Back to search results

Manual Ethical Hacker

Charlotte, North Carolina;

Job Description:

Position Summary

The Consumer, Small Business & Wealth Management Technology organization provides technology support and solutions to our clients across the Consumer, Small Business, Merrill Lynch and U.S. Trust business segments.  The Chief Operating Office Risk team is looking for top talent no to help bring them into the future.  The team is enabling a self-service capability platform which will transform the way their associates will focus their responsibilities.  Identified candidates will be able to act as subject matter experts in key technology areas and recommend strategies that will help continue to reduce risk across the portfolio. 

The Technology Analyst candidate performs proactive ethical hacking assessments to identify application vulnerabilities and works closely with the application teams to remediate those findings. The candidate will create best practice documents for socialization with Application and development teams. Using state of the art tools, the candidate will perform both Automated and Manual Ethical Hacking and manage vulnerability findings resulting from their assessments. They will be able to proactively analyze vulnerability trends by identifying gaps or relevant industry trends.  Solve problems analytically by applying a mixture of risk and technology expertise to perform impact assessments and identify root causes.  They will also provide quality assurance in real-time at the task level to provide feedback and training as needed.

Required Skills

 Prior experience in application development (including Mobile) and SDLC processes is preferred
 Demonstrated and proven experience in one or more programming languages (like Java. .NET, Python etc.)
 Professional ethical hacking experience using one or more of the following tools:
        Burp Suite Pro Attack (Manual ethical hacking)
        AppScan Enterprise tool (Automated ethical hacking)
         SoapUI (Web Services)
        Fortify or Checkmarx (Self-Service Source Code scanning tools)
 Prior experience in application security standards & best practices, assessment methodologies, secure coding practices are a big plus
 Ability to conduct web application ethical hacking in accordance with a defined process using attack proxies and scripting tools
 Solid understanding of network protocols
 Experience communicating application security issues to wide range of audiences (including both technical and non-technical)
 Demonstrated increasing levels of accountability and ownership
 Demonstrated ability to operate as a change agent and driving change across diverse stakeholders groups
 Strong collaboration and partnering skills with ability to positively influence and motivate teams
 Comfortable with ambiguous situations capable of analyzing, simplifying and collaborating to solve complex problems
 Strategic thinkers, self-starter, organized, versatile, and capable of performing work with minimal management oversight
 Ability to connect dots and not work in a silo, understanding the impacts of the work that is done and how it can tie into other areas within the team and across GT&O

Desired Skills

- 5+ years of relevant work experience with some applied within financial services, risk or technology 

- 4 year college graduate 

- Ethical hacking certification.

NOTE - Relocation support may be available for this position


1st shift (United States of America)

Hours Per Week: 


Learn more about this role

Full time


Manages People: No

Travel: Yes, 5% of the time


Talent Acquisition Contact:

Referral Bonus: