Manual Ethical Hacking Specialist, Global Information Security
2 months ago
Your background
Skills:
· Experience in conducting vulnerability assessments, code reviews and penetration tests against web/mobile application technologies, services, platforms and languages to find flaws and exploits (e.g. SQL Injection, Cross-Site Scripting, Cross-Site Request Forgery, Remote Code Execution, Authentication/Authorization, Privilege Escalation, Business Logic Bypass, etc.)
· Experience in conducting Threat Modeling
· Knowledge of network and Web related protocols/technologies
· Experience with web application vulnerability scanning tools (e.g. IBM AppScan, NetSparker, Burp Suite Pro etc.)
· Experience with vulnerability assessment tools and penetration testing techniques (e.g. web application proxies, packet capture analysis software, browser extensions, advanced penetration testing Linux distributions, static source code analyzers, SoapUI etc.)
· Experience of penetration testing on mobile platforms such as iOS, Android, Windows and RIM.
· Solid programming/debugging skills with proficiency in one or more of the following: Java, JavaScript, HTML, XML, PHP, ASP.NET, AJAX, JSON, Objective-C
· Strong scripting skills (e.g. Python, Perl, Shell script, JavaScript)
· Mobile programming abilities such as Xcode, Objective-C
· Knowledge of a Structured Query Language
· Expert-level experience and very detailed technical knowledge in at least 3 of the following areas: general information security; security engineering; application architecture; authentication and security protocols; application session management; applied cryptography; common communication protocols; mobile frameworks, single sign-on technologies; exploit automation platforms; RESTful web services
Competencies:
· The ability to work independently and as part of a team, in a very large scale, enterprise setting
· Previous experience as an application security professional with a large Financial Institution is a plus
· Intellectually Curious
· Consistently thinks like a threat actor
· Demonstrated ability to learn and apply critical thinking to a variety of situations
· Ability to clearly communicate (written & verbal) business risk associated with a given vulnerability
· Adaptable & Flexible approach to work
· Ability to demonstrate manual web application testing experience
Qualifications:
· BS/MS in Computer Science (or relevant work experience in a large scale IT environment)
· Additionally penetration testing specific qualifications would preferably include one or more from the following list:
o CREST Registered Penetration Testers (CRT)
o CREST Certified Web Application Tester
o Offensive Security Certified Professional (OSCP)
o Offensive Security Certified Expert (OSCE)
o Offensive Security Exploitation Expert (OSEE)
o Offensive Security Web Expert (OSWE)
o SANS GIAC Penetration Tester (GPEN)
o SANS GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
o SANS GIAC Web Application Penetration Tester (GWAPT)
o Certified Ethical Hacker (CEH)
What you can expect
The Cyber Security Assurance (CSA) department is responsible for providing an uncompromised technology and application environment for employees, customers, clients, and shareholders through continuous comprehensive cyber security testing. CSA consists of multiple assessment teams that focuses on different technology, platform, and stakeholders.
As a Manual Ethical Hacking Specialist, you will join a dynamic team of world class security experts to conduct application security/penetration tests of our internal/external web, mobile and web service applications, leveraging both manual techniques as well as automated tools in order to uncover and report security vulnerabilities that exist.
You will be knowledgeable with business risks associated with common security vulnerabilities and be able to effectively communicate security vulnerabilities to application developers and/or senior managers who may have little to no experience with application security vulnerability specifics.
What you will do
Responsibilities include, but are not limited to:
· Understanding the requirements of the applications and how to use them
· Testing applications using a variety of tools to identify vulnerabilities that could expose the Bank to risk
· Monitoring existing and proposed security standard setting groups
· Conducting meetings to communicate the findings and implications to stakeholders
· Performing vulnerability fix verification testing in support of the remediation
· Providing technical support to clients, management and staff throughout risk assessments and the implementation of appropriate data security procedures and products
· Acting as a SME, providing guidance and knowledge to reduce the vulnerabilities and risk when apps are being created
· Sharing knowledge with technical and non-technical colleagues directly and through training sessions
· Ensuring identified risks are managed effectively
· Contributing to the development and enhancement of the control function
· Design and perform tests and check cases to determine if infrastructure components, systems and applications meet confidentiality, integrity, authentication, availability, authorization, and non-repudiation standards.
· Translate requirements into test plan, write and execute test scripts or codes in line with standards and procedures to determine vulnerability to attacks.
· Certify infrastructure components, systems and applications that meet security standards.
