Ethical Hacking Analyst

Company: Bank of America
Location: Charlotte
Posted on: January 16, 2022

Job Description:

Job Description:The Ethical Hacking Analyst will join a dynamic team of world class security experts to conduct application security/penetration tests of our internal/external web, mobile, web service applications, and evaluations of assessments performed by vendor third parties, leveraging both manual techniques as well as automated tools in order to uncover and report security vulnerabilities that exist. You will be knowledgeable with business risks associated to common security vulnerabilities and to be able to effectively communicate security vulnerabilities to application developers and/or senior managers who may have little to no experience with application security vulnerabilities. The ability to work independently in a very large scale, enterprise setting is a great skill to possess. Previous experience as an application security professional with a large Financial Institution a plus. Required Skills:

BS/MS in Computer Science (or relevant work experience in a large scale IT environment)
Experience conducting vulnerability assessments, code reviews and penetration tests against web/mobile application technologies, services, platforms and languages to find flaws and exploits (e.g. SQL Injection, Cross-Site Scripting, Cross-Site Request Forgery, Clickjacking, Authentication/Authorization, Privilege Escalation, Business Logic Bypass, OWASP Top 10, SANS Top 25 etc)
Knowledge of network and Web related protocols/technologies
Ability to demonstrate manual web application testing experience
Experience with web application vulnerability scanning tools (e.g. IBM AppScan, HP Webinspect, Acunetix, NTO Spider, Burpsuite Pro etc.)
Experience with vulnerability assessment tools and penetration testing techniques (e.g. web application proxies, packet capture analysis software, browser extensions, advanced penetration testing Linux distributions, static source code analyzers, SoapUI etc.)
Experience of penetration testing on mobile platforms such as iOS, Android, Windows and RIM.
Solid programming/debugging skills with proficiency in one or more of the following: Java, JavaScript, HTML, XML, PHP, ASP.NET, AJAX, JSON, Objective-C.
Expert-level experience and very details technical knowledge in at least 3 of the following areas: general information security; security engineering; application architecture; authentication and security protocols; application session management; applied cryptography; common communication protocols; mobile frameworks, single sign-on technologies; exploit automation platforms; RESTful web services
Demonstrated ability to learn and apply critical thinking to a variety of situations
One or more of the following certifications: CISSP, GWAPT, CEH, OSCP (or qualified work experience)
Strong scripting skills (e.g. Python, Perl, Shell script, JavaScript
Experience as a developer
Mobile programming abilities such as Xcode, Objective-C
Knowledge of a Structured Query Language Enterprise Role Overview:Analyzes, improves, implements, and executes security controls proactively to prevent external threat actors from infiltrating company information or systems. Researches more advanced and complex attempts/efforts to compromise security protocols. Maintains or reviews security systems, assesses security policies that control access to systems, and provides regular status updates to the management team. Typically has 5-10 years of relevant experience and will act as an individual contributor.Job Band:H5Shift: -1st shift (United States of America)Hours Per Week:40Weekly Schedule:Referral Bonus Amount:0 --> Job Description:The Ethical Hacking Analyst will join a dynamic team of world class security experts to conduct application security/penetration tests of our internal/external web, mobile, web service applications, and evaluations of assessments performed by vendor third parties, leveraging both manual techniques as well as automated tools in order to uncover and report security vulnerabilities that exist. You will be knowledgeable with business risks associated to common security vulnerabilities and to be able to effectively communicate security vulnerabilities to application developers and/or senior managers who may have little to no experience with application security vulnerabilities. The ability to work independently in a very large scale, enterprise setting is a great skill to possess. Previous experience as an application security professional with a large Financial Institution a plus. Required Skills:
- BS/MS in Computer Science (or relevant work experience in a large scale IT environment)
- Experience conducting vulnerability assessments, code reviews and penetration tests against web/mobile application technologies, services, platforms and languages to find flaws and exploits (e.g. SQL Injection, Cross-Site Scripting, Cross-Site Request Forgery, Clickjacking, Authentication/Authorization, Privilege Escalation, Business Logic Bypass, OWASP Top 10, SANS Top 25 etc)
- Knowledge of network and Web related protocols/technologies
- Ability to demonstrate manual web application testing experience
- Experience with web application vulnerability scanning tools (e.g. IBM AppScan, HP Webinspect, Acunetix, NTO Spider, Burpsuite Pro etc.)
- Experience with vulnerability assessment tools and penetration testing techniques (e.g. web application proxies, packet capture analysis software, browser extensions, advanced penetration testing Linux distributions, static source code analyzers, SoapUI etc.)
