Security Engineer jobs at Capital Group - 426 jobs

A leading procurement platform company in San Francisco is seeking a Software Engineer to develop core identity products like authentication and encryption key management. The role requires experience in web application and API development, particularly with Python, Typescript, React, and GraphQL. The salary range is competitive, between $150,000 - $180,000, and the company offers a variety of perks, including start-up equity and flexible PTO. Apply now and join a diverse and inclusive company culture. #J-18808-Ljbffr

A financial services company in San Francisco is seeking an experienced security professional to assess access controls and mentor peers in security best practices. The candidate should have over 6 years of experience in security operations and a Bachelor's degree. The role offers competitive compensation ranging from $157,000 to $200,000, along with a hybrid work model and comprehensive benefits. #J-18808-Ljbffr

This remote position supports cybersecurity governance by performing risk and control self-assessments (RCSAs), evaluating cybersecurity controls, and supporting key risk management processes. The role helps identify risk and control gaps, assess cyber risks, and recommends improvements to strengthen the organizations cyber posture. The position provides risk analysis, documentation, and control development support across cybersecurity teams, acting as a resource for process owners and contributing to continuous improvement initiatives. Responsibilities Execute cybersecurity process level RCSAs in partnership with business function owners and stakeholders Document risk and controls assessment results, risk ratings, and supporting evidence in accordance with Enterprise Risk Standards Draft, update, and refine control risk and control statements to ensure clarity, effectiveness, and alignment with cybersecurity processes Review existing risks and controls for design effectiveness, identifying gaps, inconsistencies, or opportunities for improvements Partner with business function owners to periodically update inherent and residual risk ratings for process level risks Assist cybersecurity teams with updating control effectiveness and control environment ratings on a regular cadence Evaluate cybersecurity risks and controls against Enterprise Policies and Standards, regulatory requirements, and industry standards Support remediation planning by documenting gaps, improvement recommendations, and target-state control enhancements Participate in projects, assessments, or escalated tasks requiring risk and control expertise Qualifications Bachelor's Degree and 8 years of experience in Information security, cybersecurity, risk management, or a related field OR High School Diploma or GED and 12 years of experience in Information security, cybersecurity, risk management, or a related field Experience performing risk assessments, RCSAs, or controls testing Working knowledge of cybersecurity processes, controls and risk concepts Familiarity with frameworks such as NIST CSF, NIST SP 800-53 Ability to write clear, actionable control statements and assessment findings Strong analytical, documentation, and communications skills Ability to work collaboratively with technical and non-technical stakeholders Preferred 4-7 years of experience in Information or cyber security risk or control assessment Experience supporting cybersecurity programs within a financial institution or regulated environment Certifications such as Security+, SSCP, CISA, CISM, CISSP, CRISC Understanding of threat landscapes, IT processes, and common control frameworks Experience supporting process improvements, control rationalization, or evidence evaluation The base pay for this position is generally between $120,000 and $180,000. Actual starting base pay will be determined based on skills, experience, location, and other non-discriminatory factors permitted by law. For some roles, total compensation may also include variable incentives, bonuses, benefits, and/or other awards as outlined in the offer of employment. This job posting is expected to remain active for 45 days from the initial posting date listed above. If it is necessary to extend this deadline, the posting will remain active as appropriate. Job postings may come down early due to business need or a high volume of applicants Benefits are an integral part of total rewards and First Citizens Bank is committed to providing a competitive, thoughtfully designed and quality benefits program to meet the needs of our associates. More information can be found at **************************************** #J-18808-Ljbffr

Application Deadline: 10/31/2025 Job Family Group: Audit, Risk & Compliance Identifies, assesses, remediates and reports all non-financial risks related to the area of expertise and ensures these risks are managed within the Bank's risk appetite. Delivers expert advice, credible challenge, and effective oversight across to identify, assess, control, and manage these risks throughout the company. Provides strategic, future-forward vision for the maturity of risk domains leveraging more predictive analytics. Plays a critical role in ensuring the company's risk-taking entities are aware of risks, the impact on the enterprise, and opportunities to reduce, mitigate, or avoid risks. As an Operational NFR leader, works closely with ERPM and with other businesses and functions across the enterprise. Core responsibilities include: Oversight over 1st line activities establishing risk frameworks required to mitigate Non-Financial Risk exposures, to comply with regulatory requirements, Corporate Policies, Corporate Standards and other published directives that support these policies and standards Subject matter expertise, specialist support, and oversight for transactions and circumstances representing significant risk exposures to the Enterprise Ensures alignment between risk framework and NFRMF for consistency and to support aggregation of results; reviews, provides Effective Challenge and monitors sub-risks so that the Non-Financial Risk Profile is consistent with business strategy Ensures appropriate actions are underway to manage significant Non-Financial Risk exposures, providing Effective Challenge and oversight as appropriate Implements and maintains a monitoring, surveillance and/or assessment function that provides reasonable assurance of compliance with policies and frameworks Monitors non-financial sub-risks to ensure exposures are within Enterprise Non-Financial Risk tolerances and recommends corrective actions to Operating Groups / Corporate Services when outside tolerances Reviews and recommends changes to processes or procedures, and oversees any significant business unit corrective actions as necessary Reports an independent Non-Financial Risk Profile for their sub-risk category, or as required by the NFRMF Leads the Operational NFR risk oversight team, establishing a solid understanding of internal and external NFR risks that can impact the organization's overall business and value chain Assesses and enhances the organization's NFR sub-risk capability maturity; maintains and updates risk models, identifies and develops innovative risk assessment techniques, and incorporates data-driven risk assessment that is end-to-end Provides independent expertise during capability maturity reviews, prepares independent assessments of maturity levels, and develops reports for senior management. Identifies and assesses alternative approaches to risk mitigation and advises leadership on trade-offs Speaks authoritatively with regulatory officials regarding controls, the risk management framework, and emerging threats As part of the second line of defense, collaborates with corporate areas, technology, Lines of Business, and other risk management offices to evaluate the firm's NFR sub-risk capability maturity levels and offers independent advice for further mature risk management capabilities; helps identify new/emerging NFR sub-risks and integrates capability maturity assessment with other risk programs Contributes to clarity of roles and accountabilities within the organization and refines team and portfolio structure Manages independent evaluations of the firm's information security, cybersecurity, cloud and technology capabilities, and provides expertise to accelerate maturity of cyber capabilities Identifies and develops quantitative assessments of vulnerabilities, risks and remediation strategies; provides insights to senior leaders, regulators, and the Board as needed Drives a risk management focus with a customer/resilience lens that supports the bank's digital strategy while maintaining soundness Stays current on emerging NFR sub-risk threats and mentors more junior team members Collaborates effectively with colleagues, stakeholders, and leaders across multiple organizations to achieve objectives Leads program-related activities to ensure effective collaboration within the team and across stakeholder groups Ensures initiatives comply with regulatory standards and corporate policies and considers impact on profitability and firm reputation Understands and helps manage key NFR sub-risks impacting operations and business functions Collaborates with business partners and Enterprise functions to design target state and interim NFR risk management tool architecture Drives evolution of the NFR sub-risk function and appetite view and reporting requirements Leads development and implementation of key risk indicators (KRIs) and KPIs that are risk-sensitive and adapt to new threats Promotes and supports the Bank's risk culture, ensuring employees understand risk-taking accountabilities and fostering open communication and effective challenge Complies with the Bank's Risk Appetite framework and ensures activities remain within limits and regulatory requirements Models simplicity and productivity improvements for optimization across groups and drives continuous improvement Promotes a winning culture aligned with Purpose and drives engagement and execution Fosters diversity, equity and inclusion and creates an inclusive environment Develops leaders, plans for succession, and fosters a high-performance culture Drives top talent acquisition and retention and builds organizational capabilities Leads and mentors a team with diverse risk and business experience Leads and reinforces customer focus to support the Bank's vision Role models customer-focus and drives sustainable improvements in loyalty and growth Adheres to and supports enterprise customer experience and brand standards Qualifications: Certified Fraud Examiner (CFE) and Certified Anti-Money Laundering Specialist (CAMS) credentials Must be a highly skilled NFR sub-risk professional with experience and a proven ability to deliver high-impact results Proven ability to manage a team and work independently in a fast-paced environment Please note the base salary range for this position is USD 230,000.00 to USD 260,000.00 Salary: Pay Type: Salaried The above represents BMO Financial Group's pay range and type. Salaries vary based on location, skills, experience, education, and qualifications, and may include a commission structure. Salaries for part-time roles will be pro-rated based on hours worked. For commission roles, the salary listed represents the target for the first year. BMO Financial Group's total compensation package varies based on pay type and may include incentives, bonuses, and other perks. Benefit details are available at the Total Rewards page. Note: visit: jobs.bmo.com/global/en/Total-Rewards About Us At BMO we are driven by the Purpose: Boldly Grow the Good in business and life. We create lasting, positive change for customers, communities, and people. As a member of the BMO team you are valued, respected and heard, with opportunities to grow and make an impact. We provide tools and resources to reach milestones, including training and coaching, manager support, and network-building opportunities. For more information visit: jobs.bmo.com/us/en BMO is an equal employment opportunity employer. We evaluate applicants without regard to race, religion, color, national origin, sex, sexual orientation, gender identity, gender expression, age, protected veteran status, disability, or any other legally protected characteristic. We also consider applicants with criminal histories as allowed by law. BMO is committed to providing reasonable accommodations to individuals with disabilities. To request accommodations, email ************************** with your contact information and the nature of your request. Note to Recruiters: BMO does not accept unsolicited resumes from any source other than directly from a candidate. Unsolicited resumes sent to BMO may be considered BMO property. A recruiting agency must have a valid written agency agreement to submit resumes. #J-18808-Ljbffr