About Bank of America
Our purpose as a firm is to make financial lives better, through the power of every connection. Across the world, we partner with leading corporate and institutional investors through our offices in more than 35 countries. In the U.S. alone, we serve almost all of the Fortune 500 companies and approximately 67 million consumer and small-business clients. We provide a full suite of financial products and services, from banking and investments to asset and risk management. We cover a broad range of asset classes, making us a global leader in corporate and investment banking, sales and trading.
Connecting Asia Pacific to the world
Our Asia Pacific team is spread across 19 cities in 12 markets. We are focused on connecting Asia to the world and the world to Asia, using our global expertise to ensure success is shared between us, our clients and our communities. Our regional footprint covers 12 currencies, more than a dozen languages and five time zones, placing us firmly among the region’s leading financial services companies.
Tell employers what skills you have
Web Service
Application Architecture
Application Security
Vulnerability Scanning
Exploitation
Cryptography
Penetration Testing
Xcode
Aspnet Ajax
Vulnerability Assessment
Burp Suite
Threat Modeling
We have other current jobs related to this field that you can find below
-
Information Security Specialist
3 weeks ago
Singapore Castlery Full timeCastlery is looking for an Information Security Specialist to join our Information Security team, which is a newly created team that manages IT and Information Security for Castlery's global operations and technology infrastructure.In this newly created role, the Information Security Specialist would be one of the pioneer members that would help plan, drive,...
-
Singapore AMBITION GROUP SINGAPORE PTE. LTD. Full timeRoles & ResponsibilitiesSenior Information Security Compliance Specialist for a Leading Global Law FirmLeading Global Law FirmOpportunity to drive Information Security Compliance and ensure Data Protection and GovernanceRegional Exposure and Opportunity to Travel to Regional and Global OfficesOur client, a distinguished global law firm with a presence in 29...
-
Information Security Specialist
3 weeks ago
Singapore Capital Group Companies Full timeRole Summary: Reporting into the Regional Head of Information Security, APAC, the Information Security Specialist will be supporting the RISO in aligning control standards of the enterprise Information Security program with cyber regulatory requirements in APAC and other Capital Group operating locales.Partnering closely with regional L&C and the Office of...
-
Security Specialist
3 weeks ago
Singapore SQUAREPOINT OPERATIONS PRIVATE LIMITED Full timePosition: IT Security Specialist**Business Area: Technology OperationsSquarepoint is a global investment management firm that utilizes a diversified portfolio of systematic and quantitative strategies across financial markets that seeks to achieve high quality, uncorrelated returns for our clients. We have deep expertise in trading, technology and operations...
-
Information Technology Security Specialist
3 weeks ago
Singapore EXASOFT PTE. LTD. Full timeAs an Information Technology Security Specialist (Network/System), you will be responsible for implementing and maintaining robust security measures to protect our network and system infrastructure from cyber threats, unauthorized access, and data breaches. You will work closely with cross-functional teams to assess security risks, develop mitigation...
-
Investigator, Ethics
3 weeks ago
Singapore LENOVO (SINGAPORE) PTE. LTD. Full timeRoles & ResponsibilitiesDescription and Requirements To help enforce our core values of integrity and trust, Lenovo is seeking an experienced investigator to play a key role in Lenovo's global ethics and compliance program. The position will be based in Singapore reporting to the Investigations Manager in Ethics & Compliance. This role will support the...
-
Lead Information Security Specialist
3 weeks ago
Singapore Singtel Full timeLead Information Security Specialist:Date:28 Aug 2023Location: Singapore, SingaporeCompany:Singtel Group At Singtel, our mission is to Empower Every Generation. We are dedicated to fostering an equitable and forwardthinking work environment where our employees experience a strong sense of Belonging, to make meaningful Impact and Grow both personally and...
-
Information Security
3 weeks ago
Singapore Bank of Singapore Full timeAt Bank of Singapore, we are constantly on the lookout for exceptional individuals to join our team. We promote a culture of openness, teamwork and fairness. Most importantly, we invest in our people through our programmes that develop them on both professional and personal levels. Besides attractive remuneration packages, we offer non-financial benefits and...
-
Offensive Security Consultants
3 weeks ago
Singapore Ambition Full timeJob details:Posted 28 March 2024SalaryS$ S$ per month + BonusLocationSingaporeJob type PermanentDisciplineTechnologyReference272306_ Join us in the fight against digital dastardliness.WANTED: Penetration Tester Extraordinaires. I am on the hunt for (Senior) Security Consultants - Penetration Testers.But not just any run-of-the-mill hacker. We need someone...
