Static Application Security Testing (SAST) is the process of scanning source code for security vulnerabilities and manually triaging the results. Dynamic Application Security Testing (DAST) scans running applications for exploitability. The Application Security Consultant at Bank Of America conducts SAST testing, and correlates the results with DAST, to determine the true risk an internally-developed application present to the Bank.
On a daily basis, Application Security Consultants (ASC) will scan the source code of the Bank’s critical Web and mobile applications and manually triage the results. They will correlate these results with DAST and conduct follow-on penetration tests as needed. They will also continuously advise development teams at the Bank on how to remediate issues, including coding proof-of-concept solutions. Application Security Consultants (ASC) will collaborate on a larger Information Security team, which includes ethical hackers and Application Security Engineers (ASE).
Core responsibilities include:
- Conducting static analysis (source code scanning)
- Correlating static and dynamic analysis results and running dynamic scans (penetration testing)
- Advising dev teams on secure coding practices for addressing findings
- Coding proof of concepts to demonstrate security remediation
- Collaborating with application security engineers to tune scanners
Core languages under analysis include Java and .NET (web) and Android and iOS (mobile).
Qualified candidates will have:
- Four year degree in computer science or related field and / or five years' experience in enterprise-grade software development
- Extensive enterprise development experience in Java and/or .NET languages
- Provable understanding of enterprise architectures and best practices for high-volume, high-availability web / mobile apps
- Excellent written and oral communication skills
- Experience with Android / iOS mobile platforms
- Experience performing code reviews / reviewing results of static analysis tools
- Knowledge of Common Weakness Enumeration (CWE) and Common Vulnerabilities and Exposures (CVE) and remediation recommendations
- Familiarity of vulnerabilities and attack methods, including Remote Code Execution (RCE), Cross-Site Scripting (XSS), SQL Injection (SQLi), etc. and how to identify, trace and remediate them
Understanding of OWASP Top 10
Enterprise Role Overview - As an experienced professional, provide advice to client management with regard to moderately complex security issues. Assists in the review, development, testing and implementation of security plans, products and control techniques. Coordinates the reporting data security incidents. Provides technical support to the client and management and staff in risk assessments and implementation of appropriate data security procedures and products. Monitors existing and proposed security standard setting groups. State and Federal legislation and regulations. Identifies and escalates changes that will affect information security policy, standards and procedures. Executes security controls to prevent hackers from infiltrating company information or jeopardizing e-commerce programs. Researches attempted efforts to compromise security protocols. Administers security policies to control access to systems and maintains the company firewall. Works on complex problems where analysis of situations or data requires an in-depth evaluation of various factors. Exercises judgment within broadly defined practices and policies in selecting methods, techniques, and evaluation criterion for obtaining results. Work leadership may be provided by assigning work and resolving problems. Typically 5-7 years of IT experience.
Posting Date: 07/11/2019
Denver, CO, Union Station, 1801 16th St,
Chicago, IL, 135 S LA SALLE ST (IL4135),
Addison, TX, 16001 N Dallas Pkwy (TX8044),
Annandale, VA, BANK OF AMERICA MORTGAGE, 7619 LITTLE RIVER TPKE,
- United States
Travel: Yes, 5% of the time
Position Summary Do you want to make a significant impact by preventing cyber threats? Do you want to protect intellectual assets? Look no further, True Value has an opening for an IT Sr. Security...
Description Trustwave is a leading cybersecurity and managed security services provider that helps businesses fight cybercrime, protect data and reduce security risk. Offering a comprehensive...
Job Description Position at Ingram Micro Pre-Sales Engineering Advisor (Cyber Security) On-site (Chicago, IL) This is a new professional-level position that was formed in partnership between...
Position Description Chartered in 1946 as the nation’s first national laboratory, Argonne enters the 21st century focused on solving the major scientific and engineering challenges of our time:...
. Are you curious, motivated, and forward-thinking? At FIS, you’ll have the opportunity to work on some of the most challenging and relevant issues in financial services and technology. Our...
NOTE: This is a part-time position (20 hours/week). The salary listed represents full-time employment and will be pro-rated based on the actual number of hours worked each pay-period. Likewise,...
Position Summary Do you want to make a significant impact by preventing cyber threats? Do you...
Description Trustwave is a leading cybersecurity and managed security services provider that...
Job Description Position at Ingram Micro Pre-Sales Engineering Advisor (Cyber Security) On-site...
Position Description Chartered in 1946 as the nation’s first national laboratory, Argonne enters...
. Are you curious, motivated, and forward-thinking? At FIS, you’ll have the opportunity to work...
NOTE: This is a part-time position (20 hours/week). The salary listed represents full-time...