- Experience of penetration testing on mobile platforms such as iOS, Android, Windows and RIM.
- Solid programming/debugging skills with proficiency in one or more of the following: Java, JavaScript, HTML, XML, PHP, ASP.NET, AJAX, JSON, Objective-C.
- Expert-level experience and very details technical knowledge in at least 3 of the following areas: general information security; security engineering; application architecture; authentication and security protocols; application session management; applied cryptography; common communication protocols; mobile frameworks, single sign-on technologies; exploit automation platforms; RESTful web services
- Demonstrated ability to learn and apply critical thinking to a variety of situations
- One or more of the following certifications: CISSP, GWAPT, CEH, OSCP (or qualified work experience)
- Strong scripting skills (e.g. Python, Perl, Shell script, JavaScript
- Experience as a developer
- Mobile programming abilities such as Xcode, Objective-C
- Knowledge of a Structured Query Language Enterprise Role Overview:Analyzes, improves, implements, and executes security controls proactively to prevent external threat actors from infiltrating company information or systems. Researches more advanced and complex attempts/efforts to compromise security protocols. Maintains or reviews security systems, assesses security policies that control access to systems, and provides regular status updates to the management team. Typically has 5-10 years of relevant experience and will act as an individual contributor.Job Band:H5Shift: -1st shift (United States of America)Hours Per Week:40Weekly Schedule:Referral Bonus Amount:0 Job Description: The Ethical Hacking Analyst will join a dynamic team of world class security experts to conduct application security/penetration tests of our internal/external web, mobile, web service applications, and evaluations of assessments performed by vendor third parties, leveraging both manual techniques as well as automated tools in order to uncover and report security vulnerabilities that exist. You will be knowledgeable with business risks associated to common security vulnerabilities and to be able to effectively communicate security vulnerabilities to application developers and/or senior managers who may have little to no experience with application security vulnerabilities. The ability to work independently in a very large scale, enterprise setting is a great skill to possess. Previous experience as an application security professional with a large Financial Institution a plus. Required Skills:
  - BS/MS in Computer Science (or relevant work experience in a large scale IT environment)
  - Experience conducting vulnerability assessments, code reviews and penetration tests against web/mobile application technologies, services, platforms and languages to find flaws and exploits (e.g. SQL Injection, Cross-Site Scripting, Cross-Site Request Forgery, Clickjacking, Authentication/Authorization, Privilege Escalation, Business Logic Bypass, OWASP Top 10, SANS Top 25 etc)
  - Knowledge of network and Web related protocols/technologies
  - Ability to demonstrate manual web application testing experience
  - Experience with web application vulnerability scanning tools (e.g. IBM AppScan, HP Webinspect, Acunetix, NTO Spider, Burpsuite Pro etc.)
  - Experience with vulnerability assessment tools and penetration testing techniques (e.g. web application proxies, packet capture analysis software, browser extensions, advanced penetration testing Linux distributions, static source code analyzers, SoapUI etc.)
  - Experience of penetration testing on mobile platforms such as iOS, Android, Windows and RIM.
  - Solid programming/debugging skills with proficiency in one or more of the following: Java, JavaScript, HTML, XML, PHP, ASP.NET, AJAX, JSON, Objective-C.
  - Expert-level experience and very details technical knowledge in at least 3 of the following areas: general information security; security engineering; application architecture; authentication and security protocols; application session management; applied cryptography; common communication protocols; mobile frameworks, single sign-on technologies; exploit automation platforms; RESTful web services
  - Demonstrated ability to learn and apply critical thinking to a variety of situations
  - One or more of the following certifications: CISSP, GWAPT, CEH, OSCP (or qualified work experience)
  - Strong scripting skills (e.g. Python, Perl, Shell script, JavaScript
  - Experience as a developer
  - Mobile programming abilities such as Xcode, Objective-C
  - Knowledge of a Structured Query Language Enterprise Role Overview:Analyzes, improves, implements, and executes security controls proactively to prevent external threat actors from infiltrating company information or systems. Researches more advanced and complex attempts/efforts to compromise security protocols. Maintains or reviews security systems, assesses security policies that control access to systems, and provides regular status updates to the management team. Typically has 5-10 years of relevant experience and will act as an individual contributor. Shift:1st shift (United States of America) Hours Per Week: -40

Keywords: Bank of America, Charlotte , Ethical Hacking Analyst, Professions , Charlotte, North Carolina

Click here to apply!