Natixis CIB is seeking a dynamic and experienced Vice President of Network Security to lead and enhance our network security infrastructure across the AMER region. This strategic leadership role requires a deep technical understanding of network security and the ability to drive initiatives that protect our systems while mentoring a talented engineering team. The job responsibilities include, but are not limited, to the following: Infrastructure Oversight: Lead the design and administration of Natixis CIB AMER's network security infrastructure, focusing on critical components including DNS, F5 Load Balancers, Fortinet and Palo Alto firewalls, VPNs, proxies, Remote Access and DMZ connectivity. Technology Initiatives: Drive technology projects aimed at enhancing cybersecurity and improving network performance in alignment with organizational goals. Continuous Monitoring: Ensure optimal network performance through continuous monitoring, dashboard creation, promptly addressing any security incidents. Documentation Management: Maintain comprehensive documentation, including network security asset inventories, diagrams, procedures and vendor contacts, to support operational efficiency and facilitate effective communication. Cross-Department Collaboration: Collaborate with infrastructure teams to resolve network-related challenges and ensure seamless operations across departments. Audit and Security Coordination: Work closely with audit and IT Security teams in both AMER and BPCE-IT to provide necessary documentation and implement remediation plans as required. Staff Mentorship and Training: Mentor and train junior engineering staff, fostering a culture of growth and skill development within the network team. Vulnerability Assessments: Conduct vulnerability assessments and manage patching processes to effectively mitigate and report security risks across the AMER region. Security Reporting: Develop and deliver regular security reports to Leadership, highlighting key metrics, incidents, and trends to inform strategic decision-making. LOD1 Security Management: Manage Line of Defense 1 (LOD1) network security controls and request as specified by the IT Risk Department. Strategy Alignment: Coordinate with AMER and Head Office IT Security teams to assure alignment on security strategies and policies. Tool Proficiency: Profiecent knowledge of security tools such as SIEM, Splunk, Centreon and Qualys for effective monitoring and incident response. Bachelor's degree in computer science, Information Technology, Cybersecurity, or a related field; Master's preferred. 6+ years of hands-on experience in network security management, preferably within the financial services industry. Extensive experience managing Cisco Firepower, Fortinet and Palo Alto firewalls, including DMZ design implementation. Relevant certifications such as Fortinet NSE 4/5, Palo Alto Networks Certified Network Security Engineer (PCNSE), Cisco CCNP Enterprise and CCNP Security is a plus. Highly desirable CISSP, CISM. Strong project management and leadership experience. Excellent communication and problem-solving skills, with a focus on collaboration and teamwork. Extensive understanding of network technologies - L2, L3, VXLAN, BGP, LAN/WAN/VPN Extensive understanding of security technologies such as firewall, load balancing, proxy, authentication methods Strong knowledge of DNS/DHCPWSG (Web Security Gateways), Proxy-pac scripting Troubleshooting knowledge of network and security systems with minimal guidance is required. OSI Layer 4 and Layer 7 protocol analysis and troubleshooting experience is required. Excellent oral and written communication and documentation skills are essential. Ideal candidate must have a strong understanding of Zero Trust Architecture and Network Access Control design for enterprise network infrastructure design, and troubleshooting. Among these technologies, knowledge of Arista and Cisco design, configuration and automation is a definite plus Knowledge of scripting languages such as Python, PoweShell, or Ansible. The individual will need to be very organized, flexible, results oriented and able to multi-task to meet the demands of our dynamic environment The candidate should be a self-starter, be able to work with minimal supervision, properly and effectively report project/work status to management and peers, take full ownership and responsibility of the tasks assigned to her/him and work them through completion. The candidate should be able to demonstrate both technical capabilities and in-depth knowledge of various security and network concepts, technologies, and best practices The candidate should have the ability to convey in non-technical terms complex technical explanations related to problems, designs, etc. Knowledge of Ansible Scripting is a plus Knowledge of micro segmentation tools such as Illumio or VM Ware NSX is a plus Natixis is an equal opportunity employer, committed to a workplace free of discrimination. Natixis will not tolerate any form of discrimination based on age, color, mental or physical handicap or disability, pregnancy, marital status, sexual orientation, national origin, alienage, ancestry or citizenship status, race, religion, sex (including sex stereotyping, gender identity, gender expression or transgender status), veteran status, creed, genetic information or carrier status, or any other protected characteristic as established by law. Respect for all means that we deal with each person as an individual and not as a member of any group. All qualified applicants will receive consideration for employment. Management is expected to provide leadership in supporting the firms EEO program by taking steps to promote EEO in all facets of employment including recruitment, hiring, retention, promotion, performance assessment, and career-development opportunities. The salary range for the VP position will be between $150,000 - $180,000. Natixis is required by law to include a reasonable estimate of the compensation range for this role. Actual base salary will vary and will be based on several factors including, but not limited to, relevant experience, education, skills set, applicable licensure and certifications, and other business and organizational needs. Base salary is only one component of our total rewards package. Natixis also offers a generous benefits package, and you may be eligible for a discretionary incentive award depending on company and individual performance.

**Department:** Security**FLSA Status:** Exempt / Full-Time Salary**Union Code:** Non-Union**Minimum Pay Rate:** $82,400**Maximum Pay Rate:**$92,200**Join Our Team at Barclays Center!**Congratulations on taking the first step toward embarking on an exciting new adventure at Barclays Center! Our focus is YOU!At Barclays Center, we're more than just a venue - we're a dynamic community driven by a shared passion for creating unforgettable live experiences. We're dedicated to nurturing our team members and empowering them to thrive in an environment where innovation, collaboration, and a love for sports entertainment intersect.If you're someone who lives and breathes events, fueled by an unwavering passion for creating magic in every moment, then we want you to join us in shaping the future of live entertainment. Come be a part of our vibrant community, where every day offers the chance to inspire, innovate, and make memories that last a lifetime!**Our Company Values**We understand that it is important for you to know what our values are to determine if they align with yours. Our four company values, Care, Integrity, Accountability and Growth Mindset, are reflected in everything that we do here at Barclays Center. From the interview process to employee recognition, we make certain to incorporate the four values.**Key Attributes for Success**To excel in this role, candidates must possess a genuine passion for service, strong teamwork abilities, adaptability, effective communication skills, a guest-centric approach, problem-solving capabilities, and keen attention to detail. These attributes are essential for creating unforgettable experiences and maintaining a positive atmosphere for our guests. Joining our team promises not only a fulfilling experience but also an opportunity to make a meaningful difference in the lives of our guests and contribute to the success of Barclays Center.**Strong Teamwork Abilities:*** Enjoys collaborating effectively with colleagues and partners.* Likes building and nurturing strong relationships within the team.* Values the importance of teamwork in achieving shared goals.**Adaptability:*** Enjoys handling unexpected challenges with flexibility and composure.* Wants to quickly adjust to changes in the environment to ensure guest satisfaction.* Thrives in dynamic and fast-paced work environments.**Proactive Problem-Solving:*** Desires to identify and resolve issues creatively and efficiently.* Enjoys handling guest concerns with empathy and professionalism, turning challenges into opportunities.* Likes taking initiative to address potential problems before they escalate.**Meticulous Attention to Detail:*** Wants to pay close attention to details that contribute to organizational satisfaction.* Enjoys ensuring every aspect of service delivery is meticulously executed to maintain high standards.* Desires to take pride in delivering flawless capabilities through meticulous attention to detail.**ESSENTIAL DUTIES & RESPONSIBILITIES: What You Will Do*** Assist with the installation, configuration, and maintenance of security systems, including surveillance cameras, access control systems, alarm systems, and other related technologies and applications.* Supervise employees and operations in all areas of Security, including the Dean and Event Level Command Centers.* Maintain high standards for security equipment, including inventory management, cleaning, and distribution for security personnel.* Collaborate closely with outside contractors to ensure the optimal operation of our security equipment and systems.* Ensure that staffing levels for operating security systems during events are appropriate. Properly brief, deploy, and redeploy staffing resources as necessary to maintain effective security operations.* Implement and monitor the daily event and non-event badging system to ensure proper access control and security compliance.* Conduct comprehensive training and information-sharing sessions with employees on the operations of building security systems. Develop and execute training programs to enhance employee awareness and proficiency.* Conduct regular assessments and audits of security systems to identify vulnerabilities. Implement necessary improvements to maintain the integrity and effectiveness of the security infrastructure.* Manage the operation, and execution of events at Barclays Center, ensuring all security protocols are followed and the safety of attendees is maintained.* Respond promptly to requests from upper management, risk management, and other departments for investigations, ensuring timely and accurate delivery of required information and footage.* Provide comprehensive administrative support, complete projects and tasks, and update security forms, databases, and office records to ensure smooth security operations.* Develop, manage, and update all departmental policy and procedural guidelines, ensuring compliance with industry standards and regulatory requirements.* Collaborate closely with the IT department to ensure seamless integration and alignment of security systems with IT infrastructure and protocols, facilitating efficient communication and troubleshooting.* Demonstrate understanding of managing both internal and external customer requirements and measurement criteria.* Establish positive and collaborative relationships with customers, including local, state, & federal fire, police authorities, and international authorities.* Develop, create, and implement an accepted and sustainable security culture.* Ensure processing, adjudication, and disposition of corporate personnel security actions comply with US Government and International statutory, regulatory, customer contractual, and business requirements* Assist with confidential investigations, ensuring timely and accurate delivery of required information and or footage.* Provide comprehensive administrative support, complete projects and tasks, and update security forms, databases, and office records to ensure smooth security operations.* Help develop, manage, and update all departmental policy and procedural guidelines, ensuring compliance with industry standards and regulatory requirements.**CANDIDATE PROFILE: Who You Are*** The Manager of Security Systems is a results-driven security professional with extensive experience overseeing security operations, risk management, and venue safety for high-profile events.* Adept at managing comprehensive security systems, including CCTV, access control, and screening equipment, ensuring operational readiness and compliance with industry standards.* Proven track record in project management, successfully leading security infrastructure upgrades, vendor coordination, and budget oversight.* Skilled in developing and executing security protocols for large-scale events while fostering strong relationships with internal stakeholders and law enforcement agencies.* Committed to delivering exceptional service, enhancing security technology, and driving continuous improvements in operational efficiency.**KEY COMPETENCIES: Skills You Possess*** Minimum of 2 years customer/guest service experience, preferably in a sports and/or entertainment facility.* Proficiency in Microsoft Office Programs (Word, Excel, Outlook, PowerPoint) is required.* Proficient in the operation of CCTV systems* Proficient in general IT operations. Certifications strongly preferred.* Ability to be proactive, recognize problems and find solutions.* Excellent interpersonal, verbal and written communication skills.* Ability to work in a fast-paced environment and simultaneously manage a high level of detail across multiple projects.* Ability to demonstrate flexibility and quickly adapt to changes while maintaining high levels of productivity and effectiveness under pressure.* Ability to work well within a team environment, assisting and supporting team members whenever #J-18808-Ljbffr

