Jan 11, 2019

Java / .Net Secure Code Assessor

  • Bank Of America
  • Washington, DC, USA
Full-Time Engineering

Job Description

Job Description:

Source Code Assessment (or Static Application Security Testing), is the process of scanning source / compiled code for security vulnerabilities, and manually triaging the results to determine if they present true risk to the Bank. Qualified candidates will conduct source code assessments on critical Web and mobile applications at the Bank. They will collaborate on a larger Information Security Assessment team, which includes penetration testers and ethical hackers.

Core responsibilities include:
  • Validating machine findings from static analyzers
  • Reporting validated findings to dev teams
  • Advising dev teams on secure coding practices for addressing findings
  • Collaborating with security engineers to tune static analyzers

Required Skills
  • Four year degree in computer science or related field and / or five years' experience in software development in an enterprise-grade IT environment
  • Extensive enterprise development experience in Java and/or .NET languages
  • Provable understanding of enterprise architectures and best practices for high-volume, high-availability web / mobile apps
  • Excellent written and oral communication skills

Preferred Skills
  • Experience with Android / iOS mobile platforms
  • Experience performing code reviews / reviewing results of static analysis tools
  • Knowledge of Common Weakness Enumeration (CWE) and Common Vulnerabilities and Exposures (CVE) and remediation recommendations
  • Familiarity of vulnerabilities and attack methods, inlcuding Remote Code Execution (RCE), Cross-Site Scripting (XSS), SQL Injection (SQLi), etc. and how to identify, trace and remediate them
  • Understanding of OWASP Top 10

Core languages under analysis include Java and .NET (web) and Android and iOS (mobile).



Security Clearance

NO Security Clearance

Job Tracking URL


Apply Now