Vice President, Manual Ethical Hacking Analyst
- Permanent, Full time
- Bank Of America / Merrill Lynch
- 26 Jun 17
Vice President, Manual Ethical Hacking Analyst
About Bank of America Merrill Lynch:
Our purpose as a firm is to make financial lives better, through the power of every connection. Across the world, we partner with leading corporate and institutional investors through our offices in more than 40 countries. In the U.S alone, we serve almost all Fortune 500 companies and approximately 59 million consumers and small-business customers. We provide a full suite of financial products and services, from banking and investments to asset and risk management. We cover a broad range of asset classes, making us a global leader in corporate and investment banking, sales and trading.
Connecting Asia Pacific to the World
Our Asia Pacific team is spread across 23 offices in 12 markets. We are focused on connecting Asia to the world and the world to Asia, using our global expertise to ensure success is shared between us, our clients and our communities. Our regional footprint covers 12 currencies, more than a dozen languages and five time zones, placing us firmly among the region's leading financial services companies.
Bank of America Merrill Lynch is committed to attracting, recruiting and retaining top diverse talent from across the globe. Our diversity and inclusion mission is to actively promote an inclusive work environment where all employees have the opportunity to achieve personal success and contribute to the growth of our business. Each of our global Employee Networks bring together employees, create dialogue and awareness in support of our Diversity and Inclusion.
Candidate will have the desire to join a dynamic team of world class security experts to conduct application security assessments/penetration tests of our internal/external web, mobile, & web service applications leveraging both manual techniques as well as automated tools, in order to uncover and report security vulnerabilities that exist. Candidate must be knowledgeable with business risks associated to common security vulnerabilities and be able to effectively communicate security vulnerabilities to application developers and/or senior managers who may have little to no experience with application security vulnerabilities. Ability to work independently in a very large-scale, enterprise setting. Previous experience as an application security professional within a large Financial Institution a plus.
- BS/MS in Computer Science (or relevant work experience in large scale IT environment)
- At least 3 years of experience conducting vulnerability assessments, code reviews and penetration tests against web/mobile application technologies, services, platforms and languages to find flaws and exploits (e.g., SQL Injection, Cross-Site Scripting, Cross-Site Request Forgery, Clickjacking, Authentication/Authorization, Privilege Escalation, and Business Logic Bypass, OWASP Top 10, SANS top 25, etc.)
- Ability to demonstrate manual web application testing experience; i.e. candidate must be able to simulate a SQL inject/Cross-site script attack without the use of tools.
- Expert level experience with web application vulnerability scanning tools (e.g. IBM AppScan, HP Webinspect, Accunetix, NTO Spider, Burpsuite Pro, etc.)
- Knowledge of network and Web related protocols/technologies (e.g., UNIX/LINUX, TCP/IP, HTTP/HTTPS, REST, Cookies)
- Experience with vulnerability assessment tools and penetration testing techniques. (e.g., web application proxies, packet capture analysis software, browser extensions, advanced penetration testing Linux distributions (i.e. BackTrack/Kali), static source code analyzers, SoapUI, etc.)
- Experience penetration testing on mobile platforms such as iOS, Android, Windows & RIM
- Expert-level experience and very detailed technical knowledge in at least three of the following areas: general information security; security engineering; application architecture; authentication and security protocols; application session management; applied cryptography; common communication protocols; mobile frameworks; single sign-on technologies; exploit automation platforms; RESTful web services.
- Demonstrated ability to learn and apply critical thinking to a variety of situations.
One or more of following certifications: CISSP, GWAPT, C|EH, OSCP or qualified work experience
Experience as a developer a plus
Mobile programming abilities, such as Xcode, Objective-C a plus
Knowledge of Structured Query Language a plus.
Effective written and oral communication skills
Ability to multi-task and handle multiple projects
Ability to work in a fast paced, challenging environment.
Bank of America Merrill Lynch is an equal opportunities employer.
Posting Date: 08/06/2017
Full / Part-time: Full time
Hours Per Week: 40