Manual Ethical Hacker

**Your background**
- Experience in conducting Threat Modeling
- Knowledge of network and Web related protocols/technologies
- Experience of penetration testing on mobile platforms such as iOS, Android, Windows and RIM.
- Solid programming/debugging skills with proficiency in one or more of the following: Java, JavaScript, HTML, XML, PHP, ASP.NET, AJAX, JSON, Objective-C
- Strong scripting skills (e.g. Python, Perl, Shell script, JavaScript)
- Mobile programming abilities such as Xcode, Objective-C
- Knowledge of a Structured Query Language

Competencies:

- The ability to work independently and as part of a team, in a very large scale, enterprise setting
- Intellectually Curious
- Consistently thinks like a threat actor
- Ability to clearly communicate (written & verbal) business risk associated with a given vulnerability
- Adaptable & Flexible approach to work

Qualifications:

- BS/MS in Computer Science (or relevant work experience in a large scale IT environment)
- Additionally penetration testing specific qualifications would preferably include one or more from the following list:

- CREST Registered Penetration Testers (CRT)
- CREST Certified Web Application Tester
- Offensive Security Certified Professional (OSCP)
- Offensive Security Certified Expert (OSCE)
- Offensive Security Exploitation Expert (OSEE)
- Offensive Security Web Expert (OSWE)
- SANS GIAC Penetration Tester (GPEN)
- SANS GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
- SANS GIAC Web Application Penetration Tester (GWAPT)
- Certified Ethical Hacker (CEH)

**What you can expect**

**What you will do**

Responsibilities include, but are not limited to:

- Monitoring existing and proposed security standard setting groups
- Conducting meetings to communicate the findings and implications to stakeholders
- Performing vulnerability fix verification testing in support of the remediation
- Providing technical support to clients, management and staff throughout risk assessments and the implementation of appropriate data security procedures and products
- Acting as a SME, providing guidance and knowledge to reduce the vulnerabilities and risk when apps are being created
- Sharing knowledge with technical and non-technical colleagues directly and through training sessions
- Ensuring identified risks are managed effectively
- Contributing to the development and enhancement of the control function
- Translate requirements into test plan, write and execute test scripts or codes in line with standards and procedures to determine vulnerability to attacks.

**About Bank of America**

Our purpose as a firm is to make financial lives better, through the power of every connection. Across the world, we partner with leading corporate and institutional investors through our offices in more than 35 countries. In the U.S. alone, we serve almost all of the Fortune 500 companies and approximately 67 million consumer and small-business clients. We provide a full suite of financial products and services, from banking and investments to asset and risk management. We cover a broad range of asset classes, making us a global leader in corporate and investment banking, sales and trading.

**Connecting Asia Pacific to the world**

Our Asia Pacific team is spread across 19 cities in 12 markets. We are focused on connecting Asia to the world and the world to Asia, using our global expertise to ensure success is shared between us, our clients and our communities. Our regional footprint covers 12 currencies, more than a dozen languages and five time zones, placing us firmly among the region’s leading financial services companies.