Job DescriptionCrypto.com is on a mission to accelerate the world's transition to cryptocurrency. As we continue to scale our Exchange and Crypto.com App (spot trading) we're hiring a Growth Marketing Hacker to lead on our go-to-market strategy, lifecycle initiatives, and product positioning that fuel global user growth and engagement as we expand. This role sits at the intersection of product, data, and creative execution: ideal for a strategic marketer who thrives in fast-paced, high-ownership environments. You'll work in close collaboration with product managers and growth to align feature rollouts, growth campaigns, and user insights into compelling narratives that resonate across geographies and user segments. 1. Strategy & Positioning- Partner up with product and strategy teams to own the roadmap for the Exchange vertical.- Develop value propositions that differentiate our platform in a competitive global market.- Partner with data, analytics and product to define user personas (e.g. retail traders, crypto newcomers, high-frequency traders) and map tailored journeys for each.- Lead on creative/copy positioning and brief submission for growth teams to deliver impactful and localized campaigns.- Work closely with product managers to align on roadmap priorities and customer feedback loops. 2. Launch Execution- Partner up with the product team to manage the go-to-market planning for feature launches.- Conceptualize integrated marketing campaigns across in-app, email, web, social, and earned media for UA to execute.- Partner with marketing, growth and product teams to ensure campaigns are timely, scalable, and data-informed.- Coordinate with local market teams and growth to adapt messaging for region-specific rollouts: localization across product messaging, local behavior and competitive landscape. 3. Customer Insights & Market Intelligence- Analyze market trends and conduct competitive benchmarking to identify opportunities and threats.-Run user interviews, feedback loops, and surveys to understand pain points and improve UX/messaging.- Feed findings back into product and growth teams to inform prioritization and positioning. 4. Growth & Retention- Design lifecycle programs that drive user activation, trading volume, and long-term retention.- Conceptualize promotions, streaks, and incentive programs that reward engagement and boost retention.- Work with data, analytics and product teams to identify drop-off points and optimize onboarding and reactivation flows. 5. Performance & Reporting- Work with Growth and Product to define KPIs across funnel metrics, retention, and campaign impact.- Report using tools like GA4, Tableau, Mix panel: work closely with analytics and product to iterate quickly. Requirements 3 to 5 years of experience in product marketing: ideally crypto background Proven success launching and scaling B2C products or platforms and growing adoption and revenue sustainably Excellent communication and copywriting skills: you can simplify complex ideas and tell stories that convert Highly collaborative, with experience working cross-functionally in fast-paced environments. Bias to action Analytical mindset with proficiency in marketing analytics and user research Experience in regulated industries or financial services is a plus Bonus: Crypto native or familiarity with community-led growth ***************** Empowered to think big. Try new opportunities while working with a talented, ambitious and supportive team.Transformational and proactive working environment. Empower employees to find thoughtful and innovative solutions.Growth from within. We help to develop new skill-sets that would impact the shaping of your personal and professional growth.Work Culture. Our colleagues are some of the best in the industry; we are all here to help and support one another.One cohesive team. Engage stakeholders to achieve our ultimate goal - Cryptocurrency in every wallet. Work Flexibility Adoption. Flexi-work hour and hybrid or remote set-up Aspire career alternatives through us - our internal mobility program offers employees a new scope. Are you ready to kickstart your future with us? BenefitsCompetitive salary Attractive annual leave entitlement including: birthday, work anniversary 401(k) plan with employer match Eligible for company-sponsored group health, dental, vision, and life/disability insurance Work Flexibility Adoption. Flexi-work hour and hybrid or remote set-up Aspire career alternatives through us. Our internal mobility program can offer employees a diverse scope. Our Crypto.com benefits packages vary depending on region requirements, you can learn more from our talent acquisition team. About Crypto.com:Founded in 2016, Crypto.com serves more than 150 million customers and is the world's fastest growing global cryptocurrency platform. Our vision is simple: Cryptocurrency in Every Wallet™. Built on a foundation of security, privacy, and compliance, Crypto.com is committed to accelerating the adoption of cryptocurrency through innovation and empowering the next generation of builders, creators, and entrepreneurs to develop a fairer and more equitable digital ecosystem. Learn more at ******************* Crypto.com is an equal opportunities employer and we are committed to creating an environment where opportunities are presented to everyone in a fair and transparent way. Crypto.com values diversity and inclusion, seeking candidates with a variety of backgrounds, perspectives, and skills that complement and strengthen our team. Personal data provided by applicants will be used for recruitment purposes only. Please note that only shortlisted candidates will be contacted. We may use artificial intelligence tools to analyze the content of your Resume/CV against the specific requirements for the position. The purpose is to support our recruitment team in reviewing applications more effectively. These tools assist our recruitment team in their evaluation of your application by providing recommendations, but they do not replace human judgment. Final hiring decisions are ultimately made by humans who consider the insights generated by the tools along with other relevant information. If you would like more details about how your personal information is processed, please contact us.

Primary Responsibilities: The Analyst will provide value add analysis and research as part of the Strategic, Defense, and Shareholder Advisory team within the Advisory business. In this role, the Analyst will create client presentations regarding hostile activity, proxy fights, shareholder activism, and corporate governance. The Analyst will work on live activism and raid defense situations, as well as create materials for use in client presentations, internal meetings, and marketing initiatives. The Analyst will work in a team environment within Evercore's Strategic, Defense, and Shareholder Advisory practice. Responsibilities include, but are not limited to the following: Create materials related to shareholder activism, hostile activity, shareholder engagement and corporate governance for use in client presentations, internal meetings and marketing initiatives Support live engagements, including proxy fights and raid defense situations, contested M&A and special committee assignments Perform research and analysis to identify company's potential vulnerabilities to activist shareholders or potential acquirors Monitor relevant trends and regulatory developments Collaborate closely with senior bankers and other internal teams on strategic mandates Specific Qualifications: Graduate of Class of 2024 through Class of 2025 Relentless work ethic and high energy level An excellent, team-based atttiude Excellent communication skills (written and verbal) Proficient in Microsoft Office, specifically Excel Exceptional attention to detail Calm under pressure with a demonstrated track record of successfully managing multiple projects simultaneously Intellectual curiosity and an interest in finance Expected Base Salary Range: $120,000-$140,000. In addition to a competitive base salary, employees may be eligible to receive a discretionary bonus delivered in the form of cash and/or deferred equity. Evercore also offers a variety of benefits and programs, subject to eligibility. These include, but are not limited to: Medical, prescription, dental, and vision insurance, including healthcare savings and reimbursements accounts 401(k) Retirement Plan Life and disability insurance, including additional voluntary financial protection insurance Well-being resources and programs, including mental health and mindfulness programs, digital wellness platforms, well-being events, and targeted on-site health services Family-building and family-support benefits Paid parental, caregiver, marriage and bereavement leave Commuter benefits, health club membership discounts, and other corporate discounts Paid holidays, vacation days, personal days, sick days, and volunteer opportunities

