Bank of America Application Security Consultant (Java, .NET in Chicago, Illinois
Application Security Consultant (Java, .NET
Denver, Colorado;Annandale, Virginia; Chicago, Illinois; Addison, Texas
Static Application Security Testing (SAST) is the process of scanning source code for security vulnerabilities and manually triaging the results. Dynamic Application Security Testing (DAST) scans running applications for exploitability. The Application Security Consultant at Bank Of America conducts SAST testing, and correlates the results with DAST, to determine the true risk an internally-developed application present to the Bank.
On a daily basis, Application Security Consultants (ASC) will scan the source code of the Bank’s critical Web and mobile applications and manually triage the results. They will correlate these results with DAST and conduct follow-on penetration tests as needed. They will also continuously advise development teams at the Bank on how to remediate issues, including coding proof-of-concept solutions. Application Security Consultants (ASC)will collaborate ona larger Information Security team, which includes ethical hackers and Application Security Engineers (ASE).
Core responsibilities include:
Conducting static analysis (source code scanning)
Correlating static and dynamic analysis results and running dynamic scans(penetration testing)
Advising dev teams on secure coding practices for addressing findings
Coding proof of concepts to demonstrate security remediation
Collaborating with application security engineers to tune scanners
Core languages underanalysis include Javaand .NET (web) and Android and iOS (mobile).
Qualified candidates will have:
Four year degree in computer science or relatedfield and / orfive years' experience inenterprise-grade softwaredevelopment
Extensiveenterprise developmentexperience in Java and/or .NET languages
Provable understandingof enterprise architectures and best practicesfor high-volume,high-availability web / mobile apps
Excellent written and oral communication skills
Experience with Android / iOS mobile platforms
Experience performing codereviews / reviewing resultsof static analysis tools
Knowledge of Common Weakness Enumeration (CWE) and Common Vulnerabilities and Exposures (CVE) and remediation recommendations
Familiarity of vulnerabilities and attackmethods, includingRemote Code Execution(RCE), Cross-SiteScripting (XSS), SQL Injection (SQLi),etc. and howto identify, trace and remediate them
Understanding of OWASP Top 10
Enterprise Role Overview - As an experienced professional, provide advice to client management with regard to moderately complex security issues. Assists in the review, development, testing and implementation of security plans, products and control techniques. Coordinates the reporting data security incidents. Provides technical support to the client and management and staff in risk assessments and implementation of appropriate data security procedures and products. Monitors existing and proposed security standard setting groups. State and Federal legislation and regulations. Identifies and escalates changes that will affect information security policy, standards and procedures. Executes security controls to prevent hackers from infiltrating company information or jeopardizing e-commerce programs. Researches attempted efforts to compromise security protocols. Administers security policies to control access to systems and maintains the company firewall. Works on complex problems where analysis of situations or data requires an in-depth evaluation of various factors. Exercises judgment within broadly defined practices and policies in selecting methods, techniques, and evaluation criterion for obtaining results. Work leadership may be provided by assigning work and resolving problems. Typically 5-7 years of IT experience.
1st shift (United States of America)
Hours Per Week:
Manages People: No
Travel: Yes, 5% of the time
Talent Acquisition Contact:
Bank of America and its affiliates consider for employment and hire qualified candidates without regard to race, religious creed, religion, color, sex, sexual orientation, genetic information, gender, gender identity, gender expression, age, national origin, ancestry, citizenship, protected veteran or disability status or any factor prohibited by law, and as such affirms in policy and practice to support and promote the concept of equal employment opportunity and affirmative action, in accordance with all applicable federal, state, provincial and municipal laws. The company also prohibits discrimination on other bases such as medical condition, marital status or any other factor that is irrelevant to the performance of our teammates.
To view the "EEO is the Law" poster, CLICK HERE at https://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf .
To view the "EEO is the Law" Supplement, CLICK HERE at https://www.dol.gov/ofccp/regs/compliance/posters/pdf/OFCCPEEOSupplementFinalJRFQA508c.pdf .
Bank of America aims to create a workplace free from the dangers and resulting consequences of illegal and illicit drug use and alcohol abuse. Our Drug-Free Workplace and Alcohol Policy (“Policy”) establishes requirements to prevent the presence or use of illegal or illicit drugs or unauthorized alcohol on Bank of America premises and to provide a safe work environment.
To view Bank of America’s Drug-free workplace and alcohol policy, CLICK HERE .
Bank of America
- Bank of America Jobs