Bank of America Information Security Ethical Hacker in Chicago, Illinois

Job Description:

Global Information Security’s Operation Control Testing (OCT) will improve Bank of America's security posture by employing advanced assessment techniques to identify control weaknesses across the Enterprise. The Operation Control Testing (OCT) will conduct active control assessments to reduce audit findings, establish non-biased, automated QA testing, and perform security control exploitation tests. The assessment methodology will ensure FFIEC regulatory requirements for independently testing key security controls are met.

Required Skills:

  • Mastery of Operating Systems - Wintel & Linux

  • Knowledge of Networking & Network Protocols -TCP/IP, HTTP, HTTPS

  • Knowledge of Pen Testing tools for Domain Name Service (DNS) – Nslookup, Dig, DNS Harvesting, Fierce Domain Scanner, DNSRecon

  • Knowledge of Known Vulnerabilities - Heartbleed, Shellshock, Poodle, SQL Injection, Blind SQL Injection

  • Knowledge of Industry Standard Security Control Tools - FireEye, Symantec Data Loss Prevention (Vontu), Proof Point, Guardium, Bluecoat, ARBOR, WAF

  • Self Motivated & Ability to think Outside the Box (imaginative, Creative, Innovative,

  • Resourceful)

  • Strong Communication skills with ability to present technical findings at high level to non-technical senior leaders

  • Strong Presentation & Documentation skills

  • Experience with:

  • SQL Injection

  • Cross Site Scripting

  • Cross Site Request Forgery

  • Buffer Overflow

  • Man-in-the-middle techniques

  • Disassembly/Reverse Engineering

  • Tools. (One or more of the following required)

  • Nessus

  • Burp Suite Pro


  • AppScan

  • Metasploit

  • Nmap

  • Familiarity with both Microsoft and Unix/Linux platforms

Desired Skills:

  • Certifications (One or more of the following preferred): CISSP, CISA, CEH, GPEN, OSCP, SANS Security Background

  • Highly Skilled at Networking Typology

  • Highly Skilled at Ethical Hacking

  • Strong Security Control Understanding

  • Highly Skilled Unix, Linux, and Windows

  • Highly Skilled in Database and Code Review

  • Well Organized

  • Risk Management Understanding

  • Technical Background

  • Well Spoken

  • Strong Technical Writer

  • Self Motivated

  • Intuitive

  • Outside the Box Thinker

  • Emerging Threats and Zero-Day Exploits

  • Languages. (Preferred)

  • .NET

  • Java

  • PHP

  • Python

  • Perl

Enterprise Role Overview

Key individual contributor, with accountability for researching, designing, engineering, implementing, and supporting information security & directory technology systems (software & hardware). Utilizes in-depth technical knowledge and business requirements to design & implement secure solutions to meet customer / client needs while protecting the Bank's assets. Develops and implements security standards, procedures, and guidelines for multiple platforms and diverse environment (e.g. client server, distributed, mainframe, etc.). Exercises judgment within broadly defined practices and policies in selecting methods, techniques, and evaluation criterion for obtaining results. Work leadership may be provided by assigning work and resolving problems. Typically 5-7 years of IT experience.

Posting Date : 08/07/2017

Location : US-CA-Simi Valley, US-IL-Chicago, US-NC-Charlotte, US-TX-Addison

Travel : Yes, 5% of the time

Full / Part-time : Full time

Hours Per Week : 40

Shift : 1st shift

Assistance for Applicants with Disabilities

Bank of America is committed to ensuring that our online application process provides an equal employment opportunity to all job seekers, including individuals with disabilities. If you believe you need a reasonable accommodation in order to search for a job opening or to submit an application, please visit the Applicants with Disabilities page at .

Diversity & Inclusion

At Bank of America, our commitment to diversity and inclusion is helping us to create not only a great place to work, but also an environment where our employees, our customers and our communities around the world can reach their goals and connect with each other. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.

Frequently Asked Questions

Need to know how to apply online, view a list of your submitted job applications or reset your password? Visit our FAQ at section for answers to these questions and more.