“I can be myself at work.” You are more than a job title. We want you to feel comfortable doing great work and bringing your best, authentic self to everything you do. We value your talents, traditions, and uniqueness-and we're committed to fostering a strong sense of belonging in a respectful workplace. We intentionally seek diverse perspectives, experiences, and backgrounds, investing in a culture designed to celebrate differences. We believe that belonging leads to better outcomes and a stronger community of associates united by our mission. At Capital, we live our core values every day: Integrity, Client Focus, Diverse Perspectives, Long-Term Thinking, and Community. “I can influence my income.” You want to feel recognized at work. Your performance will be reviewed annually, and your compensation will be designed to motivate and reward the value that you provide. You'll receive a competitive salary, bonuses and benefits. Your company-funded retirement contribution will factor in salary and variable pay, including bonuses. “I can lead a full life.” You bring unique goals and interests to your job and your life. Whether you're raising a family, you're passionate about where you volunteer, or you want to explore different career paths, we'll give you the resources that can set you up for success. Enjoy generous time-away and health benefits from day one, with the opportunity for flexible work options Receive 2-for-1 matching gifts for your charitable contributions and the opportunity to secure annual grants for the organizations you love Access on-demand professional development resources that allow you to hone existing skills and learn new ones I can succeed as a Security Engineer III ~Data Loss Prevention at Capital Group. As a Security Engineer III in Data Loss Prevention, you'll take the lead in deploying, managing, and fine-tuning data loss prevention (DLP) and data protection tools across our enterprise systems. Your mission is to keep sensitive information safe by implementing strong technical controls, optimizing DLP policies to cut down false positives, and ensuring compliance with regulations like GDPR and HIPAA. You'll dive into threat modeling, fix vulnerabilities, and automate security configurations using scripting and infrastructure-as-code tools. A solid background in cloud, network, and application security is key, along with hands-on experience with DLP platforms such as Symantec, Microsoft Purview, or Zscaler. This role gives you autonomy while working closely with IT, DevOps, and compliance teams to embed security into everyday workflows. You'll also mentor junior engineers, support incident response, and translate technical risks into clear, actionable guidance for stakeholders. I am the person Capital Group is looking for. You are responsible for deploying, configuring, and maintaining enterprise Data Loss Prevention (DLP) platforms to safeguard sensitive information across cloud, web, endpoint, and email channels. You create and tune DLP policies to detect and prevent unauthorized data exfiltration. You automate security controls using scripting and infrastructure-as-code, ensuring alignment with regulatory and internal standards. You ensure the health and operational stability of the DLP platform by monitoring performance, troubleshooting issues, and executing standard operational procedures to maintain reliability and effectiveness. You support incident response efforts and collaborate closely with incident response and threat detection teams to continuously improve DLP operations. You tune policies based on real-world detection patterns, enrich alert workflows with contextual data, and refine playbooks to reduce false positives. Required Skills: Minimum 3-5 years in data protection or in Information Security A Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent work experience). You have demonstrated proficiency with DLP tools and technologies such as Symantec, Microsoft, Zscaler, or Palo Alto DLP platforms. You possess in-depth knowledge of data protection methods, including encryption (for data at rest and in transit), data masking, and tokenization techniques. You have a strong understanding of data privacy regulations and compliance standards (e.g., GDPR, HIPAA, CCPA). You are experienced with data classification frameworks and applying controls based on data sensitivity. “I can apply in less than 4 minutes.” You've reviewed this job posting and you're ready to start the candidate journey with us. Apply now to move to the next step in our recruiting process. If this role isn't what you're looking for, check out our other opportunities and join our talent community. “I can learn more about Capital Group.” At Capital Group, the success of the people who invest with us depends on the people in whom we invest. That's why we offer a culture, compensation and opportunities that empower our associates to build successful and prosperous careers. Through nine decades, our goal has been to improve people's lives through successful investing. We know that our history is a testament to the strength of the people we hire. More than 9,000 associates in 30+ offices around the world help our clients and each other grow and thrive every day. Find us on LinkedIn, Instagram, YouTube and Glassdoor. Southern California Base Salary Range: $125,909-$201,454San Antonio Base Salary Range: $103,508-$165,613New York Base Salary Range: $133,471-$213,554 In addition to a highly competitive base salary, per plan guidelines, restrictions and vesting requirements, you also will be eligible for an individual annual performance bonus, plus Capital's annual profitability bonus plus a retirement plan where Capital contributes 15% of your eligible earnings. You can learn more about our compensation and benefits here . * Temporary positions in the United States are excluded from the above mentioned compensation and benefit plans. We are an equal opportunity employer, which means we comply with all federal, state and local laws that prohibit discrimination when making all decisions about employment. As equal opportunity employers, our policies prohibit unlawful discrimination on the basis of race, religion, color, national origin, ancestry, sex (including gender and gender identity), pregnancy, childbirth and related medical conditions, age, physical or mental disability, medical condition, genetic information, marital status, sexual orientation, citizenship status, AIDS/HIV status, political activities or affiliations, military or veteran status, status as a victim of domestic violence, assault or stalking or any other characteristic protected by federal, state or local law.

Denver, Colorado;Seattle, Washington; Jacksonville, Florida; Addison, Texas; Jersey City, New Jersey; Boston, Massachusetts; Charlotte, North Carolina; Chicago, Illinois **To proceed with your application, you must be at least 18 years of age.** Acknowledge Refer a friend **To proceed with your application, you must be at least 18 years of age.** Acknowledge (*********************************************************************************************** **:** At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. Responsible Growth is how we run our company and how we deliver for our clients, teammates, communities and shareholders every day. One of the keys to driving Responsible Growth is being a great place to work for our teammates around the world. We're devoted to being a diverse and inclusive workplace for everyone. We hire individuals with a broad range of backgrounds and experiences and invest heavily in our teammates and their families by offering competitive benefits to support their physical, emotional, and financial well-being. Bank of America believes both in the importance of working together and offering flexibility to our employees. We use a multi-faceted approach for flexibility, depending on the various roles in our organization. Working at Bank of America will give you a great career with opportunities to learn, grow and make an impact, along with the power to make a difference. Join us! **Job Description:** Manual Ethical Hacking is part of the Application Development Security Framework Program within Bank of America's Cyber Security Assurance Offensive Security group. The program provides services to assess the security resilience of the bank's applications to malicious hacking activity. This senior technical role is responsible performing and leading ethical hacking assessments of the bank's technologies, applications, and cyber security controls while adapting testing methods to evolving and emerging threats. Key responsibilities include leading and performing research, understanding the bank's security policies, working with appropriate partners to complete assessments and simulations, identifying misconfigurations and vulnerabilities, and reporting on associated risk. These individuals partner closely with security partners, CIO clients and multiples lines of business. These individuals are expected to perform application security-oriented dynamic and static assessments across a multitude of technologies including web UI, web APIs, mobile and cloud, including associated source code. Key Responsibilities in order of importance: + Perform assigned analysis of internal and external threats on information systems and predict future threat behavior. + Incorporate threat actors' tactics, techniques, and procedures into offensive security testing to identify high-value vulnerabilities/chained attacks. + Developing Proof-of-concepts for exploitation. + Perform assessments of the security, effectiveness, and practicality of multiple technology systems. + Leverage innovative thinking to help solve problems or introduce new ideas to processes or products applicable to offensive security. + Prepare and present detailed technical information for various media including documents, reports, and notifications. + Provide clear and practical advice regarding managing risks. + Learn and develop advanced technical and leadership skills, mentor Junior and Intermediate assessors in technical tradecraft and soft skills. + Respond to security incidents and provide technical assistance to leadership across the Information Security organization. Required Skills: + Minimum of 5+ years of professional pentesting, application security or ethical hacking experience, preferably in a large, complex, enterprise environment + Detailed technical knowledge in at least 5 of the following areas: + security engineering + application architecture + authentication and security protocols + application session management + applied cryptography + common communication protocols + mobile frameworks + single sign-on technologies + exploit automation platforms + Web APIs + Cloud environments + LLM security + Able to manually identify and reproduce findings, discuss remediation concepts, develop PoCs for vulnerabilities, use scripting/coding techniques, proficiently execute common penetration testing tools, triage, and support incidents, and produce high value findings + Experience performing manual web application assessments i.e., must be able to simulate a OWASP Top 10 vulnerabilities without the use of tools + Experience performing manual code reviews for security relevant issues + Experience working with DAST and SAST tools to identify vulnerabilities + Knowledge of network and Web related protocols/technologies (e.g., UNIX/LINUX, TCP/IP, Cookies) + Experience with vulnerability assessment tools and penetration testing techniques. + Solid programming/debugging skills, development frameworks, CVE and CWE research/reproduction + Threat Analysis, threat modelling and SBOM analysis + Innovative thinking, threat actor simulation + Technology Systems Assessment + Technical Documentation + Advisory Desired: + CEH, OSCP/OSCE/OSWE/GXPN/GPEN/GWAPT/GMOB/All Practitioner Certs [Port Swigger BSP Academy]/Cloud Cert(s)/ eWPT; eWPTX; eMAPT [INE Pentester Academy] + Strong programming/scripting skills This job will be open and accepting applications for a minimum of seven days from the date it was posted. **Shift:** 1st shift (United States of America) **Hours Per Week:** 40 Bank of America and its affiliates consider for employment and hire qualified candidates without regard to race, religious creed, religion, color, sex, sexual orientation, genetic information, gender, gender identity, gender expression, age, national origin, ancestry, citizenship, protected veteran or disability status or any factor prohibited by law, and as such affirms in policy and practice to support and promote the concept of equal employment opportunity, in accordance with all applicable federal, state, provincial and municipal laws. The company also prohibits discrimination on other bases such as medical condition, marital status or any other factor that is irrelevant to the performance of our teammates. View your **"Know your Rights (************************************************************************************** "** poster. **View the LA County Fair Chance Ordinance (************************************************************************************************** .** Bank of America aims to create a workplace free from the dangers and resulting consequences of illegal and illicit drug use and alcohol abuse. Our Drug-Free Workplace and Alcohol Policy ("Policy") establishes requirements to prevent the presence or use of illegal or illicit drugs or unauthorized alcohol on Bank of America premises and to provide a safe work environment. Bank of America is committed to an in-office culture with specific requirements for office-based attendance and which allows for an appropriate level of flexibility for our teammates and businesses based on role-specific considerations. Should you be offered a role with Bank of America, your hiring manager will provide you with information on the in-office expectations associated with your role. These expectations are subject to change at any time and at the sole discretion of the Company. To the extent you have a disability or sincerely held religious belief for which you believe you need a reasonable accommodation from this requirement, you must seek an accommodation through the Bank's required accommodation request process before your first day of work. This communication provides information about certain Bank of America benefits. Receipt of this document does not automatically entitle you to benefits offered by Bank of America. Every effort has been made to ensure the accuracy of this communication. However, if there are discrepancies between this communication and the official plan documents, the plan documents will always govern. Bank of America retains the discretion to interpret the terms or language used in any of its communications according to the provisions contained in the plan documents. Bank of America also reserves the right to amend or terminate any benefit plan in its sole discretion at any time for any reason.

