Bank of America Information Security Ethical Hacker in Addison, Texas
Global Information Security’s Operation Control Testing (OCT) will improve Bank of America's security posture by employing advanced assessment techniques to identify control weaknesses across the Enterprise. The Operation Control Testing (OCT) will conduct active control assessments to reduce audit findings, establish non-biased, automated QA testing, and perform security control exploitation tests. The assessment methodology will ensure FFIEC regulatory requirements for independently testing key security controls are met.
Mastery of Operating Systems - Wintel & Linux
Knowledge of Networking & Network Protocols -TCP/IP, HTTP, HTTPS
Knowledge of Pen Testing tools for Domain Name Service (DNS) – Nslookup, Dig, DNS Harvesting, Fierce Domain Scanner, DNSRecon
Knowledge of Known Vulnerabilities - Heartbleed, Shellshock, Poodle, SQL Injection, Blind SQL Injection
Knowledge of Industry Standard Security Control Tools - FireEye, Symantec Data Loss Prevention (Vontu), Proof Point, Guardium, Bluecoat, ARBOR, WAF
Self Motivated & Ability to think Outside the Box (imaginative, Creative, Innovative,
Strong Communication skills with ability to present technical findings at high level to non-technical senior leaders
Strong Presentation & Documentation skills
Cross Site Scripting
Cross Site Request Forgery
Tools. (One or more of the following required)
Burp Suite Pro
Familiarity with both Microsoft and Unix/Linux platforms
Certifications (One or more of the following preferred): CISSP, CISA, CEH, GPEN, OSCP, SANS Security Background
Highly Skilled at Networking Typology
Highly Skilled at Ethical Hacking
Strong Security Control Understanding
Highly Skilled Unix, Linux, and Windows
Highly Skilled in Database and Code Review
Risk Management Understanding
Strong Technical Writer
Outside the Box Thinker
Emerging Threats and Zero-Day Exploits
Enterprise Role Overview
Key individual contributor, with accountability for researching, designing, engineering, implementing, and supporting information security & directory technology systems (software & hardware). Utilizes in-depth technical knowledge and business requirements to design & implement secure solutions to meet customer / client needs while protecting the Bank's assets. Develops and implements security standards, procedures, and guidelines for multiple platforms and diverse environment (e.g. client server, distributed, mainframe, etc.). Exercises judgment within broadly defined practices and policies in selecting methods, techniques, and evaluation criterion for obtaining results. Work leadership may be provided by assigning work and resolving problems. Typically 5-7 years of IT experience.
Posting Date : 08/07/2017
Location : US-CA-Simi Valley, US-IL-Chicago, US-NC-Charlotte, US-TX-Addison
Travel : Yes, 5% of the time
Full / Part-time : Full time
Hours Per Week : 40
Shift : 1st shift
Assistance for Applicants with Disabilities
Bank of America is committed to ensuring that our online application process provides an equal employment opportunity to all job seekers, including individuals with disabilities. If you believe you need a reasonable accommodation in order to search for a job opening or to submit an application, please visit the Applicants with Disabilities page at http://careers.bankofamerica.com/us/applicants-with-disabilities .
Diversity & Inclusion
At Bank of America, our commitment to diversity and inclusion is helping us to create not only a great place to work, but also an environment where our employees, our customers and our communities around the world can reach their goals and connect with each other. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.
Frequently Asked Questions
Need to know how to apply online, view a list of your submitted job applications or reset your password? Visit our FAQ at http://careers.bankofamerica.com/us/faq section for answers to these questions and more.