TR078 - Security Engineer III

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. Responsible Growth is how we run our company and how we deliver for our clients, teammates, communities, and shareholders every day.

One of the keys to driving Responsible Growth is being a great place to work for our teammates around the world. We’re devoted to being a diverse and inclusive workplace for everyone. We hire individuals with a broad range of backgrounds and experiences and invest heavily in our teammates and their families by offering competitive benefits to support their physical, emotional, and financial well-being.

 Bank of America believes both in the importance of working together and offering flexibility to our employees. We use a multi-faceted approach for flexibility, depending on the various roles in our organization.

Working at Bank of America will give you a great career with opportunities to learn, grow and make an impact, along with the power to make a difference. Join us!

Global Business Services

Global Business Services delivers Technology and Operations capabilities to Lines of Business and Staff Support Functions of Bank of America through a centrally managed, globally integrated delivery model and globally resilient operations.

Global Business Services is recognized for flawless execution, sound risk management, operational resiliency, operational excellence, and innovation.

In India, we are present in five locations and operate as BA Continuum India Private Limited (BACI), a non-banking subsidiary of Bank of America Corporation and the operating company for India operations of Global Business Services.

Process Overview

Global Information Security (GIS) is responsible for protecting bank information systems, confidential and proprietary data, and customer information. GIS develops the bank’s Information Security strategy and policy, manages the Information Security program, identifies and addresses vulnerabilities and operates global security operations center that monitor, detects and responds to cybersecurity incidents. Within GIS, the Cloud Security organization is responsible for leading a team of deeply technical cyber security engineers and architects to design and implement best in class cyber security capabilities for internal and external cloud instances in partnership with infrastructure and application technology teams. In addition, lead efforts across other Global Information Security functions to enable cyber security technology and operations in cloud environments.

Job Description

This role is for GIS Penetration testing team to conduct penetration tests and source code reviews of our internal/external web, mobile, web, and web API service applications, leveraging both manual techniques as well as automated tools to uncover and report security vulnerabilities that exist.

You must be knowledgeable with business risks associated to common security vulnerabilities and to be able to effectively communicate complex technical concepts such as security vulnerabilities to application developers and/or senior managers who may have little to no experience with application security.

You must have the ability to work independently in a very large scale, enterprise setting and collaborate with peer team members. Previous experience as an application security professional with a large Financial Institution a plus.

Requirements

Education: B.E. / B. Tech/M.E. /M. Tech

Certifications, If Any: GWAPT, CEH, OSCP, SANS, CEH

Experience Range: 10+ years

Foundational Skills:

• Strong hands-on experience in conducting comprehensive manual penetration tests and source code reviews against web, API, mobile applications, services, platforms, systems, and networks to identify security vulnerabilities.
• Solid experience in using various security tools such as Invicti, SoapUI, Burp Suite Pro, Checkmarx, Kali Linux, Metasploit, etc.
• Very Good Communication & Interpersonal skills.
• Knowledge of network and Web related protocols/technologies.
• Experience with latest penetration testing techniques (e.g., web application proxies, packet capture analysis software, browser extensions, advanced penetration testing tools (full stack), Linux distributions, Windows OS, etc.).
• Experience of penetration testing on mobile platforms such as iOS, Android, and mobile device simulators.
• Solid programming/debugging skills with proficiency in one or more of the following: Java, JavaScript, HTML, XML, PHP, ASP.NET, AJAX, JSON, Python, Perl, Shell script, Objective-C, and SOAP/REST web APIs.
• Expert-level experience and knowledge in the following areas:
  • Authentication and security protocols.
  • Application session management.
  • Applied cryptography.
  • Common communication protocols.
  • Mobile frameworks.
  • Single sign-on technologies.
  • Development frameworks (Angular, React, etc.).
  • Exploit automation platforms.
• Knowledge of a Structured Query Language.
• Developer experience or coding background (nice-to-have).

Desired Skills:

• Experience of penetration testing and source code reviews on web, API and mobile platforms.
• Solid programming/debugging skills with proficiency in one or more of the following: Java, JavaScript, HTML, XML, PHP, ASP.NET, AJAX, JSON, Objective-C, and SOAP/REST web APIs.

Work Timings:  11:00 AM to 8:00 PM

Job Location: Hyderabad, Mumbai, Chennai