Didn't find what you're looking for? Search again!

Let Charlotte recruiters find you. Post your resume for free!

Get Charlotte Professions jobs via email.

View more Charlotte Professions jobs

Other Professions Jobs

Local Class A CDL Drivers
Description: NEW Incredible rate changes on CPM and Loaded and Unloaded rates Call for more details Job Description: Local Class A CDL Drivers 1,000 Sign On Bonus Premier Transportation considers our drivers to (more...)
Company: Premier Transportation
Location: Kannapolis
Posted on: 01/24/2022

Inventory Clerk
Description: ARE YOU LOOKING FOR YOUR NEXT CAREER OPPORTUNITY CONTACT PEOPLEREADY TODAY br br PeopleReady has immediate openings for Inventory Clerks. An Inventory Clerk is responsible for managing
Company: PeopleReady
Location: Spartanburg
Posted on: 01/24/2022

Owner Operator Truck Driver - $10,000 SIGN-ON BONUS!
Description: Owner Operator Wanted - Great Pay and 10,000 Sign-On Bonus br XPO is now contracting with quality independent owner-operators for drayage service at key rail ramps and ports throughout the United (more...)
Company: XPO Logistics
Location: Kannapolis
Posted on: 01/24/2022

Salary in Charlotte, North Carolina Area | More details for Charlotte, North Carolina Jobs |Salary

CDL A Local Truck Driver, Dry Van
Description: br br This position is for local residents only. br CDL-A Local Truck Driver br Take your truck driving career to a better place and jumpstart your road to success with Red Classic Red Classic (more...)
Company: Red Classic
Location: Kannapolis
Posted on: 01/24/2022

Owner Operator - Earn 72% of the Revenue
Description: Call Today 866 990-5053 br br Owner Operator Truck Driving Job Earn 72 of the Revenue Receive 100 of Fuel Surcharge Earn Weekly Gross 5000 1000 Sign on Bonus br Join Paul Transportation (more...)
Company: Paul Transportation
Location: Kannapolis
Posted on: 01/24/2022

CDL A Local Truck Driver, Dry Van
Description: br br This position is for local residents only. br CDL-A Local Truck Driver br Take your truck driving career to a better place and jumpstart your road to success with Red Classic Red Classic (more...)
Company: Red Classic
Location: Spartanburg
Posted on: 01/24/2022

Transport Driver
Description: Position Summary: Reporting directly to the Dispatch Manager, the Transport Driver is responsible for the safe and efficient delivery of propane to wholesale and retail customer locations. Major Activities: (more...)
Company: Superior Plus Energy Services
Location: Spartanburg
Posted on: 01/24/2022

Regional CDL-A Driver - 2 yrs EXP Req'd - Great Benefits
Description: CDL-A DriverTHE J.L. ROTHROCK DRIVER COMMITEMENT SETS US APARTJ.L. Rothrock believes that a driver s commitment to our company begins with and is reflected in our commitment to them. Get great pay without (more...)
Company: JL Rothrock Trucking
Location: Spartanburg
Posted on: 01/24/2022

Southeast Regional - HOME WEEKLY
Description: br br br Southeast Regional - HOME WEEKLY br br ul li .54 cpm 30 stop pay with a 1,200 GUARANTEED
Company: H & M Trucking Inc
Location: Kannapolis
Posted on: 01/24/2022

Maintenance Technician Lead
Description: Job Overview The Spartanburg operation is a state-of-the-art coffee roasting and pod packaging facility in addition to hosting a full beverage distribution center. Spartanburg is the largest KDRP manufacturing (more...)
Company: Keurig Dr Pepper
Location: Spartanburg
Posted on: 01/24/2022

Loading more jobs...

Ethical Hacking Analyst

Didn't find what you're looking for? Search again!

Other Professions Jobs

Log In or Create An Account