Bank of America Ethical Hacking Analyst in Denver, Colorado
Ethical Hacking Analyst
Addison, Texas;Denver, Colorado
The Ethical Hacking Analyst will join a dynamic team of world class security experts to conduct application security assessments and penetration testing of our internal/external web applications, leveraging both manual techniques as well as automated tools in order to identify and report security vulnerabilities that may exist.
Successful candidate will be knowledgeable with business risks associated to common security vulnerabilities and be able to effectively communicate security vulnerabilities across a broad spectrum audience ranging from application developers to business managers with limited experience in application security.
• BS/MS in Computer Science (or equivalent work experience)
• Persistent sense of technical curiosity how applications work and a demonstrated ability to think through process bypasses
• Experience conducting vulnerability assessments, secure code reviews and penetration testing against web application technologies
• Knowledge of web and network related protocols/technologies
• Ability to demonstrate manual web application testing experience
• Desire to learn and an aptitude for executing critical thinking in a variety of situations
• Excellent organizational skills
• Ability to communicate efficiently and simplify complex IT scenarios
• Ability to work independently in a large scale enterprise environment
• Professional experience working in an application security role within a large financial institution
• Experience with web application vulnerability scanning tools (e.g. IBM AppScan, HP Webinspect, Acunetix, NTO Spider, Burpsuite Pro, etc.)
• Experience with vulnerability assessment tools and penetration testing techniques (e.g. web application proxies, packet capture analysis software, browser extensions, advanced penetration testing Linux distributions, static source code analyzers, etc.)
• Experience in the following areas: general information security; security engineering; application architecture; authentication and security protocols; application session management; applied cryptography; common communication protocols; single sign-on technologies; exploit automation platforms
• One or more of the following certifications: CISSP, GWAPT, GPEN, CEH, OSCP
1st shift (United States of America)
Hours Per Week:
Learn more about this role
Manages People: No
Talent Acquisition Contact:
Bank of America and its affiliates consider for employment and hire qualified candidates without regard to race, religious creed, religion, color, sex, sexual orientation, genetic information, gender, gender identity, gender expression, age, national origin, ancestry, citizenship, protected veteran or disability status or any factor prohibited by law, and as such affirms in policy and practice to support and promote the concept of equal employment opportunity and affirmative action, in accordance with all applicable federal, state, provincial and municipal laws. The company also prohibits discrimination on other bases such as medical condition, marital status or any other factor that is irrelevant to the performance of our teammates.
To view the "EEO is the Law" poster, CLICK HERE at https://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf .
To view the "EEO is the Law" Supplement, CLICK HERE at https://www.dol.gov/ofccp/regs/compliance/posters/pdf/OFCCPEEOSupplementFinalJRFQA508c.pdf .
Bank of America aims to create a workplace free from the dangers and resulting consequences of illegal and illicit drug use and alcohol abuse. Our Drug-Free Workplace and Alcohol Policy (“Policy”) establishes requirements to prevent the presence or use of illegal or illicit drugs or unauthorized alcohol on Bank of America premises and to provide a safe work environment.
To view Bank of America’s Drug-free workplace and alcohol policy, CLICK HERE .