with a focus on cloud and/or mobile platforms. • Strong understanding of cloud service provider security models (AWS, Azure, GCP). • Experience with mobile malware analysis (Android/iOS), including static and dynamic techniques. • Familiarity with cloud-native security tools and mobile threat defense platforms. • Ability to assess malware threats and extract Indicators of Compromise (IoCs). • Strong documentation and reporting skills. • Experience working in large enterprise environments with cross-functional teams. **Desired Qualifications** • Experience with sandbox technologies and virtualized analysis environments. • Knowledge of mobile app reverse engineering tools (e.g., JADX, Frida, MobSF). • Familiarity with cloud logging and monitoring tools (e.g., CloudTrail, Azure Monitor). • Experience with SIEM platforms and event correlation. • Knowledge of forensic artifacts in cloud and mobile environments. • Experience with mobile security products like Lookout, CrowdStrike Mobile • Experience with Microsoft Defender, Microsoft Sentinel, AWS Guard Duty, Google Cloud Security Center) Certifications (Desired but not Required) • CCSP, CCSK, GPCS, GMOB, GCIH, GREM, GCFA, GCFE, CISSP, or equivalent certifications. **Skills:** + Cyber Security + Data Privacy and Protection + Problem Solving + Process Management + Threat Analysis + Access and Identity Management + Business Acumen + Interpret Relevant Laws, Rules, and Regulations + Risk Analytics + Stakeholder Management + Data Governance + Data and Trend Analysis + Incident Management + Information Systems Management + Technology System Assessment **Shift:** 1st shift (United States of America) **Hours Per Week:** 40 Bank of America and its affiliates consider for employment and hire qualified candidates without regard to race, religious creed, religion, color, sex, sexual orientation, genetic information, gender, gender identity, gender expression, age, national origin, ancestry, citizenship, protected veteran or disability status or any factor prohibited by law, and as such affirms in policy and practice to support and promote the concept of equal employment opportunity, in accordance with all applicable federal, state, provincial and municipal laws. The company also prohibits discrimination on other bases such as medical condition, marital status or any other factor that is irrelevant to the performance of our teammates. To view the "Know your Rights" poster, CLICK HERE (https://www.eeoc.gov/sites/default/files/2023-06/22-088\_EEOC\_KnowYourRights6.12.pdf) . View the LA County Fair Chance Ordinance (https://dcba.lacounty.gov/wp-content/uploads/2024/08/FCOE-Official-Notice-Eng-Final-8.30.2024.pdf) . Bank of America aims to create a workplace free from the dangers and resulting consequences of illegal and illicit drug use and alcohol abuse. Our Drug-Free Workplace and Alcohol Policy (“Policy”) establishes requirements to prevent the presence or use of illegal or illicit drugs or unauthorized alcohol on Bank of America premises and to provide a safe work environment. Bank of America is committed to an in-office culture with specific requirements for office-based attendance and which allows for an appropriate level of flexibility for our teammates and businesses based on role-specific considerations. Should you be offered a role with Bank of America, your hiring manager will provide you with information on the in-office expectations associated with your role. These expectations are subject to change at any time and at the sole discretion of the Company. To the extent you have a disability or sincerely held religious belief for which you believe you need a reasonable accommodation from this requirement, you must seek an accommodation through the Bank’s required accommodation request process before your first day of work. This communication provides information about certain Bank of America benefits. Receipt of this document does not automatically entitle you to benefits offered by Bank of America. Every effort has been made to ensure the accuracy of this communication. However, if there are discrepancies between this communication and the official plan documents, the plan documents will always govern. Bank of America retains the discretion to interpret the terms or language used in any of its communications according to the provisions contained in the plan documents. Bank of America also reserves the right to amend or terminate any benefit plan in its sole discretion at any time for any reason.