Penetration Tester

We are currently hiring for a Penetration Tester role with Bank of America (BA Continuum India Pvt. Ltd.), a leading global financial institution known for innovation, security excellence, and world-class technology infrastructure.

• Position: Penetration Tester
• Organization: Bank of America (BA Continuum India Pvt. Ltd.)
• Experience: 4 to 10+ Years
• Education: B.E / B.Tech / M.E / M.Tech
• Work Timings: 11:00 AM – 8:00 PM
• Location : Hyderabad/Mumbai/Chennai

Process Overview

Global Information Security (GIS) is responsible for protecting bank information systems, confidential and proprietary data, and customer information. GIS develops the bank's Information Security strategy and policy, manages the Information Security program, identifies and addresses vulnerabilities and operates global security operations center that monitor, detects and responds to cybersecurity incidents. Within GIS, the Cloud Security organization is responsible for leading a team of deeply technical cyber security engineers and architects to design and implement best in class cyber security capabilities for internal and external cloud instances in partnership with infrastructure and application technology teams. In addition, lead efforts across other Global Information Security functions to enable cyber security technology and operations in cloud environments.

Job Description

This role is for GIS Penetration testing team to conduct penetration tests and source code reviews of our internal/external web, mobile, web, and web API service applications, leveraging both manual techniques as well as automated tools to uncover and report security vulnerabilities that exist.

You must be knowledgeable with business risks associated to common security vulnerabilities and to be able to effectively communicate complex technical concepts such as security vulnerabilities to application developers and/or senior managers who may have little to no experience with application security.

You must have the ability to work independently in a very large scale, enterprise setting and collaborate with peer team members. Previous experience as an application security professional with a large Financial Institution a plus.

Requirements

Education: B.E. / B. Tech/M.E. /M. Tech

Certifications, If Any: GWAPT, CEH, OSCP, SANS, CEH

Experience Range: 4 to 10+ years

Foundational Skills:

• Strong hands-on experience in conducting comprehensive manual penetration tests and source code reviews against web, API, mobile applications, services, platforms, systems, and networks to identify security vulnerabilities.
• Solid experience in using various security tools such as Invicti, SoapUI, Burp Suite Pro, Checkmarx, Kali Linux, Metasploit, etc.
• Very Good Communication & Interpersonal skills.
• Knowledge of network and Web related protocols/technologies.
• Experience with latest penetration testing techniques (e.g., web application proxies, packet capture analysis software, browser extensions, advanced penetration testing tools (full stack), Linux distributions, Windows OS, etc.).
• Experience of penetration testing on mobile platforms such as iOS, Android, and mobile device simulators.
• Solid programming/debugging skills with proficiency in one or more of the following: Java, JavaScript, HTML, XML, PHP, ASP.NET, AJAX, JSON, Python, Perl, Shell script, Objective-C, and SOAP/REST web APIs.

• Expert-level experience and knowledge in the following areas:

1. Authentication and security protocols.
2. Application session management.
3. Applied cryptography.
4. Common communication protocols.
5. Mobile frameworks.
6. Single sign-on technologies.
7. Development frameworks (Angular, React, etc.).
8. Exploit automation platforms.

• Knowledge of a Structured Query Language.
• Developer experience or coding background (nice-to-have).

Desired Skills:

• Experience of penetration testing and source code reviews on web, API and mobile platforms.
• Solid programming/debugging skills with proficiency in one or more of the following: Java, JavaScript, HTML, XML, PHP, ASP.NET, AJAX, JSON, Objective-C, and SOAP/REST web APIs.