About Us
At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. We do this by driving Responsible Growth and delivering for our clients, teammates, communities and shareholders every day. Being a Great Place to Work and providing a culture of caring is core to how we drive Responsible Growth. We are intentional about fostering an inclusive workplace where every teammate has the opportunity to succeed, build a career and contribute to our shared success. This includes attracting and developing exceptional talent, recognizing and rewarding performance, and supporting our teammates’ physical, emotional, and financial wellness through affordable, competitive and flexible benefits. We value the unique perspectives individuals bring from all backgrounds and career paths - whether shaped by military service, community college education, or a wide range of work and life experiences. These journeys foster resilience, leadership and innovation, strengthening our workforce and positively impact the communities we serve. Bank of America is committed to an in-office culture that supports collaboration, engagement, and career development. Our approach includes clear in-office expectations, while providing an appropriate level of flexibility based on role-specific responsibilities and business needs. At Bank of America, you can build a successful career with opportunities to learn, grow, and make an impact. Join us!
Global Business Services
Global Business Services delivers Technology and Operations capabilities to Lines of Business and Staff Support Functions of Bank of America through a centrally managed, globally integrated delivery model and globally resilient operations.
Global Business Services is recognized for flawless execution, sound risk management, operational resiliency, operational excellence, and innovation.
In India, we are present in five locations and operate as BA Continuum India Private Limited (BACI), a non-banking subsidiary of Bank of America Corporation and the operating company for India operations of Global Business Services.
Process Overview*
Global Information Security (GIS) is responsible for protecting bank information systems, confidential and proprietary data, and customer information. GIS develops the bank’s Information Security strategy and policy, manages the Information Security program, identifies and addresses vulnerabilities and operates global security operations center that monitor, detects and responds to cybersecurity incidents. Within GIS, the Cloud Security organization is responsible for leading a team of deeply technical cyber security engineers and architects to design and implement best in class cyber security capabilities for internal and external cloud instances in partnership with infrastructure and application technology teams. In addition, lead efforts across other Global Information Security functions to enable cyber security technology and operations in cloud environments.
Job Description*
This role is for GIS Penetration testing team to conduct penetration tests and source code reviews of our internal/external web, mobile, web, and web API service applications, leveraging both manual techniques as well as automated tools to uncover and report security vulnerabilities that exist. You must be knowledgeable with business risks associated to common security vulnerabilities and to be able to effectively communicate complex technical concepts such as security vulnerabilities to application developers and/or senior managers who may have little to no experience with application security. You must have the ability to work independently in a very large scale, enterprise setting and collaborate with peer team members. Previous experience as an application security professional with a large Financial Institution a plus.
Requirements*
Education*: B.E. / B. Tech/M.E. /M. Tech
Certifications, If Any*: GWAPT, CEH, OSCP, SANS, CEH
Experience Range*: 10+ years
Foundational Skills*:
Strong hands-on experience in conducting comprehensive manual penetration tests and source code reviews against web, API, mobile applications, services, platforms, systems, and networks to identify security vulnerabilities.
Solid experience in using various security tools such as Invicti, SoapUI, Burp Suite Pro, Checkmarx, Kali Linux, Metasploit, etc.
Very Good Communication & Interpersonal skills.
Knowledge of network and Web related protocols/technologies.
Experience with latest penetration testing techniques (e.g., web application proxies, packet capture analysis software, browser extensions, advanced penetration testing tools (full stack), Linux distributions, Windows OS, etc.).
Experience of penetration testing on mobile platforms such as iOS, Android, and mobile device simulators.
Solid programming/debugging skills with proficiency in one or more of the following: Java, JavaScript, HTML, XML, PHP, ASP.NET, AJAX, JSON, Python, Perl, Shell script, Objective-C, and SOAP/REST web APIs.
Expert-level experience and knowledge in the following areas:
Authentication and security protocols.
Application session management.
Applied cryptography.
Common communication protocols.
Mobile frameworks.
Single sign-on technologies.
Development frameworks (Angular, React, etc.).
Exploit automation platforms.
Knowledge of a Structured Query Language.
Developer experience or coding background (nice-to-have).
Desired Skills*:
Experience of penetration testing and source code reviews on web, API and mobile platforms.
Solid programming/debugging skills with proficiency in one or more of the following: Java, JavaScript, HTML, XML, PHP, ASP.NET, AJAX, JSON, Objective-C, and SOAP/REST web APIs.
Work Timings*: 11:00 AM to 8:00 PM
Job Location*: Mumbai, Hyderabad, Chennai