girl looking into her desktop
Back to search results

Manual Ethical Hacking Specialist

Camberley, , United Kingdom

Job Description:

Job Title: Manual Ethical Hacking Specialist

Corporate Title: Vice President

Location: Camberley

The Cyber Security Assurance (CSA) department is responsible for providing an uncompromised technology and application environment for employees, customers, clients, and shareholders through continuous comprehensive cyber security testing. CSA consists of multiple assessment teams that focuses on different technology, platform, and stakeholders.

As a Manual Ethical Hacking Specialist, you will join a dynamic team of world class security experts to conduct application security/penetration tests of our internal/external web, mobile and web service applications, leveraging both manual techniques as well as automated tools in order to uncover and report security vulnerabilities that exist.

You will be knowledgeable with business risks associated with common security vulnerabilities and be able to effectively communicate security vulnerabilities to application developers and/or senior managers who may have little to no experience with application security vulnerability specifics.

Overview of the Role:

Responsibilities include, but are not limited to:

  • Understanding the requirements of the applications and how to use them
  • Testing applications using a variety of tools to identify vulnerabilities that could expose the Bank to risk
  • Monitoring existing and proposed security standard setting groups
  • Conducting meetings to communicate the findings and implications to stakeholders
  • Performing vulnerability fix verification testing in support of the remediation
  • Providing technical support to clients, management and staff throughout risk assessments and the implementation of appropriate data security procedures and products
  • Acting as a SME, providing guidance and knowledge to reduce the vulnerabilities and risk when apps are being created
  • Sharing knowledge with technical and non-technical colleagues directly and through training sessions
  • Ensuring identified Risks are managed effectively
  • Contributing to the development and enhancement of the control function

Qualifications:

BS/MS in Computer Science (or relevant work experience in a large scale IT environment)

Additionally Penetration testing specific qualifications would preferably include one or more from the following list;

  • CREST Registered Penetration Testers (CRT)
  • CREST Certified Web Application Tester (CCT-APP)
  • Offensive Security Certified Professional (OSCP)
  • Offensive Security Certified Expert (OSCE)
  • Offensive Security Exploitation Expert (OSEE)
  • Offensive Security Web Expert (OSWE)
  • SANS GIAC Penetration Tester (GPEN)
  • SANS GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
  • SANS GIAC Web Application Penetration Tester (GWAPT)
  • Certified Ethical Hacker (CEH)

Core Skills:

  • Experience in conducting vulnerability assessments, code reviews and penetration tests against web/mobile application technologies, services, platforms and languages to find flaws and exploits (e.g. SQL Injection, Cross-Site Scripting, Cross-Site Request Forgery, Remote Code Execution, Authentication/Authorization, Privilege Escalation, Business Logic Bypass, etc.)
  • Experience in conducting Threat Modeling
  • Knowledge of network and Web related protocols/technologies
  • Experience with web application vulnerability scanning tools (e.g. IBM AppScan, NetSparker, Burp Suite pro etc.)
  • Experience with vulnerability assessment tools and penetration testing techniques (e.g. web application proxies, packet capture analysis software, browser extensions, advanced penetration testing Linux distributions, static source code analyzers, SoapUI etc.)
  • Experience of penetration testing on mobile platforms such as iOS, Android, Windows and RIM.
  • Solid programming/debugging skills with proficiency in one or more of the following:
    • Java, JavaScript, HTML, XML, PHP, ASP.NET, AJAX, JSON, Objective-C.
  • Strong scripting skills (e.g. Python, Perl, Shell script, JavaScript)
  • Mobile programming abilities such as Xcode, Objective-C
  • Knowledge of a Structured Query Language
  • Expert-level experience and very detailed technical knowledge in at least 3 of the following areas:

general information security; security engineering; application architecture; authentication and security protocols; application session management; applied cryptography; common communication protocols; mobile frameworks, single sign-on technologies; exploit automation platforms; RESTful web services

Competencies:

•             The ability to work independently and as part of a team, in a very large scale, enterprise setting.

