Manual Ethical Hacker

Job Description:

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. Responsible Growth is how we run our company and how we deliver for our clients, teammates, communities and shareholders every day.

One of the keys to driving Responsible Growth is being a great place to work for our teammates around the world. We're devoted to being a diverse and inclusive workplace for everyone. We hire individuals with a broad range of backgrounds and experiences and invest heavily in our teammates and their families by offering competitive benefits to support their physical, emotional, and financial well-being.

Bank of America believes both in the importance of working together and offering flexibility to our employees. We use a multi-faceted approach for flexibility, depending on the various roles in our organization.

• Understanding the requirements of the applications and how to use it
• Testing applications using a variety of tools to identify vulnerabilities that could expose the Bank to risk
• Monitoring existing and proposed security standard setting groups
• Conducting meetings to communicate the findings and implications and set realistic timescales for remediation
• Providing technical support to clients, management and staff throughout risk assessments and the implementation of appropriate data security procedures and products
• Acting as a SME, providing guidance and knowledge to reduce the vulnerabilities and risk when apps are being created
• Sharing knowledge with technical and non-technical colleagues through training sessions
• Risk management

• Minimum of 4+ years of professional experience
• Expert level experience and very detailed technical knowledge in at least 3 of the following areas: general information security; security engineering; application architecture; authentication and security protocols; applications session management; applied cryptography; common communication protocols; mobile frameworks; single sign-on technologies; exploit automation platforms; RESTful web services
• Able to manually identify and reproduce findings, discuss remediation concepts, develop PoCs for vulnerabilities, can use scripting/coding techniques, proficiently execute common penetration testing tools, triage and support incidents, and produce high-value findings
• One or more of the following certifications (desirable): CISSP, CJEH, OSCP or qualified work experience
• Technical expertise in conducting web application ethical hacking assessments.
• Ability to demonstrate manual web application testing experience i.e. must be able to simulate a SQL inject/Cross-site script attack without the use of tools
• Knowledge of network and Web related protocols/technologies (e.g. UNIX/LINUX, TCP/IP, Cookies)
• Experience with vulnerability assessment tools and penetration testing techniques
• Solid programming/debugging skills
• Experience of using a variety of tools, included, but not limited to, IBM AppScan, Burp and SQL Map
• Strong scripting skills desirable
• Ability to learn and apply critical thinking in a variety of situations
• Effective written and oral communication skills
• Ability to multi task and handle multiple projects