Denver, Colorado;Seattle, Washington; Jersey City, New Jersey; Boston, Massachusetts; Washington, District of Columbia; Charlotte, North Carolina; Jacksonville, Florida; Chicago, Illinois **To proceed with your application, you must be at least 18 years of age.** Acknowledge Refer a friend **To proceed with your application, you must be at least 18 years of age.** Acknowledge (****************************************************************************************** **:** At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. Responsible Growth is how we run our company and how we deliver for our clients, teammates, communities and shareholders every day. One of the keys to driving Responsible Growth is being a great place to work for our teammates around the world. We're devoted to being a diverse and inclusive workplace for everyone. We hire individuals with a broad range of backgrounds and experiences and invest heavily in our teammates and their families by offering competitive benefits to support their physical, emotional, and financial well-being. Bank of America believes both in the importance of working together and offering flexibility to our employees. We use a multi-faceted approach for flexibility, depending on the various roles in our organization. Working at Bank of America will give you a great career with opportunities to learn, grow and make an impact, along with the power to make a difference. Join us! **Job Description:** Manual Ethical Hacking is part of the Application Development Security Framework Program within Bank of America's Cyber Security Assurance Offensive Security group. The program provides services to assess the vulnerability of the bank's applications to malicious hacking activity. This intermediate technical role is responsible for performing application security assessments of the bank's technologies, applications, and cyber security controls while adapting testing methods to evolving and emerging threats. Key responsibilities include performing research, understanding the bank's security policies, working with the appropriate partners to complete assessments and simulations, identifying misconfigurations and vulnerabilities, and reporting on associated risk. These individuals partner closely with security partners, CIO clients and multiples lines of business. Key Responsibilities in order of importance: + Perform assigned analysis of internal and external threats on information systems and predict future threat behavior + Incorporate threat actors' tactics, techniques, and procedures into offensive security testing + Perform assessments of the security, effectiveness, and practicality of multiple technology systems + Leverage innovative thinking to help solve problems or introduce new ideas to processes or products applicable to offensive security. + Prepare and present detailed technical information for various media including documents, reports, and notifications + Provide clear and practical advice regarding managed risks + Learn and develop advanced technical and leadership skills, Mentor Junior assessors in technical tradecraft and soft skills Required Skills: + Minimum of 4 years of professional pentesting, application security or ethical hacking experience, preferably in a large, complex, enterprise environment + Detailed technical knowledge in at least 3 of the following areas: security engineering; application architecture; authentication and security protocols; application session management; applied cryptography; common communication protocols; mobile frameworks; single sign-on technologies; exploit automation platforms; RESTful web services + SQL injection/XSS attack without the use of tools + Experience performing manual code reviews for security relevant issues + Experience working with SAST tools to identify vulnerabilities + Able to manually identify and reproduce findings, discuss remediation concepts, develop PoCs for vulnerabilities, use scripting/coding techniques, proficiently execute common penetration testing tools, triage, and support incidents, and produce high value findings + Experience performing manual web application assessments i.e., must be able to simulate a + Knowledge of network and Web related protocols/technologies (e.g., UNIX/LINUX, TCP/IP, Cookies) + Experience with vulnerability assessment tools and penetration testing techniques + Solid programming/debugging skills + Experience of using a variety of tools, included, but not limited to, IBM AppScan, Burp and SQL Map + Threat Analysis + Innovative Thinking + Technology Systems Assessment + Technical Documentation + Advisory Desired: + CISSP, CEH, OSCP, OSWE, GPEN, PenTest+ or similar + Strong programming/scripting skills This job will be open and accepting applications for a minimum of seven days from the date it was posted. **Shift:** 1st shift (United States of America) **Hours Per Week:** 40 Bank of America and its affiliates consider for employment and hire qualified candidates without regard to race, religious creed, religion, color, sex, sexual orientation, genetic information, gender, gender identity, gender expression, age, national origin, ancestry, citizenship, protected veteran or disability status or any factor prohibited by law, and as such affirms in policy and practice to support and promote the concept of equal employment opportunity, in accordance with all applicable federal, state, provincial and municipal laws. The company also prohibits discrimination on other bases such as medical condition, marital status or any other factor that is irrelevant to the performance of our teammates. View your **"Know your Rights (************************************************************************************** "** poster. **View the LA County Fair Chance Ordinance (************************************************************************************************** .** Bank of America aims to create a workplace free from the dangers and resulting consequences of illegal and illicit drug use and alcohol abuse. Our Drug-Free Workplace and Alcohol Policy ("Policy") establishes requirements to prevent the presence or use of illegal or illicit drugs or unauthorized alcohol on Bank of America premises and to provide a safe work environment. Bank of America is committed to an in-office culture with specific requirements for office-based attendance and which allows for an appropriate level of flexibility for our teammates and businesses based on role-specific considerations. Should you be offered a role with Bank of America, your hiring manager will provide you with information on the in-office expectations associated with your role. These expectations are subject to change at any time and at the sole discretion of the Company. To the extent you have a disability or sincerely held religious belief for which you believe you need a reasonable accommodation from this requirement, you must seek an accommodation through the Bank's required accommodation request process before your first day of work. This communication provides information about certain Bank of America benefits. Receipt of this document does not automatically entitle you to benefits offered by Bank of America. Every effort has been made to ensure the accuracy of this communication. However, if there are discrepancies between this communication and the official plan documents, the plan documents will always govern. Bank of America retains the discretion to interpret the terms or language used in any of its communications according to the provisions contained in the plan documents. Bank of America also reserves the right to amend or terminate any benefit plan in its sole discretion at any time for any reason.

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. Responsible Growth is how we run our company and how we deliver for our clients, teammates, communities and shareholders every day. One of the keys to driving Responsible Growth is being a great place to work for our teammates around the world. We're devoted to being a diverse and inclusive workplace for everyone. We hire individuals with a broad range of backgrounds and experiences and invest heavily in our teammates and their families by offering competitive benefits to support their physical, emotional, and financial well-being. Bank of America believes both in the importance of working together and offering flexibility to our employees. We use a multi-faceted approach for flexibility, depending on the various roles in our organization. Working at Bank of America will give you a great career with opportunities to learn, grow and make an impact, along with the power to make a difference. Join us! Job Description: Manual Ethical Hacking is part of the Application Development Security Framework Program within Bank of America's Cyber Security Assurance Offensive Security group. The program provides services to assess the security resilience of the bank's applications to malicious hacking activity. This senior technical role is responsible performing and leading ethical hacking assessments of the bank's technologies, applications, and cyber security controls while adapting testing methods to evolving and emerging threats. Key responsibilities include leading and performing research, understanding the bank's security policies, working with appropriate partners to complete assessments and simulations, identifying misconfigurations and vulnerabilities, and reporting on associated risk. These individuals partner closely with security partners, CIO clients and multiples lines of business. These individuals are expected to perform application security-oriented dynamic and static assessments across a multitude of technologies including web UI, web APIs, mobile and cloud, including associated source code. Key Responsibilities in order of importance: * Perform assigned analysis of internal and external threats on information systems and predict future threat behavior. * Incorporate threat actors' tactics, techniques, and procedures into offensive security testing to identify high-value vulnerabilities/chained attacks. * Developing Proof-of-concepts for exploitation. * Perform assessments of the security, effectiveness, and practicality of multiple technology systems. * Leverage innovative thinking to help solve problems or introduce new ideas to processes or products applicable to offensive security. * Prepare and present detailed technical information for various media including documents, reports, and notifications. * Provide clear and practical advice regarding managing risks. * Learn and develop advanced technical and leadership skills, mentor Junior and Intermediate assessors in technical tradecraft and soft skills. * Respond to security incidents and provide technical assistance to leadership across the Information Security organization. Required Skills: * Minimum of 5+ years of professional pentesting, application security or ethical hacking experience, preferably in a large, complex, enterprise environment * Detailed technical knowledge in at least 5 of the following areas: * security engineering * application architecture * authentication and security protocols * application session management * applied cryptography * common communication protocols * mobile frameworks * single sign-on technologies * exploit automation platforms * Web APIs * Cloud environments * LLM security * Able to manually identify and reproduce findings, discuss remediation concepts, develop PoCs for vulnerabilities, use scripting/coding techniques, proficiently execute common penetration testing tools, triage, and support incidents, and produce high value findings * Experience performing manual web application assessments i.e., must be able to simulate a OWASP Top 10 vulnerabilities without the use of tools * Experience performing manual code reviews for security relevant issues * Experience working with DAST and SAST tools to identify vulnerabilities * Knowledge of network and Web related protocols/technologies (e.g., UNIX/LINUX, TCP/IP, Cookies) * Experience with vulnerability assessment tools and penetration testing techniques. * Solid programming/debugging skills, development frameworks, CVE and CWE research/reproduction * Threat Analysis, threat modelling and SBOM analysis * Innovative thinking, threat actor simulation * Technology Systems Assessment * Technical Documentation * Advisory Desired: * CEH, OSCP/OSCE/OSWE/GXPN/GPEN/GWAPT/GMOB/All Practitioner Certs [Port Swigger BSP Academy]/Cloud Cert(s)/ eWPT; eWPTX; eMAPT [INE Pentester Academy] * Strong programming/scripting skills This job will be open and accepting applications for a minimum of seven days from the date it was posted. Shift: 1st shift (United States of America) Hours Per Week: 40

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. Responsible Growth is how we run our company and how we deliver for our clients, teammates, communities and shareholders every day. One of the keys to driving Responsible Growth is being a great place to work for our teammates around the world. We're devoted to being a diverse and inclusive workplace for everyone. We hire individuals with a broad range of backgrounds and experiences and invest heavily in our teammates and their families by offering competitive benefits to support their physical, emotional, and financial well-being. Bank of America believes both in the importance of working together and offering flexibility to our employees. We use a multi-faceted approach for flexibility, depending on the various roles in our organization. Working at Bank of America will give you a great career with opportunities to learn, grow and make an impact, along with the power to make a difference. Join us! Job Description: Manual Ethical Hacking is part of the Application Development Security Framework Program within Bank of America's Cyber Security Assurance Offensive Security group. The program provides services to assess the vulnerability of the bank's applications to malicious hacking activity. This intermediate technical role is responsible for performing application security assessments of the bank's technologies, applications, and cyber security controls while adapting testing methods to evolving and emerging threats. Key responsibilities include performing research, understanding the bank's security policies, working with the appropriate partners to complete assessments and simulations, identifying misconfigurations and vulnerabilities, and reporting on associated risk. These individuals partner closely with security partners, CIO clients and multiples lines of business. Key Responsibilities in order of importance: * Perform assigned analysis of internal and external threats on information systems and predict future threat behavior * Incorporate threat actors' tactics, techniques, and procedures into offensive security testing * Perform assessments of the security, effectiveness, and practicality of multiple technology systems * Leverage innovative thinking to help solve problems or introduce new ideas to processes or products applicable to offensive security. * Prepare and present detailed technical information for various media including documents, reports, and notifications * Provide clear and practical advice regarding managed risks * Learn and develop advanced technical and leadership skills, Mentor Junior assessors in technical tradecraft and soft skills Required Skills: * Minimum of 4 years of professional pentesting, application security or ethical hacking experience, preferably in a large, complex, enterprise environment * Detailed technical knowledge in at least 3 of the following areas: security engineering; application architecture; authentication and security protocols; application session management; applied cryptography; common communication protocols; mobile frameworks; single sign-on technologies; exploit automation platforms; RESTful web services * SQL injection/XSS attack without the use of tools * Experience performing manual code reviews for security relevant issues * Experience working with SAST tools to identify vulnerabilities * Able to manually identify and reproduce findings, discuss remediation concepts, develop PoCs for vulnerabilities, use scripting/coding techniques, proficiently execute common penetration testing tools, triage, and support incidents, and produce high value findings * Experience performing manual web application assessments i.e., must be able to simulate a * Knowledge of network and Web related protocols/technologies (e.g., UNIX/LINUX, TCP/IP, Cookies) * Experience with vulnerability assessment tools and penetration testing techniques * Solid programming/debugging skills * Experience of using a variety of tools, included, but not limited to, IBM AppScan, Burp and SQL Map * Threat Analysis * Innovative Thinking * Technology Systems Assessment * Technical Documentation * Advisory Desired: * CISSP, CEH, OSCP, OSWE, GPEN, PenTest+ or similar * Strong programming/scripting skills This job will be open and accepting applications for a minimum of seven days from the date it was posted. Shift: 1st shift (United States of America) Hours Per Week: 40

