Senior Adaptive Threat Replication Engineer - Web/Mobile




Multiple Locations


Position summary

Job Description:

The Cyber Security Assurance Division is looking for a Senior Ethical Hacker, specializing in application and mobile security assessments. The individual will join a team of world-class offensive security professionals diligently hunting for vulnerabilities across the bank’s global technology environment. 

This is a senior technical role that requires a deep understanding of web application technology and a solid understanding of threats and threat TTPs. 
In addition to performing application assessments, as a senior member of the team you will coordinate with senior leadership on development projects, share your knowledge and experience by mentoring junior engineers, and assist the monitoring and response functions. 

Required Skills:
•    Must be able to critically examine an organization and application through the perspective of a threat actor and articulate risk in clear, precise terms to technical and non-technical audience.
•    Must be proficient with the common tools associated with red teaming, penetration testing, and vulnerability assessments (Metasploit, Burp Suite, Cobalt Strike, Kali, etc.).
•    Must be very proficient with web application vulnerability scanning tools (https://e.g. Invicti DAST Scanner, SoapUI, Burp Suite Pro, Checkmarx etc.).
•    Experience conducting manual and automated vulnerability assessments, code reviews and penetration tests against web/mobile application technologies, services, platforms and languages to identify flaws and exploits (https://e.g., SQL Injection, Cross-Site Scripting, Cross-Site Request Forgery, Clickjacking, Authentication/Authorization, Privilege Escalation, Business Logic Bypass, OWASP Top 10, SANS Top 25 etc.).
•    Experience pentesting mobile platforms such as iOS and Android, mobile device simulators.
•    Solid programming/debugging skills with proficiency in one or more of the following: Java, JavaScript, HTML, XML, PHP, https://ASP.NET, AJAX, JSON, Objective-C, and SOAP/REST web APIs.

Desirable Skills: 
•         Certifications: OSCP, GPEN, GXPN, OSCE, GWAPT, GMOB
•         Previous experience working in the financial industry,
•         Typically has 5-10 years of experience in technology and offensive security assessments

Are you passionate about cyber security and looking to work with some of the best information security professionals in the world and in challenging environments? Bank of America is hiring top talent to join our team. You bring your talent and passion and we’ll provide you with an opportunity to shine and grow.

Enterprise Role Overview - Leads the analysis, implementation, execution and improvement of proactive security controls to prevent external threat actors from infiltrating company information or systems. Conducts research and provides leadership updates regarding advanced attempts/efforts to compromise security protocols. Maintains or reviews security systems and assesses security policies that control access to systems. Provides status updates and recommendations to the leadership team regarding the impact of theft, destruction, alteration or denial of access to information. Follows standard practices and procedures in analyzing situations or data. Typically has 5-10 years of relevant experience and will act as an individual contributor.


1st shift (United States of America)

Hours Per Week: 


Why you should apply for a job to Merrill:

  • 4.7/5 in supportive management

  • 80% say women are treated fairly and equally to men

  • 80% would recommend this company to other women

  • 60% say the CEO supports gender diversity

  • Ratings are based on anonymous reviews by Fairygodboss members.
  • After working one year, employees can take up to 16 weeks of paid maternity, paternity, and adoption leave.

  • Life Event Services team provides resources and benefits for life events like retirement; loss of a loved one; or gender transition.

  • Employee Financial Services offers U.S. employees financial education and special access to financial products, services and expertise.