SVP; Senior Offensive Security Professional

Job Description:

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. We do this by driving Responsible Growth and delivering for our clients, teammates, communities and shareholders every day.

Being a Great Place to Work is core to how we drive Responsible Growth. This includes our commitment to being an inclusive workplace, attracting and developing exceptional talent, supporting our teammates' physical, emotional, and financial wellness, recognizing and rewarding performance, and how we make an impact in the communities we serve.

Bank of America is committed to an in-office culture with specific requirements for office-based attendance and which allows for an appropriate level of flexibility for our teammates and businesses based on role-specific considerations.

At Bank of America, you can build a successful career with opportunities to learn, grow, and make an impact. Join us!

Responsibilities

• Monitor metrics, ensure process adherence, review and revise process standards, engage with stakeholders, handle process level escalations & automation of tasks.
• Create and maintain multiple tools which support the execution of the function and collectively save the organization thousands of person hours per year.
• Coordinate with senior leadership on development projects.
• Assist the application stakeholders understand the vulnerabilities identified and articulate the risk in salient business terms.
• Partner with information security and technology senior leadership on application security risk management initiatives.
• Apply knowledge of tactics, techniques, and procedures associated with malicious insider activity, organized crime/fraud groups and both state and non-state sponsored threat actors.
• Ensure cybersecurity protection is integrated at all layers of defense.
• Participate in alert responses and problem-solving workgroups across multiple functions with a focus on the enterprise risk framework.
• Remote work may be permitted within a commutable distance from the worksite.

• Bachelor's degree or equivalent in Applied Computer Science, CIS, MIS, Engineering (any), or related: and
• 5 years of progressively responsible experience in the job offered or a related IT occupation.
• Must include 5 years of experience in each of the following:
• Manually identifying and reproducing findings, discussing remediation concepts, developing PoCs for vulnerabilities, using scripting/coding techniques, proficiently executing common penetration testing tools, triage, and support incidents, and producing high value findings;
• Performing manual web application assessments including simulating a OWASP Top 10 vulnerabilities without the use of tools;
• Assessing & analyzing source codes for web and mobile applications for identifying vulnerabilities using Java, .Net, Python, Android, Objective C, Swift, etc;
• Utilizing vulnerability assessment tools including Checkmarx, Burp, Invicti, SOAP UI, and penetration testing techniques for exploring, corelating & crafting successful exploits as part of the correlational effort pertaining to source code and manual ethical hacking vulnerability assessments; and,
• Using solid programming/debugging skills, development frameworks, CVE and CWE research/reproduction towards identifying security vulnerabilities in web and mobile applications and corelate in manual ethical hacking vulnerability assessment.