USNLX Ability Jobs

USNLX Ability Careers

Job Information

Bank of America Ethical Hacking Analyst in Atlanta, Georgia

Ethical Hacking Analyst

Addison, Texas;Seattle, Washington; Atlanta, Georgia; Denver, Colorado; Jersey City, New Jersey; Charlotte, North Carolina; Washington, District of Columbia; San Antonio, Texas; Jacksonville, Florida

Job Description:

The Ethical Hacking Analyst will join a dynamic team of world class security experts to conduct application security/penetration tests of our internal/external web, mobile and web service applications, leveraging both manual techniques as well as automated tools in order to uncover and report security vulnerabilities that exist.

You will be knowledgeable with business risks associated to common security vulnerabilities and to be able to effectively communicate security vulnerabilities to application developers and/or senior managers who may have little to no experience with application security vulnerabilities.

The ability to work independently in a very large scale, enterprise setting is a great skill to possess. Previous experience as an application security professional with a large Financial Institution a plus.

Required Skills:

  • BS/MS in Computer Science (or relevant work experience in a large scale IT environment)

  • Experience conducting vulnerability assessments, code reviews and penetration tests against web/mobile application technologies, services, platforms and languages to find flaws and exploits (e.g. SQL Injection, Cross-Site Scripting, Cross-Site Request Forgery, Clickjacking, Authentication/Authorization, Privilege Escalation, Business Logic Bypass, OWASP Top 10, SANS Top 25 etc)

  • Knowledge of network and Web related protocols/technologies

  • Ability to demonstrate manual web application testing experience

  • Experience with web application vulnerability scanning tools (e.g. IBM AppScan, HP Webinspect, Acunetix, NTO Spider, Burpsuite Pro etc.)

  • Experience with vulnerability assessment tools and penetration testing techniques (e.g. web application proxies, packet capture analysis software, browser extensions, advanced penetration testing Linux distributions, static source code analyzers, SoapUI etc.)

  • Experience of penetration testing on mobile platforms such as iOS, Android, Windows and RIM.

  • Solid programming/debugging skills with proficiency in one or more of the following: Java, JavaScript, HTML, XML, PHP, ASP.NET, AJAX, JSON, Objective-C.

  • Expert-level experience and very details technical knowledge in at least 3 of the following areas: general information security; security engineering; application architecture; authentication and security protocols; application session management; applied cryptography; common communication protocols; mobile frameworks, single sign-on technologies; exploit automation platforms; RESTful web services

  • Demonstrated ability to learn and apply critical thinking to a variety of situations

  • One or more of the following certifications: CISSO, GWAPT, CEH, OSCP (or qualified work experience)

  • Strong scripting skills (e.g. Python, Perl, Shell script, JavaScript

  • Experience as a developer

  • Mobile programming abilities such as Xcode, Objective-C

  • Knowledge of a Structured Query Language

Enterprise Role Overview:

Analyzes, improves, implements, and executes security controls proactively to prevent external threat actors from infiltrating company information or systems. Researches more advanced and complex attempts/efforts to compromise security protocols. Maintains or reviews security systems, assesses security policies that control access to systems, and provides regular status updates to the management team. Typically has 5-10 years of relevant experience and will act as an individual contributor.

Job Band:

H5

Shift:

1st shift (United States of America)

Hours Per Week:

40

Weekly Schedule:

Referral Bonus Amount:

0

Job Description:

The Ethical Hacking Analyst will join a dynamic team of world class security experts to conduct application security/penetration tests of our internal/external web, mobile and web service applications, leveraging both manual techniques as well as automated tools in order to uncover and report security vulnerabilities that exist.

You will be knowledgeable with business risks associated to common security vulnerabilities and to be able to effectively communicate security vulnerabilities to application developers and/or senior managers who may have little to no experience with application security vulnerabilities.

The ability to work independently in a very large scale, enterprise setting is a great skill to possess. Previous experience as an application security professional with a large Financial Institution a plus.

