Sorry, this job is no longer accepting applications. See below for more jobs that match what you’re looking for!

Cybersecurity Ethical Hacking Analyst

Expired Job

Bank Of America Corporation Chicago , IL 60602

Posted 5 months ago

Job Description:

Are you passionate about working with the best information security team in the world? Bank of America is hiring top talent to join our team.

The Cyber Security Defense (CSD) function within Global Information Security is responsible for all aspects of threat intelligence and monitoring, application and network security, and insider threat. In addition, the CSD team drives out the enterprise-wide cyber exercise program.

The Ethical Hacking Analyst will join a dynamic team of world class security experts to conduct application security/penetration tests of our internal/external web, mobile and web service applications, leveraging both manual techniques as well as automated tools in order to uncover and report security vulnerabilities that exist.

You will be knowledgeable with business risks associated to common security vulnerabilities and to be able to effectively communicate security vulnerabilities to application developers and/or senior managers who may have little to no experience with application security vulnerabilities.

The ability to work independently in a very large scale, enterprise setting is a great skill to possess. Previous experience as an application security professional with a large Financial Institution a plus.

Required Skills:

  • Experience conducting vulnerability assessments, code reviews and penetration tests against web/mobile application technologies, services, platforms and languages to find flaws and exploits (e.g. SQL Injection, Cross-Site Scripting, Cross-Site Request Forgery, Clickjacking, Authentication/Authorization, Privilege Escalation, Business Logic Bypass, OWASP Top 10, SANS Top 25 etc)

  • Knowledge of network and Web related protocols/technologies

  • Ability to demonstrate manual web application testing experience

  • Experience with web application vulnerability scanning tools (e.g. IBM AppScan, HP Webinspect, Accuntix, NTO Spider, Burpsuite Pro etc.)

  • Experience with vulnerability assessment tools and penetration testing techniques (e.g. web application proxies, packet capture analysis software, browser extensions, advanced penetration testing Linux distributions, static source code analyzers, SoapUI etc.)

  • Experience of penetration testing on mobile platforms such as iOS, Android, Windows and RIM.

  • Solid programming/debugging skills with proficiency in one or more of the following: Java, JavaScript, HTML, XML, PHP, ASP.NET, AJAX, JSON, Objective-C.

  • Expert-level experience and very details technical knowledge in at least 3 of the following areas: general information security; security engineering; application architecture; authentication and security protocols; application session management; applied cryptography; common communication protocols; mobile frameworks, single sign-on technologies; exploit automation platforms; RESTful web services

  • Demonstrated ability to learn and apply critical thinking to a variety of situations

  • One or more of the following certifications: CISSO, GWAPT, CEH, OSCP (or qualified work experience)

  • Strong scripting skills (e.g. Python, Perl, Shell script, JavaScript

  • Experience as a developer

  • Mobile programming abilities such as Xcode, Objective-C

  • Knowledge of a Structured Query Language

Specific Skillsets Desired:

  • Expert in performing Application Security, Penetration Tester (Web, Mobile, WebServices) with deep understanding of risks associated with application security vulnerabilities.
  • SME Level knowledge in the use of Application Security Scan Tools (ie BURP, AppScan, WebInspect, SOAP UI or etc)
  • Certifications (OSCP, OSCE a plus)

BS/MS in Computer Science (or relevant work experience in a large scale IT environment)

Posting Date: 08/30/2018

Location: Denver, CO, Union Station, 1801 16th St, Chicago, IL, 135 S LA SALLE ST (IL4135), - United States

Travel: Yes, 5% of the time

Full / Part-time: Full time

Hours Per Week: 40

Shift: 1st shift


upload resume icon
See if you are a match!

See how well your resume matches up to this job - upload your resume now.

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Ethical Hacker (Manual Penetration Testing)