Denver, Colorado;Seattle, Washington; Jacksonville, Florida; Addison, Texas; Jersey City, New Jersey; Boston, Massachusetts; Charlotte, North Carolina; Chicago, Illinois **To proceed with your application, you must be at least 18 years of age.** Acknowledge Refer a friend **To proceed with your application, you must be at least 18 years of age.** Acknowledge (*********************************************************************************************** **:** At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. Responsible Growth is how we run our company and how we deliver for our clients, teammates, communities and shareholders every day. One of the keys to driving Responsible Growth is being a great place to work for our teammates around the world. We're devoted to being a diverse and inclusive workplace for everyone. We hire individuals with a broad range of backgrounds and experiences and invest heavily in our teammates and their families by offering competitive benefits to support their physical, emotional, and financial well-being. Bank of America believes both in the importance of working together and offering flexibility to our employees. We use a multi-faceted approach for flexibility, depending on the various roles in our organization. Working at Bank of America will give you a great career with opportunities to learn, grow and make an impact, along with the power to make a difference. Join us! **Job Description:** Manual Ethical Hacking is part of the Application Development Security Framework Program within Bank of America's Cyber Security Assurance Offensive Security group. The program provides services to assess the security resilience of the bank's applications to malicious hacking activity. This senior technical role is responsible performing and leading ethical hacking assessments of the bank's technologies, applications, and cyber security controls while adapting testing methods to evolving and emerging threats. Key responsibilities include leading and performing research, understanding the bank's security policies, working with appropriate partners to complete assessments and simulations, identifying misconfigurations and vulnerabilities, and reporting on associated risk. These individuals partner closely with security partners, CIO clients and multiples lines of business. These individuals are expected to perform application security-oriented dynamic and static assessments across a multitude of technologies including web UI, web APIs, mobile and cloud, including associated source code. Key Responsibilities in order of importance: + Perform assigned analysis of internal and external threats on information systems and predict future threat behavior. + Incorporate threat actors' tactics, techniques, and procedures into offensive security testing to identify high-value vulnerabilities/chained attacks. + Developing Proof-of-concepts for exploitation. + Perform assessments of the security, effectiveness, and practicality of multiple technology systems. + Leverage innovative thinking to help solve problems or introduce new ideas to processes or products applicable to offensive security. + Prepare and present detailed technical information for various media including documents, reports, and notifications. + Provide clear and practical advice regarding managing risks. + Learn and develop advanced technical and leadership skills, mentor Junior and Intermediate assessors in technical tradecraft and soft skills. + Respond to security incidents and provide technical assistance to leadership across the Information Security organization. Required Skills: + Minimum of 5+ years of professional pentesting, application security or ethical hacking experience, preferably in a large, complex, enterprise environment + Detailed technical knowledge in at least 5 of the following areas: + security engineering + application architecture + authentication and security protocols + application session management + applied cryptography + common communication protocols + mobile frameworks + single sign-on technologies + exploit automation platforms + Web APIs + Cloud environments + LLM security + Able to manually identify and reproduce findings, discuss remediation concepts, develop PoCs for vulnerabilities, use scripting/coding techniques, proficiently execute common penetration testing tools, triage, and support incidents, and produce high value findings + Experience performing manual web application assessments i.e., must be able to simulate a OWASP Top 10 vulnerabilities without the use of tools + Experience performing manual code reviews for security relevant issues + Experience working with DAST and SAST tools to identify vulnerabilities + Knowledge of network and Web related protocols/technologies (e.g., UNIX/LINUX, TCP/IP, Cookies) + Experience with vulnerability assessment tools and penetration testing techniques. + Solid programming/debugging skills, development frameworks, CVE and CWE research/reproduction + Threat Analysis, threat modelling and SBOM analysis + Innovative thinking, threat actor simulation + Technology Systems Assessment + Technical Documentation + Advisory Desired: + CEH, OSCP/OSCE/OSWE/GXPN/GPEN/GWAPT/GMOB/All Practitioner Certs [Port Swigger BSP Academy]/Cloud Cert(s)/ eWPT; eWPTX; eMAPT [INE Pentester Academy] + Strong programming/scripting skills This job will be open and accepting applications for a minimum of seven days from the date it was posted. **Shift:** 1st shift (United States of America) **Hours Per Week:** 40 Bank of America and its affiliates consider for employment and hire qualified candidates without regard to race, religious creed, religion, color, sex, sexual orientation, genetic information, gender, gender identity, gender expression, age, national origin, ancestry, citizenship, protected veteran or disability status or any factor prohibited by law, and as such affirms in policy and practice to support and promote the concept of equal employment opportunity, in accordance with all applicable federal, state, provincial and municipal laws. The company also prohibits discrimination on other bases such as medical condition, marital status or any other factor that is irrelevant to the performance of our teammates. View your **"Know your Rights (************************************************************************************** "** poster. **View the LA County Fair Chance Ordinance (************************************************************************************************** .** Bank of America aims to create a workplace free from the dangers and resulting consequences of illegal and illicit drug use and alcohol abuse. Our Drug-Free Workplace and Alcohol Policy ("Policy") establishes requirements to prevent the presence or use of illegal or illicit drugs or unauthorized alcohol on Bank of America premises and to provide a safe work environment. Bank of America is committed to an in-office culture with specific requirements for office-based attendance and which allows for an appropriate level of flexibility for our teammates and businesses based on role-specific considerations. Should you be offered a role with Bank of America, your hiring manager will provide you with information on the in-office expectations associated with your role. These expectations are subject to change at any time and at the sole discretion of the Company. To the extent you have a disability or sincerely held religious belief for which you believe you need a reasonable accommodation from this requirement, you must seek an accommodation through the Bank's required accommodation request process before your first day of work. This communication provides information about certain Bank of America benefits. Receipt of this document does not automatically entitle you to benefits offered by Bank of America. Every effort has been made to ensure the accuracy of this communication. However, if there are discrepancies between this communication and the official plan documents, the plan documents will always govern. Bank of America retains the discretion to interpret the terms or language used in any of its communications according to the provisions contained in the plan documents. Bank of America also reserves the right to amend or terminate any benefit plan in its sole discretion at any time for any reason.

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. Responsible Growth is how we run our company and how we deliver for our clients, teammates, communities and shareholders every day. One of the keys to driving Responsible Growth is being a great place to work for our teammates around the world. We're devoted to being a diverse and inclusive workplace for everyone. We hire individuals with a broad range of backgrounds and experiences and invest heavily in our teammates and their families by offering competitive benefits to support their physical, emotional, and financial well-being. Bank of America believes both in the importance of working together and offering flexibility to our employees. We use a multi-faceted approach for flexibility, depending on the various roles in our organization. Working at Bank of America will give you a great career with opportunities to learn, grow and make an impact, along with the power to make a difference. Join us! Job Description: Manual Ethical Hacking is part of the Application Development Security Framework Program within Bank of America's Cyber Security Assurance Offensive Security group. The program provides services to assess the security resilience of the bank's applications to malicious hacking activity. This senior technical role is responsible performing and leading ethical hacking assessments of the bank's technologies, applications, and cyber security controls while adapting testing methods to evolving and emerging threats. Key responsibilities include leading and performing research, understanding the bank's security policies, working with appropriate partners to complete assessments and simulations, identifying misconfigurations and vulnerabilities, and reporting on associated risk. These individuals partner closely with security partners, CIO clients and multiples lines of business. These individuals are expected to perform application security-oriented dynamic and static assessments across a multitude of technologies including web UI, web APIs, mobile and cloud, including associated source code. Key Responsibilities in order of importance: * Perform assigned analysis of internal and external threats on information systems and predict future threat behavior. * Incorporate threat actors' tactics, techniques, and procedures into offensive security testing to identify high-value vulnerabilities/chained attacks. * Developing Proof-of-concepts for exploitation. * Perform assessments of the security, effectiveness, and practicality of multiple technology systems. * Leverage innovative thinking to help solve problems or introduce new ideas to processes or products applicable to offensive security. * Prepare and present detailed technical information for various media including documents, reports, and notifications. * Provide clear and practical advice regarding managing risks. * Learn and develop advanced technical and leadership skills, mentor Junior and Intermediate assessors in technical tradecraft and soft skills. * Respond to security incidents and provide technical assistance to leadership across the Information Security organization. Required Skills: * Minimum of 5+ years of professional pentesting, application security or ethical hacking experience, preferably in a large, complex, enterprise environment * Detailed technical knowledge in at least 5 of the following areas: * security engineering * application architecture * authentication and security protocols * application session management * applied cryptography * common communication protocols * mobile frameworks * single sign-on technologies * exploit automation platforms * Web APIs * Cloud environments * LLM security * Able to manually identify and reproduce findings, discuss remediation concepts, develop PoCs for vulnerabilities, use scripting/coding techniques, proficiently execute common penetration testing tools, triage, and support incidents, and produce high value findings * Experience performing manual web application assessments i.e., must be able to simulate a OWASP Top 10 vulnerabilities without the use of tools * Experience performing manual code reviews for security relevant issues * Experience working with DAST and SAST tools to identify vulnerabilities * Knowledge of network and Web related protocols/technologies (e.g., UNIX/LINUX, TCP/IP, Cookies) * Experience with vulnerability assessment tools and penetration testing techniques. * Solid programming/debugging skills, development frameworks, CVE and CWE research/reproduction * Threat Analysis, threat modelling and SBOM analysis * Innovative thinking, threat actor simulation * Technology Systems Assessment * Technical Documentation * Advisory Desired: * CEH, OSCP/OSCE/OSWE/GXPN/GPEN/GWAPT/GMOB/All Practitioner Certs [Port Swigger BSP Academy]/Cloud Cert(s)/ eWPT; eWPTX; eMAPT [INE Pentester Academy] * Strong programming/scripting skills This job will be open and accepting applications for a minimum of seven days from the date it was posted. Shift: 1st shift (United States of America) Hours Per Week: 40