Required Skills:

  • BS/MS in Computer Science (or relevant work experience in a large scale IT environment)

  • Experience conducting vulnerability assessments, code reviews and penetration tests against web/mobile application technologies, services, platforms and languages to find flaws and exploits (e.g. SQL Injection, Cross-Site Scripting, Cross-Site Request Forgery, Clickjacking, Authentication/Authorization, Privilege Escalation, Business Logic Bypass, OWASP Top 10, SANS Top 25 etc)

  • Knowledge of network and Web related protocols/technologies

  • Ability to demonstrate manual web application testing experience

  • Experience with web application vulnerability scanning tools (e.g. IBM AppScan, HP Webinspect, Acunetix, NTO Spider, Burpsuite Pro etc.)

  • Experience with vulnerability assessment tools and penetration testing techniques (e.g. web application proxies, packet capture analysis software, browser extensions, advanced penetration testing Linux distributions, static source code analyzers, SoapUI etc.)

  • Experience of penetration testing on mobile platforms such as iOS, Android, Windows and RIM.

  • Solid programming/debugging skills with proficiency in one or more of the following: Java, JavaScript, HTML, XML, PHP, ASP.NET, AJAX, JSON, Objective-C.

  • Expert-level experience and very details technical knowledge in at least 3 of the following areas: general information security; security engineering; application architecture; authentication and security protocols; application session management; applied cryptography; common communication protocols; mobile frameworks, single sign-on technologies; exploit automation platforms; RESTful web services

  • Demonstrated ability to learn and apply critical thinking to a variety of situations

  • One or more of the following certifications: CISSO, GWAPT, CEH, OSCP (or qualified work experience)

  • Strong scripting skills (e.g. Python, Perl, Shell script, JavaScript

  • Experience as a developer

  • Mobile programming abilities such as Xcode, Objective-C

  • Knowledge of a Structured Query Language

Enterprise Role Overview:

Analyzes, improves, implements, and executes security controls proactively to prevent external threat actors from infiltrating company information or systems. Researches more advanced and complex attempts/efforts to compromise security protocols. Maintains or reviews security systems, assesses security policies that control access to systems, and provides regular status updates to the management team. Typically has 5-10 years of relevant experience and will act as an individual contributor.

Shift:

1st shift (United States of America)

Hours Per Week:

40

Learn more about this role

Full time

JR-22041199

Band: H5

Manages People: No

Travel: Yes, 5% of the time

Manager:

Talent Acquisition Contact:

Michael Geddie

Referral Bonus:

0

Colorado pay and benefits information

Colorado pay range:

$86,500 - $135,000 annualized salary, offers to be determined based on experience, education and skill set.

Discretionary incentive eligible

This role is eligible to participate in the annual discretionary plan. Employees are eligible for an annual discretionary award based on their overall individual performance results and behaviors, the performance and contributions of their line of business and/or group; and the overall success of the Company.

Benefits

This role is currently benefits eligible . We provide industry-leading benefits, resources and support to our employees so they can make a genuine impact and contribute to the sustainable growth of our business and the communities we serve.

Bank of America and its affiliates consider for employment and hire qualified candidates without regard to race, religious creed, religion, color, sex, sexual orientation, genetic information, gender, gender identity, gender expression, age, national origin, ancestry, citizenship, protected veteran or disability status or any factor prohibited by law, and as such affirms in policy and practice to support and promote the concept of equal employment opportunity and affirmative action, in accordance with all applicable federal, state, provincial and municipal laws. The company also prohibits discrimination on other bases such as medical condition, marital status or any other factor that is irrelevant to the performance of our teammates.

To view the "EEO is the Law" poster, CLICK HERE (https://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf) .

To view the "EEO is the Law" Supplement, CLICK HERE (https://www.dol.gov/ofccp/regs/compliance/posters/pdf/OFCCP_EEO_Supplement_Final_JRF_QA_508c.pdf) .

Bank of America aims to create a workplace free from the dangers and resulting consequences of illegal and illicit drug use and alcohol abuse. Our Drug-Free Workplace and Alcohol Policy (“Policy”) establishes requirements to prevent the presence or use of illegal or illicit drugs or unauthorized alcohol on Bank of America premises and to provide a safe work environment.

To view Bank of America’s Drug-free workplace and alcohol policy, CLICK HERE .

DirectEmployers