•             Previous experience as an application security professional with a large Financial Institution is a plus.

•             Intellectually Curious

•             Consistently thinks like a threat actor

•             Demonstrated ability to learn and apply critical thinking to a variety of situations

•             Ability to clearly communicate (written & verbal) business risk associated with a given vulnerability

•             Adaptable & Flexible approach to work

•             Ability to demonstrate manual web application testing experience

Bank of America:

Every day, across the globe, our employees bring a commitment to our purpose and to driving responsible growth by living our values: deliver together, act responsibly, realize the power of our people and trust the team. A key aspect of driving responsible growth is doing so in a sustainable manner, a critical pillar of which is being a great place to work for our teammates.

In line with these values, in EMEA we have 9 Employee Networks, a wide range of Sports & Social clubs, and other development and networking opportunities so that you can enjoy a range of experiences and connect with colleagues across the bank. We also offer exclusive discounts to some of the most iconic cultural experiences for you to enjoy in your spare time outside of work. Learn more about our benefits here.

Good conduct and sound judgment is crucial to our long term success. It’s important that all employees in the organisation understand the expected standards of conduct and how we manage conduct risk. Individual accountability and an ownership mind-set are the cornerstones of our Code of Conduct and are at the heart of managing risk well.

We are an equal opportunities employer, and ensure that no applicant is subject to less favourable treatment on the grounds of gender, gender identity, marital status, race, colour, nationality, ethnic or national origins, age, sexual orientation, socio-economic background, responsibilities for dependants, physical or mental disability. The Bank selects candidates for interview based on their skills, qualifications and experience.

We strive to ensure that our recruitment processes are accessible for all candidates and encourage any candidates to tell us about any adjustment requirements. As part of our standard hiring process to manage risk, please note background screening checks will be conducted on all hires before commencing employment.

Job Band:

H5

Shift: 

Hours Per Week:

35

Weekly Schedule:

Referral Bonus Amount:

0

Job Description:

Job Title: Manual Ethical Hacking Specialist

Corporate Title: Vice President

Location: Camberley

The Cyber Security Assurance (CSA) department is responsible for providing an uncompromised technology and application environment for employees, customers, clients, and shareholders through continuous comprehensive cyber security testing. CSA consists of multiple assessment teams that focuses on different technology, platform, and stakeholders.

As a Manual Ethical Hacking Specialist, you will join a dynamic team of world class security experts to conduct application security/penetration tests of our internal/external web, mobile and web service applications, leveraging both manual techniques as well as automated tools in order to uncover and report security vulnerabilities that exist.

You will be knowledgeable with business risks associated with common security vulnerabilities and be able to effectively communicate security vulnerabilities to application developers and/or senior managers who may have little to no experience with application security vulnerability specifics.

Overview of the Role:

Responsibilities include, but are not limited to:

  • Understanding the requirements of the applications and how to use them
  • Testing applications using a variety of tools to identify vulnerabilities that could expose the Bank to risk
  • Monitoring existing and proposed security standard setting groups
  • Conducting meetings to communicate the findings and implications to stakeholders
  • Performing vulnerability fix verification testing in support of the remediation
  • Providing technical support to clients, management and staff throughout risk assessments and the implementation of appropriate data security procedures and products
  • Acting as a SME, providing guidance and knowledge to reduce the vulnerabilities and risk when apps are being created
  • Sharing knowledge with technical and non-technical colleagues directly and through training sessions
  • Ensuring identified Risks are managed effectively
  • Contributing to the development and enhancement of the control function

Qualifications:

BS/MS in Computer Science (or relevant work experience in a large scale IT environment)

Additionally Penetration testing specific qualifications would preferably include one or more from the following list;

