Ethical Hacking Analyst

  • Competitive
  • Camberly, England, United Kingdom Camberly England GB
  • Permanent, Full time
  • Bank of America Merrill Lynch
  • 17 Mar 18 2018-03-17

Ethical Hacking Analyst

Job Description:
Corporate Title: Assistant Vice President (AVP)
Primary Location: Chester
Secondary Location: Camberley
Line of Business: Global Information Security (GIS)

An exciting opportunity as an Ethical Hacking Analyst is available for a talented individual to work in a dynamic growing security environment in our Chester/Camberley office.

The Cyber Security Defence (CSD) team's aim is to protect the bank and have an end to end view and influence over all security controls at the Bank. Ethical Hacking is part of the Application Development Security Framework Program, under the Cyber Security Assessments Team within Cyber Security Defence. The program provides services to assess the vulnerability of the bank's applications to malicious hacking activity.

You will have a solid technical background with experience conducting vulnerability assessments, code reviews and penetration tests against web/mobile application technologies, services, platforms and languages to find flaws and exploits (e.g. SQL Injection, Cross-Site Scripting, Cross-Site Request Forgery, Clickjacking, Authentication/Authorization, Privilege Escalation, Business Logic Bypass, OWASP Top 10, SANS Top 25 etc.). The successful candidate should have a passion for information security.

As an Ethical Hacking Analyst your main responsibilities will involve:

  • You will have the desire to join a dynamic team of world class security experts to conduct application security/penetration tests of our internal/external web, mobile and web service applications, leveraging both manual techniques as well as automated tools in order to uncover and report security vulnerabilities that exist
  • You will be knowledgeable with business risks associated to common security vulnerabilities and able to effectively communicate security vulnerabilities to application developers and/or senior managers who may have little to no experience with application security vulnerabilities
  • Ability to work independently in a very large scale, enterprise setting
  • Previous experience as an application security professional with a large Financial Institution a plus but not mandatory

As an Ethical Hacking Analyst your skills and qualifications should include:

Mandatory Qualifications and Skills:
  • BS/MS in Computer Science (or relevant work experience in a large scale IT environment)
  • Ability to demonstrate manual web application testing experience
  • Experience with Burpsuite Pro would be a significant advantage but experience with other web application vulnerability scanning tools (e.g. IBM AppScan, HP Webinspect, Accuntix, NTO Spider etc.) would be desirable
  • Experience with vulnerability assessment tools and penetration testing techniques (e.g. web application proxies, packet capture analysis software, browser extensions, advanced penetration testing Linux distributions, static source code analyzers, SoapUI etc.)

Experience and technical knowledge in at least 3 of the following areas:
  • General information security
  • Application architecture
  • Authentication and security protocols
  • Application session management
  • Applied cryptography
  • Common communication protocols
  • Mobile frameworks
  • Single sign-on technologies
  • Exploit automation platforms
  • RESTful web services

Desired Skills:
  • Knowledge of network and Web related protocols/technologies
  • Experience of penetration testing on mobile platforms such as iOS, Android, Windows and RIM
  • Demonstrated ability to learn and apply critical thinking to a variety of situations

Technical Skills:
  • One or more of the following certifications: CISSO, GWAPT, CEH, OSCP or equivalent qualified work experience
  • Solid scripting skills (e.g. Python, Perl, Shell script. JavaScript)
  • Knowledge of a Structured Query Language
  • Solid programming/debugging skills with proficiency in one or more of the following: Java, JavaScript, HTML, XML, PHP, ASP.NET, AJAX, JSON, Objective-C

About Bank of America Merrill Lynch

Bank of America is one of the world's leading financial institutions, serving individual consumers, small- and middle-market businesses, large corporations and governments with a full range of financial and risk management products and services. Bank of America Merrill Lynch is the marketing name for the global banking and markets businesses.
The company has had a presence in EMEA since 1922. With offices in 23 countries on three continents, it offers an integrated and comprehensive set of products and services across Global Corporate and Investment Banking, Global Markets and Consumer Card, serving the needs of individual, corporate, institutional and government clients, combining the best of local knowledge and global expertise. Developing solutions for social and environmental challenges is at the core of Bank of America Merrill Lynch's responsibility platform. In more than 90 countries around the world, we partner with employees, clients and stakeholders to help make financial lives better.


If you're interested in this opportunity please send your details to us by applying online.

Good conduct and sound judgment is crucial to our long term success. It's important that all employees in the organisation understand the expected standards of conduct and how we manage conduct risk. Individual accountability and an ownership mindset are the cornerstones of our Code of Conduct and are at the heart of managing risk well.

We are an equal opportunities employer, and ensure that no applicant is subject to less favourable treatment on the grounds of gender, gender identity, marital status, race, colour, nationality, ethnic or national origins, age, sexual orientation, socio-economic background, responsibilities for dependants, physical or mental disability. The Bank selects candidates for interview based on their skills, qualifications and experience.

As part of our standard hiring process to manage risk, please note background screening checks will be conducted on all hires before commencing employment.