Back to search results

Manual Ethical Hacker

Addison, Texas;

Job Description:

Manual Ethical Hacking is part of the Application Development Security Framework Program within Cyber Security Defense. The program provides services to assess the vulnerability of the bank’s applications to malicious hacking activity.

The role will be responsible for conducting application security assessments and penetration tests of the Bank’s internal and external web, mobile and web service applications using manual and automated tools in order to uncover and report security vulnerabilities that exist.

Responsibilities include, but are not limited to:
•Understanding the requirements of the applications and how to use it
• Testing applications using a variety of tools to identify vulnerabilities that could expose the Bank to risk
• Monitoring existing and proposed security standard setting groups
• Conducting meetings to communicate the findings and implications and set realistic timescales for remediation
• Providing technical support to clients, management and staff throughout risk assessments and the implementation of appropriate data security procedures and products
• Acting as a SME, providing guidance and knowledge to reduce the vulnerabilities and risk when apps are being created
• Sharing knowledge with technical and non-technical colleagues through training sessions
• Risk management

Required Skills:
Expert level experience and very detailed technical knowledge in at least 3 of the following areas: general information security; security engineering; application architecture; authentication and security protocols; applications session management; applied cryptography; common communication protocols; mobile frameworks; single sign-on technologies; exploit automation platforms; RESTful web services
• One or more of the following certifications (desirable): CISSP, CJEH, OSCP or qualified work experience
• Technical expertise in conducting web application ethical hacking assessments.
• Ability to demonstrate manual web application testing experience i.e. must be able to simulate a SQL inject/Cross-site script attack without the use of tools
• Knowledge of network and Web related protocols/technologies (e.g. UNIX/LINUX, TCP/IP, Cookies)
• Experience with vulnerability assessment tools and penetration testing techniques
• Solid programming/debugging skills
• Experience of using a variety of tools, included, but not limited to, IBM AppScan, Burp and SQL Map
• Strong scripting skills desirable
• Ability to learn and apply critical thinking in a variety of situations
• Effective written and oral communication skills
• Ability to multi task and handle multiple projects

Job Band:

H5

Shift: 

1st shift (United States of America)

Hours Per Week:

40

Weekly Schedule:

Referral Bonus Amount:

0

Job Description:

Manual Ethical Hacking is part of the Application Development Security Framework Program within Cyber Security Defense. The program provides services to assess the vulnerability of the bank’s applications to malicious hacking activity.

The role will be responsible for conducting application security assessments and penetration tests of the Bank’s internal and external web, mobile and web service applications using manual and automated tools in order to uncover and report security vulnerabilities that exist.

Responsibilities include, but are not limited to:
•Understanding the requirements of the applications and how to use it
• Testing applications using a variety of tools to identify vulnerabilities that could expose the Bank to risk
• Monitoring existing and proposed security standard setting groups
• Conducting meetings to communicate the findings and implications and set realistic timescales for remediation
• Providing technical support to clients, management and staff throughout risk assessments and the implementation of appropriate data security procedures and products
• Acting as a SME, providing guidance and knowledge to reduce the vulnerabilities and risk when apps are being created
• Sharing knowledge with technical and non-technical colleagues through training sessions
• Risk management

Required Skills:
Expert level experience and very detailed technical knowledge in at least 3 of the following areas: general information security; security engineering; application architecture; authentication and security protocols; applications session management; applied cryptography; common communication protocols; mobile frameworks; single sign-on technologies; exploit automation platforms; RESTful web services
• One or more of the following certifications (desirable): CISSP, CJEH, OSCP or qualified work experience
• Technical expertise in conducting web application ethical hacking assessments.
• Ability to demonstrate manual web application testing experience i.e. must be able to simulate a SQL inject/Cross-site script attack without the use of tools
• Knowledge of network and Web related protocols/technologies (e.g. UNIX/LINUX, TCP/IP, Cookies)
• Experience with vulnerability assessment tools and penetration testing techniques
• Solid programming/debugging skills
• Experience of using a variety of tools, included, but not limited to, IBM AppScan, Burp and SQL Map
• Strong scripting skills desirable
• Ability to learn and apply critical thinking in a variety of situations
• Effective written and oral communication skills
• Ability to multi task and handle multiple projects

Shift:

1st shift (United States of America)

Hours Per Week: 

40

Learn more about this role

Full time

JR-21075870

Band: H5

Manages People: No

Travel: Yes, 5% of the time

Manager:

Talent Acquisition Contact:

Nicolas Skaric

Referral Bonus:

0

Colorado job seekers

In accordance with Colorado law:

if you have questions about compensation and general benefits information for this job posting, please email equalpayinformation@bofa.com. This is a dedicated mailbox designed to exclusively support job seekers requesting information under the Colorado law. Only inquiries for this purpose will receive a reply. For all other inquiries, please review our Frequently Asked Questions.