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. Responsible Growth is how we run our company and how we deliver for our clients, teammates, communities and shareholders every day. One of the keys to driving Responsible Growth is being a great place to work for our teammates around the world. We're devoted to being a diverse and inclusive workplace for everyone. We hire individuals with a broad range of backgrounds and experiences and invest heavily in our teammates and their families by offering competitive benefits to support their physical, emotional, and financial well-being. Bank of America believes both in the importance of working together and offering flexibility to our employees. We use a multi-faceted approach for flexibility, depending on the various roles in our organization. Working at Bank of America will give you a great career with opportunities to learn, grow and make an impact, along with the power to make a difference. Join us! Job Description: Manual Ethical Hacking is part of the Application Development Security Framework Program within Bank of America's Cyber Security Assurance Offensive Security group. The program provides services to assess the security resilience of the bank's applications to malicious hacking activity. This senior technical role is responsible performing and leading ethical hacking assessments of the bank's technologies, applications, and cyber security controls while adapting testing methods to evolving and emerging threats. Key responsibilities include leading and performing research, understanding the bank's security policies, working with appropriate partners to complete assessments and simulations, identifying misconfigurations and vulnerabilities, and reporting on associated risk. These individuals partner closely with security partners, CIO clients and multiples lines of business. These individuals are expected to perform application security-oriented dynamic and static assessments across a multitude of technologies including web UI, web APIs, mobile and cloud, including associated source code. Key Responsibilities in order of importance: * Perform assigned analysis of internal and external threats on information systems and predict future threat behavior. * Incorporate threat actors' tactics, techniques, and procedures into offensive security testing to identify high-value vulnerabilities/chained attacks. * Developing Proof-of-concepts for exploitation. * Perform assessments of the security, effectiveness, and practicality of multiple technology systems. * Leverage innovative thinking to help solve problems or introduce new ideas to processes or products applicable to offensive security. * Prepare and present detailed technical information for various media including documents, reports, and notifications. * Provide clear and practical advice regarding managing risks. * Learn and develop advanced technical and leadership skills, mentor Junior and Intermediate assessors in technical tradecraft and soft skills. * Respond to security incidents and provide technical assistance to leadership across the Information Security organization. Required Skills: * Minimum of 5+ years of professional pentesting, application security or ethical hacking experience, preferably in a large, complex, enterprise environment * Detailed technical knowledge in at least 5 of the following areas: * security engineering * application architecture * authentication and security protocols * application session management * applied cryptography * common communication protocols * mobile frameworks * single sign-on technologies * exploit automation platforms * Web APIs * Cloud environments * LLM security * Able to manually identify and reproduce findings, discuss remediation concepts, develop PoCs for vulnerabilities, use scripting/coding techniques, proficiently execute common penetration testing tools, triage, and support incidents, and produce high value findings * Experience performing manual web application assessments i.e., must be able to simulate a OWASP Top 10 vulnerabilities without the use of tools * Experience performing manual code reviews for security relevant issues * Experience working with DAST and SAST tools to identify vulnerabilities * Knowledge of network and Web related protocols/technologies (e.g., UNIX/LINUX, TCP/IP, Cookies) * Experience with vulnerability assessment tools and penetration testing techniques. * Solid programming/debugging skills, development frameworks, CVE and CWE research/reproduction * Threat Analysis, threat modelling and SBOM analysis * Innovative thinking, threat actor simulation * Technology Systems Assessment * Technical Documentation * Advisory Desired: * CEH, OSCP/OSCE/OSWE/GXPN/GPEN/GWAPT/GMOB/All Practitioner Certs [Port Swigger BSP Academy]/Cloud Cert(s)/ eWPT; eWPTX; eMAPT [INE Pentester Academy] * Strong programming/scripting skills This job will be open and accepting applications for a minimum of seven days from the date it was posted. Shift: 1st shift (United States of America) Hours Per Week: 40

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. Responsible Growth is how we run our company and how we deliver for our clients, teammates, communities and shareholders every day. One of the keys to driving Responsible Growth is being a great place to work for our teammates around the world. We're devoted to being a diverse and inclusive workplace for everyone. We hire individuals with a broad range of backgrounds and experiences and invest heavily in our teammates and their families by offering competitive benefits to support their physical, emotional, and financial well-being. Bank of America believes both in the importance of working together and offering flexibility to our employees. We use a multi-faceted approach for flexibility, depending on the various roles in our organization. Working at Bank of America will give you a great career with opportunities to learn, grow and make an impact, along with the power to make a difference. Join us! Job Description: Manual Ethical Hacking is part of the Application Development Security Framework Program within Bank of America's Cyber Security Assurance Offensive Security group. The program provides services to assess the vulnerability of the bank's applications to malicious hacking activity. This intermediate technical role is responsible for performing application security assessments of the bank's technologies, applications, and cyber security controls while adapting testing methods to evolving and emerging threats. Key responsibilities include performing research, understanding the bank's security policies, working with the appropriate partners to complete assessments and simulations, identifying misconfigurations and vulnerabilities, and reporting on associated risk. These individuals partner closely with security partners, CIO clients and multiples lines of business. Key Responsibilities in order of importance: * Perform assigned analysis of internal and external threats on information systems and predict future threat behavior * Incorporate threat actors' tactics, techniques, and procedures into offensive security testing * Perform assessments of the security, effectiveness, and practicality of multiple technology systems * Leverage innovative thinking to help solve problems or introduce new ideas to processes or products applicable to offensive security. * Prepare and present detailed technical information for various media including documents, reports, and notifications * Provide clear and practical advice regarding managed risks * Learn and develop advanced technical and leadership skills, Mentor Junior assessors in technical tradecraft and soft skills Required Skills: * Minimum of 4 years of professional pentesting, application security or ethical hacking experience, preferably in a large, complex, enterprise environment * Detailed technical knowledge in at least 3 of the following areas: security engineering; application architecture; authentication and security protocols; application session management; applied cryptography; common communication protocols; mobile frameworks; single sign-on technologies; exploit automation platforms; RESTful web services * SQL injection/XSS attack without the use of tools * Experience performing manual code reviews for security relevant issues * Experience working with SAST tools to identify vulnerabilities * Able to manually identify and reproduce findings, discuss remediation concepts, develop PoCs for vulnerabilities, use scripting/coding techniques, proficiently execute common penetration testing tools, triage, and support incidents, and produce high value findings * Experience performing manual web application assessments i.e., must be able to simulate a * Knowledge of network and Web related protocols/technologies (e.g., UNIX/LINUX, TCP/IP, Cookies) * Experience with vulnerability assessment tools and penetration testing techniques * Solid programming/debugging skills * Experience of using a variety of tools, included, but not limited to, IBM AppScan, Burp and SQL Map * Threat Analysis * Innovative Thinking * Technology Systems Assessment * Technical Documentation * Advisory Desired: * CISSP, CEH, OSCP, OSWE, GPEN, PenTest+ or similar * Strong programming/scripting skills This job will be open and accepting applications for a minimum of seven days from the date it was posted. Shift: 1st shift (United States of America) Hours Per Week: 40

