Senior Manual Ethical Hacker

Job Category: IT and Technology
Job Type: Full Time
Job Location: USA
Salary: $160K/yr - $200K/yr
Company Name: Bank of America

Company Overview

Bank of America is a major global financial institution offering a wide array of banking, investment, asset management, and risk management services to individuals, small businesses, and large corporations. We serve approximately 56 million U.S. consumer and small business clients and are a leading wealth manager and a global force in corporate and investment banking and trading.

(This LinkedIn page is moderated. For details, visit https://bit.ly/32FDdQr. For account help, see https://bit.ly/2GeTIeP.)

About the Job:

At Bank of America, our purpose is to improve financial lives through connection, guided by Responsible Growth. We foster a diverse and inclusive workplace with ample opportunities for learning and career advancement.

The Senior Manual Ethical Hacking role within our Cyber Security Assurance Offensive Security group is a key technical position focused on assessing the security resilience of the bank’s applications against malicious activity.

You will lead and conduct ethical hacking assessments across various technologies (web UI/APIs, mobile, cloud) and their source code, adapting methods to new threats. This involves research, understanding security policies, collaborating with partners, identifying vulnerabilities, and reporting risks. You’ll partner closely with security teams, CIO clients, and multiple business lines.

Key Responsibilities:

  • Analyze internal and external threats to predict future behavior.
  • Incorporate threat actor tactics into offensive security testing to find high-impact vulnerabilities.
  • Develop Proof-of-Concepts for exploitation.
  • Assess the security, effectiveness, and practicality of technology systems.
  • Apply innovative thinking to improve offensive security processes and products.
  • Prepare and present detailed technical information in reports and notifications.
  • Provide clear and practical risk management advice.
  • Develop advanced technical and leadership skills, mentoring junior assessors.
  • Respond to security incidents and provide technical assistance.

Required Skills:

  • Minimum 5+ years of professional pentesting, application security, or ethical hacking experience in a large enterprise.
  • Deep technical knowledge in at least 5 of: security engineering, application architecture, authentication/security protocols, session management, applied cryptography, communication protocols, mobile frameworks, SSO, exploit automation, Web APIs, Cloud, LLM security.
  • Ability to manually identify and reproduce findings, discuss remediation, develop PoCs, use scripting/coding, proficiently use pentesting tools, triage incidents, and produce high-value findings.
  • Strong experience in manual web application assessments (OWASP Top 10).
  • Experience in manual code reviews for security issues.
  • Experience with DAST/SAST tools.
  • Knowledge of network/web protocols (UNIX/LINUX, TCP/IP, Cookies).
  • Experience with vulnerability assessment tools and pentesting techniques.
  • Solid programming/debugging skills, development frameworks, CVE/CWE research.
  • Threat analysis, threat modeling, and SBOM analysis.
  • Innovative thinking and threat actor simulation skills.
  • Technology systems assessment and technical documentation skills.
  • Advisory skills for risk management.

Desired:

  • Relevant certifications (CEH, OSCP, etc.), Port Swigger BSP Academy, Cloud Certifications, INE Pentester Academy.
  • Strong programming/scripting skills.

This job will be open for applications for at least seven days.

Shift: 1st shift (United States of America) Hours Per Week: 40

APPLY

Apply for this position

Allowed Type(s): .pdf, .doc, .docx