Proenlist

Posted Yesterday

VIEW JOBS 1/17/2019 12:00:00 AM 2019-04-17T00:00 <span style="font-size:12px;"><span style="font-family:tahoma,geneva,sans-serif;"><strong>Position Overview: </strong></span></span> <ul> <li style="padding: 0; margin: 0;"><span style="font-size:12px;"><span style="font-family:tahoma,geneva,sans-serif;">The Cyber Security Defense (CSD) function within Global Information Security is responsible for all aspects of threat intelligence and monitoring, application and network security, and insider threat. In addition, the CSD team drives out the enterprise-wide cyber exercise program.</span></span></li> <li style="padding: 0; margin: 0;"><span style="font-size:12px;"><span style="font-family:tahoma,geneva,sans-serif;">The Ethical Hacking Analyst will join a dynamic team of world class security experts to conduct application security/penetration tests of our internal/external web, mobile and web service applications, leveraging both manual techniques as well as automated tools in order to uncover and report security vulnerabilities that exist.</span></span></li> <li style="padding: 0; margin: 0;"><span style="font-size:12px;"><span style="font-family:tahoma,geneva,sans-serif;">You will be knowledgeable with business risks associated to common security vulnerabilities and to be able to effectively communicate security vulnerabilities to application developers and/or senior managers who may have little to no experience with application security vulnerabilities.</span></span></li> <li style="padding: 0; margin: 0;"><span style="font-size:12px;"><span style="font-family:tahoma,geneva,sans-serif;">The ability to work independently in a very large scale, enterprise setting is a great skill to possess. Previous experience as an application security professional with a large Financial Institution a plus.</span></span></li> </ul> <br /> <span style="font-size:12px;"><span style="font-family:tahoma,geneva,sans-serif;"><b>Required Skills:</b></span></span> <ul> <li style="padding: 0; margin: 0;"><span style="font-size:12px;"><span style="font-family:tahoma,geneva,sans-serif;">Expert in performing Application Security, Penetration Tester (Web, Mobile, WebServices) with deep understanding of risks associated with application security vulnerabilities.</span></span></li> <li style="padding: 0; margin: 0;"><span style="font-size:12px;"><span style="font-family:tahoma,geneva,sans-serif;">SME Level knowledge in the use of Application Security Scan Tools (ie BURP, AppScan, WebInspect, SOAP UI or etc)</span></span></li> <li style="padding: 0; margin: 0;"><span style="font-size:12px;"><span style="font-family:tahoma,geneva,sans-serif;">Certifications (OSCP, OSCE a plus)</span></span></li> <li style="padding: 0; margin: 0;"><span style="font-size:12px;"><span style="font-family:tahoma,geneva,sans-serif;">Uncommon, Niche skillset</span></span></li> <li style="padding: 0; margin: 0;"><span style="font-size:12px;"><span style="font-family:tahoma,geneva,sans-serif;">Experience conducting vulnerability assessments, code reviews and penetration tests against web/mobile application technologies, services, platforms and languages to find flaws and exploits (e.g. SQL Injection, Cross-Site Scripting, Cross-Site Request Forgery, Clickjacking, Authentication/Authorization, Privilege Escalation, Business Logic Bypass, OWASP Top 10, SANS Top 25 etc)</span></span></li> <li style="padding: 0; margin: 0;"><span style="font-size:12px;"><span style="font-family:tahoma,geneva,sans-serif;">Knowledge of network and Web related protocols/technologies</span></span></li> <li style="padding: 0; margin: 0;"><span style="font-size:12px;"><span style="font-family:tahoma,geneva,sans-serif;">Ability to demonstrate manual web application testing experience</span></span></li> <li style="padding: 0; margin: 0;"><span style="font-size:12px;"><span style="font-family:tahoma,geneva,sans-serif;">Experience with web application vulnerability scanning tools (e.g. IBM AppScan, HP Webinspect, Accuntix, NTO Spider, Burpsuite Pro etc.)</span></span></li> <li style="padding: 0; margin: 0;"><span style="font-size:12px;"><span style="font-family:tahoma,geneva,sans-serif;">Experience with vulnerability assessment tools and penetration testing techniques (e.g. web application proxies, packet capture analysis software, browser extensions, advanced penetration testing Linux distributions, static source code analyzers, SoapUI etc.)</span></span></li> <li style="padding: 0; margin: 0;"><span style="font-size:12px;"><span style="font-family:tahoma,geneva,sans-serif;">Experience of penetration testing on mobile platforms such as iOS, Android, Windows and RIM.</span></span></li> <li style="padding: 0; margin: 0;"><span style="font-size:12px;"><span style="font-family:tahoma,geneva,sans-serif;">Solid programming/debugging skills with proficiency in one or more of the following: Java, JavaScript, HTML, XML, PHP, ASP.NET, AJAX, JSON, Objective-C.</span></span></li> <li style="padding: 0; margin: 0;"><span style="font-size:12px;"><span style="font-family:tahoma,geneva,sans-serif;">Expert-level experience and very details technical knowledge in at least 3 of the following areas: general information security; security engineering; application architecture; authentication and security protocols; application session management; applied cryptography; common communication protocols; mobile frameworks, single sign-on technologies; exploit automation platforms; RESTful web services</span></span></li> <li style="padding: 0; margin: 0;"><span style="font-size:12px;"><span style="font-family:tahoma,geneva,sans-serif;">Demonstrated ability to learn and apply critical thinking to a variety of situations</span></span></li> <li style="padding: 0; margin: 0;"><span style="font-size:12px;"><span style="font-family:tahoma,geneva,sans-serif;">One or more of the following certifications: CISSO, GWAPT, CEH, OSCP (or qualified work experience)</span></span></li> <li style="padding: 0; margin: 0;"><span style="font-size:12px;"><span style="font-family:tahoma,geneva,sans-serif;">Strong scripting skills (e.g. Python, Perl, Shell script, JavaScript</span></span></li> <li style="padding: 0; margin: 0;"><span style="font-size:12px;"><span style="font-family:tahoma,geneva,sans-serif;">Experience as a developer</span></span></li> <li style="padding: 0; margin: 0;"><span style="font-size:12px;"><span style="font-family:tahoma,geneva,sans-serif;">Mobile programming abilities such as Xcode, Objective-C</span></span></li> <li style="padding: 0; margin: 0;"><span style="font-size:12px;"><span style="font-family:tahoma,geneva,sans-serif;">Knowledge of a Structured Query Language</span></span></li> </ul> Proenlist Chicago IL

Cybersecurity Ethical Hacking Analyst

Expired Job

Bank Of America Corporation