Denver, Colorado;Seattle, Washington; Jersey City, New Jersey; Boston, Massachusetts; Washington, District of Columbia; Charlotte, North Carolina; Jacksonville, Florida; Chicago, Illinois **To proceed with your application, you must be at least 18 years of age.** Acknowledge Refer a friend **To proceed with your application, you must be at least 18 years of age.** Acknowledge (****************************************************************************************** **:** At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. Responsible Growth is how we run our company and how we deliver for our clients, teammates, communities and shareholders every day. One of the keys to driving Responsible Growth is being a great place to work for our teammates around the world. We're devoted to being a diverse and inclusive workplace for everyone. We hire individuals with a broad range of backgrounds and experiences and invest heavily in our teammates and their families by offering competitive benefits to support their physical, emotional, and financial well-being. Bank of America believes both in the importance of working together and offering flexibility to our employees. We use a multi-faceted approach for flexibility, depending on the various roles in our organization. Working at Bank of America will give you a great career with opportunities to learn, grow and make an impact, along with the power to make a difference. Join us! **Job Description:** Manual Ethical Hacking is part of the Application Development Security Framework Program within Bank of America's Cyber Security Assurance Offensive Security group. The program provides services to assess the vulnerability of the bank's applications to malicious hacking activity. This intermediate technical role is responsible for performing application security assessments of the bank's technologies, applications, and cyber security controls while adapting testing methods to evolving and emerging threats. Key responsibilities include performing research, understanding the bank's security policies, working with the appropriate partners to complete assessments and simulations, identifying misconfigurations and vulnerabilities, and reporting on associated risk. These individuals partner closely with security partners, CIO clients and multiples lines of business. Key Responsibilities in order of importance: + Perform assigned analysis of internal and external threats on information systems and predict future threat behavior + Incorporate threat actors' tactics, techniques, and procedures into offensive security testing + Perform assessments of the security, effectiveness, and practicality of multiple technology systems + Leverage innovative thinking to help solve problems or introduce new ideas to processes or products applicable to offensive security. + Prepare and present detailed technical information for various media including documents, reports, and notifications + Provide clear and practical advice regarding managed risks + Learn and develop advanced technical and leadership skills, Mentor Junior assessors in technical tradecraft and soft skills Required Skills: + Minimum of 4 years of professional pentesting, application security or ethical hacking experience, preferably in a large, complex, enterprise environment + Detailed technical knowledge in at least 3 of the following areas: security engineering; application architecture; authentication and security protocols; application session management; applied cryptography; common communication protocols; mobile frameworks; single sign-on technologies; exploit automation platforms; RESTful web services + SQL injection/XSS attack without the use of tools + Experience performing manual code reviews for security relevant issues + Experience working with SAST tools to identify vulnerabilities + Able to manually identify and reproduce findings, discuss remediation concepts, develop PoCs for vulnerabilities, use scripting/coding techniques, proficiently execute common penetration testing tools, triage, and support incidents, and produce high value findings + Experience performing manual web application assessments i.e., must be able to simulate a + Knowledge of network and Web related protocols/technologies (e.g., UNIX/LINUX, TCP/IP, Cookies) + Experience with vulnerability assessment tools and penetration testing techniques + Solid programming/debugging skills + Experience of using a variety of tools, included, but not limited to, IBM AppScan, Burp and SQL Map + Threat Analysis + Innovative Thinking + Technology Systems Assessment + Technical Documentation + Advisory Desired: + CISSP, CEH, OSCP, OSWE, GPEN, PenTest+ or similar + Strong programming/scripting skills This job will be open and accepting applications for a minimum of seven days from the date it was posted. **Shift:** 1st shift (United States of America) **Hours Per Week:** 40 Bank of America and its affiliates consider for employment and hire qualified candidates without regard to race, religious creed, religion, color, sex, sexual orientation, genetic information, gender, gender identity, gender expression, age, national origin, ancestry, citizenship, protected veteran or disability status or any factor prohibited by law, and as such affirms in policy and practice to support and promote the concept of equal employment opportunity, in accordance with all applicable federal, state, provincial and municipal laws. The company also prohibits discrimination on other bases such as medical condition, marital status or any other factor that is irrelevant to the performance of our teammates. View your **"Know your Rights (************************************************************************************** "** poster. **View the LA County Fair Chance Ordinance (************************************************************************************************** .** Bank of America aims to create a workplace free from the dangers and resulting consequences of illegal and illicit drug use and alcohol abuse. Our Drug-Free Workplace and Alcohol Policy ("Policy") establishes requirements to prevent the presence or use of illegal or illicit drugs or unauthorized alcohol on Bank of America premises and to provide a safe work environment. Bank of America is committed to an in-office culture with specific requirements for office-based attendance and which allows for an appropriate level of flexibility for our teammates and businesses based on role-specific considerations. Should you be offered a role with Bank of America, your hiring manager will provide you with information on the in-office expectations associated with your role. These expectations are subject to change at any time and at the sole discretion of the Company. To the extent you have a disability or sincerely held religious belief for which you believe you need a reasonable accommodation from this requirement, you must seek an accommodation through the Bank's required accommodation request process before your first day of work. This communication provides information about certain Bank of America benefits. Receipt of this document does not automatically entitle you to benefits offered by Bank of America. Every effort has been made to ensure the accuracy of this communication. However, if there are discrepancies between this communication and the official plan documents, the plan documents will always govern. Bank of America retains the discretion to interpret the terms or language used in any of its communications according to the provisions contained in the plan documents. Bank of America also reserves the right to amend or terminate any benefit plan in its sole discretion at any time for any reason.

Denver, Colorado;Seattle, Washington; Jacksonville, Florida; Addison, Texas; Jersey City, New Jersey; Boston, Massachusetts; Charlotte, North Carolina; Chicago, Illinois **To proceed with your application, you must be at least 18 years of age.** Acknowledge Refer a friend **To proceed with your application, you must be at least 18 years of age.** Acknowledge (*********************************************************************************************** **:** At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. Responsible Growth is how we run our company and how we deliver for our clients, teammates, communities and shareholders every day. One of the keys to driving Responsible Growth is being a great place to work for our teammates around the world. We're devoted to being a diverse and inclusive workplace for everyone. We hire individuals with a broad range of backgrounds and experiences and invest heavily in our teammates and their families by offering competitive benefits to support their physical, emotional, and financial well-being. Bank of America believes both in the importance of working together and offering flexibility to our employees. We use a multi-faceted approach for flexibility, depending on the various roles in our organization. Working at Bank of America will give you a great career with opportunities to learn, grow and make an impact, along with the power to make a difference. Join us! **Job Description:** Manual Ethical Hacking is part of the Application Development Security Framework Program within Bank of America's Cyber Security Assurance Offensive Security group. The program provides services to assess the security resilience of the bank's applications to malicious hacking activity. This senior technical role is responsible performing and leading ethical hacking assessments of the bank's technologies, applications, and cyber security controls while adapting testing methods to evolving and emerging threats. Key responsibilities include leading and performing research, understanding the bank's security policies, working with appropriate partners to complete assessments and simulations, identifying misconfigurations and vulnerabilities, and reporting on associated risk. These individuals partner closely with security partners, CIO clients and multiples lines of business. These individuals are expected to perform application security-oriented dynamic and static assessments across a multitude of technologies including web UI, web APIs, mobile and cloud, including associated source code. Key Responsibilities in order of importance: + Perform assigned analysis of internal and external threats on information systems and predict future threat behavior. + Incorporate threat actors' tactics, techniques, and procedures into offensive security testing to identify high-value vulnerabilities/chained attacks. + Developing Proof-of-concepts for exploitation. + Perform assessments of the security, effectiveness, and practicality of multiple technology systems. + Leverage innovative thinking to help solve problems or introduce new ideas to processes or products applicable to offensive security. + Prepare and present detailed technical information for various media including documents, reports, and notifications. + Provide clear and practical advice regarding managing risks. + Learn and develop advanced technical and leadership skills, mentor Junior and Intermediate assessors in technical tradecraft and soft skills. + Respond to security incidents and provide technical assistance to leadership across the Information Security organization. Required Skills: + Minimum of 5+ years of professional pentesting, application security or ethical hacking experience, preferably in a large, complex, enterprise environment + Detailed technical knowledge in at least 5 of the following areas: + security engineering + application architecture + authentication and security protocols + application session management + applied cryptography + common communication protocols + mobile frameworks + single sign-on technologies + exploit automation platforms + Web APIs + Cloud environments + LLM security + Able to manually identify and reproduce findings, discuss remediation concepts, develop PoCs for vulnerabilities, use scripting/coding techniques, proficiently execute common penetration testing tools, triage, and support incidents, and produce high value findings + Experience performing manual web application assessments i.e., must be able to simulate a OWASP Top 10 vulnerabilities without the use of tools + Experience performing manual code reviews for security relevant issues + Experience working with DAST and SAST tools to identify vulnerabilities + Knowledge of network and Web related protocols/technologies (e.g., UNIX/LINUX, TCP/IP, Cookies) + Experience with vulnerability assessment tools and penetration testing techniques. + Solid programming/debugging skills, development frameworks, CVE and CWE research/reproduction + Threat Analysis, threat modelling and SBOM analysis + Innovative thinking, threat actor simulation + Technology Systems Assessment + Technical Documentation + Advisory Desired: + CEH, OSCP/OSCE/OSWE/GXPN/GPEN/GWAPT/GMOB/All Practitioner Certs [Port Swigger BSP Academy]/Cloud Cert(s)/ eWPT; eWPTX; eMAPT [INE Pentester Academy] + Strong programming/scripting skills This job will be open and accepting applications for a minimum of seven days from the date it was posted. **Shift:** 1st shift (United States of America) **Hours Per Week:** 40 Bank of America and its affiliates consider for employment and hire qualified candidates without regard to race, religious creed, religion, color, sex, sexual orientation, genetic information, gender, gender identity, gender expression, age, national origin, ancestry, citizenship, protected veteran or disability status or any factor prohibited by law, and as such affirms in policy and practice to support and promote the concept of equal employment opportunity, in accordance with all applicable federal, state, provincial and municipal laws. The company also prohibits discrimination on other bases such as medical condition, marital status or any other factor that is irrelevant to the performance of our teammates. View your **"Know your Rights (************************************************************************************** "** poster. **View the LA County Fair Chance Ordinance (************************************************************************************************** .** Bank of America aims to create a workplace free from the dangers and resulting consequences of illegal and illicit drug use and alcohol abuse. Our Drug-Free Workplace and Alcohol Policy ("Policy") establishes requirements to prevent the presence or use of illegal or illicit drugs or unauthorized alcohol on Bank of America premises and to provide a safe work environment. Bank of America is committed to an in-office culture with specific requirements for office-based attendance and which allows for an appropriate level of flexibility for our teammates and businesses based on role-specific considerations. Should you be offered a role with Bank of America, your hiring manager will provide you with information on the in-office expectations associated with your role. These expectations are subject to change at any time and at the sole discretion of the Company. To the extent you have a disability or sincerely held religious belief for which you believe you need a reasonable accommodation from this requirement, you must seek an accommodation through the Bank's required accommodation request process before your first day of work. This communication provides information about certain Bank of America benefits. Receipt of this document does not automatically entitle you to benefits offered by Bank of America. Every effort has been made to ensure the accuracy of this communication. However, if there are discrepancies between this communication and the official plan documents, the plan documents will always govern. Bank of America retains the discretion to interpret the terms or language used in any of its communications according to the provisions contained in the plan documents. Bank of America also reserves the right to amend or terminate any benefit plan in its sole discretion at any time for any reason.