  • CREST Registered Penetration Testers (CRT)
  • CREST Certified Web Application Tester (CCT-APP)
  • Offensive Security Certified Professional (OSCP)
  • Offensive Security Certified Expert (OSCE)
  • Offensive Security Exploitation Expert (OSEE)
  • Offensive Security Web Expert (OSWE)
  • SANS GIAC Penetration Tester (GPEN)
  • SANS GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
  • SANS GIAC Web Application Penetration Tester (GWAPT)
  • Certified Ethical Hacker (CEH)

Core Skills:

  • Experience in conducting vulnerability assessments, code reviews and penetration tests against web/mobile application technologies, services, platforms and languages to find flaws and exploits (e.g. SQL Injection, Cross-Site Scripting, Cross-Site Request Forgery, Remote Code Execution, Authentication/Authorization, Privilege Escalation, Business Logic Bypass, etc.)
  • Experience in conducting Threat Modeling
  • Knowledge of network and Web related protocols/technologies
  • Experience with web application vulnerability scanning tools (e.g. IBM AppScan, NetSparker, Burp Suite pro etc.)
  • Experience with vulnerability assessment tools and penetration testing techniques (e.g. web application proxies, packet capture analysis software, browser extensions, advanced penetration testing Linux distributions, static source code analyzers, SoapUI etc.)
  • Experience of penetration testing on mobile platforms such as iOS, Android, Windows and RIM.
  • Solid programming/debugging skills with proficiency in one or more of the following:
    • Java, JavaScript, HTML, XML, PHP, ASP.NET, AJAX, JSON, Objective-C.
  • Strong scripting skills (e.g. Python, Perl, Shell script, JavaScript)
  • Mobile programming abilities such as Xcode, Objective-C
  • Knowledge of a Structured Query Language
  • Expert-level experience and very detailed technical knowledge in at least 3 of the following areas:

general information security; security engineering; application architecture; authentication and security protocols; application session management; applied cryptography; common communication protocols; mobile frameworks, single sign-on technologies; exploit automation platforms; RESTful web services

Competencies:

•             The ability to work independently and as part of a team, in a very large scale, enterprise setting.

•             Previous experience as an application security professional with a large Financial Institution is a plus.

•             Intellectually Curious

•             Consistently thinks like a threat actor

•             Demonstrated ability to learn and apply critical thinking to a variety of situations

•             Ability to clearly communicate (written & verbal) business risk associated with a given vulnerability

•             Adaptable & Flexible approach to work

•             Ability to demonstrate manual web application testing experience

Bank of America:

Every day, across the globe, our employees bring a commitment to our purpose and to driving responsible growth by living our values: deliver together, act responsibly, realize the power of our people and trust the team. A key aspect of driving responsible growth is doing so in a sustainable manner, a critical pillar of which is being a great place to work for our teammates.

In line with these values, in EMEA we have 9 Employee Networks, a wide range of Sports & Social clubs, and other development and networking opportunities so that you can enjoy a range of experiences and connect with colleagues across the bank. We also offer exclusive discounts to some of the most iconic cultural experiences for you to enjoy in your spare time outside of work. Learn more about our benefits here.

Good conduct and sound judgment is crucial to our long term success. It’s important that all employees in the organisation understand the expected standards of conduct and how we manage conduct risk. Individual accountability and an ownership mind-set are the cornerstones of our Code of Conduct and are at the heart of managing risk well.

We are an equal opportunities employer, and ensure that no applicant is subject to less favourable treatment on the grounds of gender, gender identity, marital status, race, colour, nationality, ethnic or national origins, age, sexual orientation, socio-economic background, responsibilities for dependants, physical or mental disability. The Bank selects candidates for interview based on their skills, qualifications and experience.

We strive to ensure that our recruitment processes are accessible for all candidates and encourage any candidates to tell us about any adjustment requirements. As part of our standard hiring process to manage risk, please note background screening checks will be conducted on all hires before commencing employment.

Learn more about this role

Full time

JR-21043752

Band: H5

Manages People:

Manager:

Talent Acquisition Contact:

Craig Roche

Referral Bonus:

0

Street Address

Primary Location:
STANHOPE RD, Camberley, GU15 3BW