-
Information Governance Specialist
3 weeks ago
Singapore TikTok Full timeResponsibilitiesTikTok is the leading destination for short-form mobile video. Our mission is to inspire creativity and bring joy. TikTok has global offices including Los Angeles, New York, London, Paris, Berlin, Dubai, Singapore, Jakarta, Seoul and Tokyo.Why Join UsCreation is the core of TikTok's purpose. Our platform is built to help imaginations thrive....
-
Information Technology
3 weeks ago
Singapore Singapore Airlines Limited Full timeJob Description You will be a member of the Group Information Security Team responsible for responding to threats and incidents to the corporate networks, systems (on-prem and cloud) and digital assets.Key Responsibilities:• Lead and drive major incidents towards mitigation and resolution with multiple counterparts• Manage and track incidents from...
-
Information Technology
3 weeks ago
Singapore Singapore Airlines Limited Full timeJob DescriptionYou will be a member of the Group Information Security Team responsible for ensuring that IT solutions (both applications and infrastructure) are developed and designed with security inbuilt. Key Responsibilities • Provide security consultancy, technical guidance, expertise, solutioning and education for en-terprise.• Advise application...
-
Information Technology
3 weeks ago
Singapore Singapore Airlines Limited Full timeJob Description You will be a member of the Group Information Security Team responsible for initiating, implementing and maintaining security products and solutions to support enterprise security.Key Responsibilities Subject matter expert (SME) for the security systems owned by the Information Security Team. Ensure security systems are utilised to their...
-
Information Technology
3 weeks ago
Singapore Singapore Airlines Full timeYou will be a member of the Group Information Security Team (with Scoot) responsible for responding to threats and incidents to the corporate networks, systems and digital assets.Key Responsibilities include: Respond, assess and investigate security events. Perform indepth analyse and assess vulnerabilities, IOCs, cyber security intelligence, forensics and...
-
Senior Information Security Risk Manager
3 weeks ago
Singapore Sygnum Full timeAbout the teamOur CISO team's mission is to be in the vanguard of digital banking security, fostering a safe and prosperous financial future for our stakeholders while setting pioneering new industry standards for security and trust in the digital age.About YouYou are a dedicated and seasoned Information Security Risk Manager, passionate about safeguarding...
-
Cyber Security Specialist
3 weeks ago
Singapore HORIZON SOFTWARE PTE. LTD. Full timeJob briefWe are looking for a Cyber Security Specialist to join our team to work closely withthe stakeholders to ensure that cyber security projects meet objectives across ourorganization. They are responsible for various tasks, including process re- engineering and documentation of activities related to this area.A Cyber Security Specialist's...
-
Security Analysis Senior Specialist
1 month ago
singapore NTT DATA Services Full timeReq ID: 281981 NTT DATA Services strives to hire exceptional, innovative and passionate individuals who want to grow with us. If you want to be part of an inclusive, adaptable, and forward-thinking organization, apply now. We are currently seeking a Security Analysis Senior Specialist to join our team in singapore, Central Singapore (SG-01),...
-
Security Analysis Senior Specialist
3 weeks ago
singapore NTT DATA Services Full timeReq ID: NTT DATA Services strives to hire exceptional, innovative and passionate individuals who want to grow with us. If you want to be part of an inclusive, adaptable, and forward-thinking organization, apply now.We are currently seeking a Security Analysis Senior Specialist to join our team in singapore, Central Singapore (SG-01), Singapore...
-
Regional Cyber Security Specialist
3 weeks ago
Singapore Eames Consulting Full timeRegional Cyber Security SpecialistEames Consulting Singapore Posted 2 days ago Permanent up to $120,000 per annum + bonus Regional Cyber Security Specialist Job DescriptionAre you an experienced cyber security professional with strong technical knowledge in security engineering and architecture, and have progressed on to roles that are focused on cyber...
-
Information Security Analyst
3 weeks ago
Singapore Techfellow Full timeAPAC, SingaporePermanentJob ID: 2019[c. S$150k Comp Package, Hybrid Working]Seize an opportunity to join a prestigious high-frequency proprietary trading firm, seeking to bolster their Global Cybersecurity team in Singapore. As an Information Security Analyst, your role will transcend merely improving the firm's security stance. Through diligent monitoring,...
