About Bank of America:
Our purpose as a firm is to make financial lives better, through the power of every connection. Across the world, we partner with leading corporate and institutional investors through our offices in more than 35 countries. In the U.S. alone, we serve almost all of the Fortune 500 companies and approximately 67 million consumer and small-business clients. We provide a full suite of financial products and services, from banking and investments to asset and risk management. We cover a broad range of asset classes, making us a global leader in corporate and investment banking, sales and trading.
Connecting Asia Pacific to the World
Our Asia Pacific team is spread across 19 cities in 12 markets. We are focused on connecting Asia to the world and the world to Asia, using our global expertise to ensure success is shared between us, our clients and our communities. Our regional footprint covers 12 currencies, more than a dozen languages and five time zones, placing us firmly among the region’s leading financial services companies.
Background: The Cyber Security Assurance (CSA) department is responsible for providing an uncompromised technology and application environment for employees, customers, clients, and shareholders through continuous comprehensive cyber security testing. CSA department consists of multiple assessment teams that focuses on different technology, platform, and stakeholders.
As a Manual Ethical Hacker, you will be part of a dynamic team of world class security experts across Asia, Europe and US. You will be conducting application security assessments / penetration tests on various applications across different platforms and channels.
- Conducting application security assessments / penetration tests of internal / external web, mobile, & web service applications
- Identifying and reporting application security vulnerabilities leveraging both manual techniques as well as automated tools
- Being knowledgeable with business risks associated to common security vulnerabilities and be able to effectively communicate security vulnerabilities to application developers and/or senior managers who may have little to no experience with application security vulnerabilities
- Performing vulnerability fix verification testing in support of the remediation
- Providing application security SME support for regional stakeholders, technology team, and third parties
- BS/MS in Computer Science (or relevant work experience in a large scale IT environment)
- Experience conducting vulnerability assessments, code reviews and penetration tests against web/mobile application technologies, services, platforms and languages to discover flaws and exploits (e.g. SQL Injection, Cross-Site Scripting, Cross-Site Request Forgery, Clickjacking, Authentication/Authorization, Privilege Escalation, Business Logic Bypass, OWASP Top 10, SANS Top 25 etc.)
- Knowledge of network and Web related protocols/technologies
- Ability to demonstrate manual web application testing
- Experience with usage of web application vulnerability scanning tools (e.g. IBM AppScan, HP Webinspect, Acunetix, NTO Spider, Burpsuite Pro etc.)
- Experience with usage of vulnerability assessment tools and penetration testing techniques (e.g. web application proxies, packet capture analysis software, browser extensions, advanced penetration testing Linux distributions, static source code analyzers, SoapUI etc.)
- Experience of penetration testing on mobile platforms such as iOS, Android, Windows and RIM.
- Expert-level experience and very details technical knowledge in at least 3 of the following areas: general information security; security engineering; application architecture; authentication and security protocols; application session management; applied cryptography; common communication protocols; mobile frameworks, single sign-on technologies; exploit automation platforms; RESTful web services
- Demonstrated ability to learn and apply critical thinking to a variety of situations
- One or more of the following certifications: CISSO, GWAPT, CEH, OSCP (or qualified work experience)
- Experience as a developer
- Mobile programming abilities such as Xcode, Objective-C
- Knowledge of Structured Query Language
Learn more about this role