Senior Adaptive Threat Replication Engineer

Senior Adaptive Threat Replication Engineer Locations: Denver, Colorado; Seattle, Washington; Addison, Texas; Richmond, Virginia; Jersey City, New Jersey; Boston, Massachusetts; Charlotte, North Carolina; Washington, District of Columbia; Jacksonville, Florida; Chicago, Illinois Job Description: At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. Responsible Growth is how we run our company and how we deliver for our clients, teammates, communities, and shareholders every day. One of the keys to driving Responsible Growth is being a great place to work for our teammates around the world. We’re devoted to being a diverse and inclusive workplace for everyone. We hire individuals with a broad range of backgrounds and experiences and invest heavily in our teammates and their families by offering competitive benefits to support their physical, emotional, and financial well-being. The Cyber Security Assurance Division is looking for a Senior Adaptive Threat Replication Engineer to join a team of world-class offensive security professionals. In this role, you will diligently hunt for high-risk vulnerabilities across the bank’s global technology environment. Understanding security policy and compliance is important, but your focus will be to identify exploitable vulnerabilities. This is a highly technical role that requires broad technical knowledge and a deep understanding of threats and threat TTPs. You will lead and participate in advanced technical assessments that leverage red team, penetration testing, and vulnerability assessment tools and techniques. Key Responsibilities: Lead and perform assessments of the bank's technologies, applications, and cyber security controls. Adapt testing methods to evolving and emerging threats. Coordinate with senior leadership on development projects. Mentor junior engineers and assist monitoring and response functions. Identify misconfigurations and vulnerabilities and report associated risks. Required Skills: 5+ years of professional offensive security experience. Ability to critically examine an organization and articulate risk to technical and non-technical audiences. Proficiency with tools associated with red teaming and penetration testing (e.g., Metasploit, Burp Suite, Cobalt Strike, Kali). Solid understanding of voice and data networks, major operating systems, and active directory. Knowledge of tactics, techniques, and procedures associated with malicious insider activity and threats. Ability to effectively code in a scripting language (Python, Perl, etc.). Advisory, innovative thinking, technical documentation, technology system assessment, and threat analysis skills. Desirable Skills: Certifications: OSCP, GPEN, GXPN, OSCE, GWAPT. Ability to work remotely if necessary. Previous experience in the financial industry. 5-10 years of experience in technology and offensive security assessments. Shift:

1st shift (United States of America) Hours Per Week:

40

#J-18808-Ljbffr