Manual Ethical Hacker

Manual Ethical HackerDenver, Colorado;Seattle, Washington; Addison, Texas; Richmond, Virginia; Jersey City, New Jersey; Boston, Massachusetts;

Charlotte, North Carolina; Washington, District of Columbia; Jacksonville, Florida; Chicago, IllinoisJob Description : At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection.

Responsible Growth is how we run our company and how we deliver for our clients, teammates, communities and shareholders every day.

One of the keys to driving Responsible Growth is being a great place to work for our teammates around the world. We’re devoted to being a diverse and inclusive workplace for everyone.

We hire individuals with a broad range of backgrounds and experiences and invest heavily in our teammates and their families by offering competitive benefits to support their physical, emotional, and financial well-being.

Bank of America believes both in the importance of working together and offering flexibility to our employees. We use a multi-faceted approach for flexibility, depending on the various roles in our organization.

Working at Bank of America will give you a great career with opportunities to learn, grow and make an impact, along with the power to make a difference.

Join us!About Bank of America Global Technology : Global Technology delivers technology services globally across the bank’s eight lines of business that serve individuals, companies, and institutions.

The team also focuses on digital banking, payments, infrastructure, data management and technology that enhances cyber security, and risk and capital management.

Innovation is at the heart of all Global Technology does.Manual Ethical Hacking is part of the Application Development Security Framework Program within Cyber Security Assurance.

The program provides services to assess the vulnerability of the bank’s applications to malicious hacking activity.The role will be responsible for conducting application security assessments and penetration tests of the Bank’s internal and external web, mobile and web service applications using manual and automated tools in order to uncover and report security vulnerabilities that exist.

• Responsibilities include, but are not limited to : Understanding the requirements of the applications and how to use itTesting applications using a variety of tools to identify vulnerabilities that could expose the Bank to riskMonitoring existing and proposed security standard setting groupsConducting meetings to communicate the findings and implications and set realistic timescales for remediationProviding technical support to clients, management and staff throughout risk assessments and the implementation of appropriate data security procedures and productsActing as a SME, providing guidance and knowledge to reduce the vulnerabilities and risk when apps are being createdSharing knowledge with technical and non-technical colleagues through training sessionsRisk managementRequired Skills : Minimum of 4+ years of professional experienceExpert level experience and very detailed technical knowledge in at least 3 of the following areas : general information security;
• security engineering; application architecture; authentication and security protocols; applications session management; applied cryptography;

common communication protocols; mobile frameworks; single sign-on technologies; exploit automation platforms; RESTful web servicesAble to manually identify and reproduce findings, discuss remediation concepts, develop PoCs for vulnerabilities, can use scripting / coding techniques, proficiently execute common penetration testing tools, triage and support incidents, and produce high-value findingsOne or more of the following certifications (desirable) : CISSP, CJEH, OSCP or qualified work experienceTechnical expertise in conducting web application ethical hacking assessments.

Ability to demonstrate manual web application testing experience i.e. must be able to simulate a SQL inject / Cross-site script attack without the use of toolsKnowledge of network and Web related protocols / technologies (e.

g. UNIX / LINUX, TCP / IP, Cookies)Experience with vulnerability assessment tools and penetration testing techniquesSolid programming / debugging skillsExperience of using a variety of tools, included, but not limited to, IBM AppScan, Burp and SQL MapStrong scripting skills desirableAbility to learn and apply critical thinking in a variety of situationsEffective written and oral communication skillsAbility to multi task and handle multiple projectsEnterprise Role Overview : Analyzes, improves, implements, and executes security controls proactively to prevent external threat actors from infiltrating company information or systems.

Researches more advanced and complex attempts / efforts to compromise security protocols. Maintains or reviews security systems, assesses security policies that control access to systems, and provides regular status updates to the management team.

Typically has 5-10 years of relevant experience and will act as an individual contributor.Shift : 1st shift (United States of America)Hours Per Week : 40Bank of America and its affiliates consider for employment and hire qualified candidates without regard to race, religious creed, religion, color, sex, sexual orientation, genetic information, gender, gender identity, gender expression, age, national origin, ancestry, citizenship, protected veteran or disability status or any factor prohibited by law, and as such affirms in policy and practice to support and promote the concept of equal employment opportunity and affirmative action, in accordance with all applicable federal, state, provincial and municipal laws.

The company also prohibits discrimination on other bases such as medical condition, marital status or any other factor that is irrelevant to the performance of our teammates.

To view the "EEO is the Law" poster, CLICK HERE () .To view the "EEO is the Law" Supplement, CLICK HERE () .Bank of America aims to create a workplace free from the dangers and resulting consequences of illegal and illicit drug use and alcohol abuse.

Our Drug-Free Workplace and Alcohol Policy ( Policy ) establishes requirements to prevent the presence or use of illegal or illicit drugs or unauthorized alcohol on Bank of America premises and to provide a safe work environment.

To view Bank of America’s Drug-free workplace and alcohol policy, CLICK HERE .