Senior Red Team Developer - Adaptive Threat Simulation

Job Description:

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. We do this by driving Responsible Growth and delivering for our clients, teammates, communities and shareholders every day.

Being a Great Place to Work is core to how we drive Responsible Growth. This includes our commitment to being a diverse and inclusive workplace, attracting and developing exceptional talent, supporting our teammates’ physical, emotional, and financial wellness, recognizing and rewarding performance, and how we make an impact in the communities we serve.

At Bank of America, you can build a successful career with opportunities to learn, grow, and make an impact. Join us!

Job Description:

Bank of America is actively seeking a Senior Red Team Operator with a strong focus on malware/tool development and adversary emulation to join our Cyber Threat Hunt, Intelligence and Defense organization. This role is centered around building and deploying advanced offensive security capabilities through R&D, custom tooling, and red team operations. The ideal candidate will have a deep understanding of modern endpoint detection and response (EDR) technologies, experience with low-level programming languages, and a passion for offensive security.

Required Skills

• 7+ years of IT experience with at least 5 years of experience in offensive security. 
• Experience with designing and developing custom implants, loaders, and post-exploitation tools for red team engagements.
• Comprehensive knowledge of command-and-control frameworks like Cobalt Strike, Mythic, Havoc, and Sliver.
• Experience with researching and implementing EDR evasion techniques, including userland and kernel-level bypasses, in-memory execution, and telemetry disruption.
• Must demonstrate knowledge of tactics, techniques, and procedures associated with malicious insider activity, organized crime/fraud groups and both state and non-state sponsored threat actors.
• Must be able to critically examine an organization and system through the perspective of a threat actor and articulate risk in clear, precise terms.
• Must be able to both work independently as well as effectively work in teams with individuals with a variety of skills and backgrounds
• Able to collaborate with other teams and communicate security concepts effectively.
• Must have a strong background using low-level languages (C/C++).
• Must have experience with PE file format and low-level Windows internals.
• Must have experience with reverse engineering and Windows debugging (IDA, Ghidra and WinDBG).

Skills:

• Advisory
• Innovative Thinking
• Technical Documentation
• Technology System Assessment
• Threat Analysis
• Adaptability
• Collaboration
• Executive Presence
• Scenario Planning and Analysis
• Test Engineering

This job will be open and accepting applications for a minimum of seven days from the date it was posted.

Shift:

1st shift (United States of America)

Hours Per Week: 

40

Pay Transparency details

US - CO - Denver - 1144 15th St - Denver Gis (CO9926), US - DC - Washington - 1800 K St NW - 1800 K Street NW (DC1842), US - IL - Chicago - 540 W Madison St - Bank Of America Plaza (IL4540), US - NJ - Jersey City - 101 Hudson St - 101 Hudson (NJ2101)

Pay and benefits information

Pay range

$160,000.00 - $200,000.00 annualized salary, offers to be determined based on experience, education and skill set.

Discretionary incentive eligible

This role is eligible to participate in the annual discretionary plan. Employees are eligible for an annual discretionary award based on their overall individual performance results and behaviors, the performance and contributions of their line of business and/or group; and the overall success of the Company.

Benefits

This role is currently benefits eligible. We provide industry-leading benefits, access to paid time off, resources and support to our employees so they can make a genuine impact and contribute to the sustainable growth of our business and the communities we serve.