Bank of America Ethical Hacking Analyst ( Manual Penetration Tester) in Denver, Colorado
Are you passionate about working with the best information security team in the world? Bank of America is hiring top talent to join our team.
The Cyber Security Defense (CSD) function within Global Information Security is responsible for all aspects of threat intelligence and monitoring, application and network security, and insider threat. In addition, the CSD team drives out the enterprise-wide cyber exercise program.
The Ethical Hacking Analyst will join a dynamic team of world class security experts to conduct application security/penetration tests of our internal/external web, mobile and web service applications, leveraging both manual techniques as well as automated tools in order to uncover and report security vulnerabilities that exist.
You will be knowledgeable with business risks associated to common security vulnerabilities and to be able to effectively communicate security vulnerabilities to application developers and/or senior managers who may have little to no experience with application security vulnerabilities.
The ability to work independently in a very large scale, enterprise setting is a great skill to possess. Previous experience as an application security professional with a large Financial Institution a plus.
• BS/MS in Computer Science (or relevant work experience in a large scale IT environment) Expert in performing Application Security, Penetration Tester (Web, Mobile, WebServices) with deep understanding of risks associated with application security vulnerabilities.
• SME Level knowledge in the use of Application Security Scan Tools (ie BURP, AppScan, WebInspect, SOAP UI or etc)
• Certifications (OSCP, OSCE a plus)
• Uncommon, Niche skillset
• Experience conducting vulnerability assessments, code reviews and penetration tests against web/mobile application technologies, services, platforms and languages to find flaws and exploits (e.g. SQL Injection, Cross-Site Scripting, Cross-Site Request Forgery, Clickjacking, Authentication/Authorization, Privilege Escalation, Business Logic Bypass, OWASP Top 10, SANS Top 25 etc)
• Knowledge of network and Web related protocols/technologies
• Ability to demonstrate manual web application testing experience
• Experience with web application vulnerability scanning tools (e.g. IBM AppScan, HP Webinspect, Accuntix, NTO Spider, Burpsuite Pro etc.)
• Experience with vulnerability assessment tools and penetration testing techniques (e.g. web application proxies, packet capture analysis software, browser extensions, advanced penetration testing Linux distributions, static source code analyzers, SoapUI etc.)
• Experience of penetration testing on mobile platforms such as iOS, Android, Windows and RIM.
• Expert-level experience and very details technical knowledge in at least 3 of the following areas: general information security; security engineering; application architecture; authentication and security protocols; application session management; applied cryptography; common communication protocols; mobile frameworks, single sign-on technologies; exploit automation platforms; RESTful web services
• Demonstrated ability to learn and apply critical thinking to a variety of situations
• One or more of the following certifications: CISSO, GWAPT, CEH, OSCP (or qualified work experience)
• Experience as a developer
• Mobile programming abilities such as Xcode, Objective-C
• Knowledge of a Structured Query Language
Posting Date : 11/14/2018
Denver, CO, Union Station, 1801 16th St,
Washington, DC, 1800 K St NW (DC1842),
Chicago, IL, 135 S LA SALLE ST (IL4135),
Charlotte, NC, 13510 BALLANTYNE CORPORATE PL (NC2109),
Addison, TX, 16001 N Dallas Pkwy (TX8044),
- United States
Travel : Yes, 5% of the time
Full / Part-time : Full time
Hours Per Week : 40
Shift : 1st shift
Assistance for Applicants with Disabilities
Bank of America is committed to ensuring that our online application process provides an equal employment opportunity to all job seekers, including individuals with disabilities. If you believe you need a reasonable accommodation in order to search for a job opening or to submit an application, please visit the Applicants with Disabilities page at http://careers.bankofamerica.com/us/applicants-with-disabilities .
Diversity & Inclusion
At Bank of America, our commitment to diversity and inclusion is helping us to create not only a great place to work, but also an environment where our employees, our customers and our communities around the world can reach their goals and connect with each other. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.
Frequently Asked Questions
Need to know how to apply online, view a list of your submitted job applications or reset your password? Visit our FAQ at http://careers.bankofamerica.com/us/faq section for answers to these questions and more.