BNY Mellon Careers
Specialist Information Security Analyst - Penetration Tester
Specialist Information Security Analyst->> Maintains the effectiveness of enterprise-wide information security strategy including related programs, processes and initiatives. May allocate/coordinate work within a team/project.
Assists in the development, implementation and enforcement of corporate-wide security policies, procedures and standards. Assists in consulting with the business and operational infrastructure personnel regarding new and existing technologies and appropriate security architectures, practices and procedures.
Reviews and analyzes more complex data and information to provide insights, conclusions and actionable recommendations produces advanced reports, analyses, findings, etc.
Works closely with IT infrastructure and software engineering applications development to ensure integrity of security procedures, systems, and policies. Works with developers to ensure proper completion of all risk assessments within policy and procedures. Contributes to the achievement of related teams' objectives. .
Penetration Testers (Ethical Hackers)
Working out of Information Security Team, the candidate(s) will:
Assess the effectiveness of application team fixes to security vulnerabilities through remediation validation testing.
Perform internal web application security assessments by means of ethically hacking websites.
Assist in the development of in-house testing tools and processes.
Provide support for testing infrastructure.
1-2 years of IT security experience such as penetration testing, vulnerability scanning, security audits, configuring and managing security systems, or related expertise desired.
Working knowledge with commercial and open source tools such as Qualys, Nmap, Burp Suite, Kali Linux, and Nessus.
Experience writing scripts in PowerShell, Ruby, Python, BASH, etc.
Working knowledge of network devices such as firewalls, routers, and switches.
Demonstrated report writing capabilities and strong communication skills.
Ability to take ownership when working independently and still cooperate and coordinate on team-scale projects
Knowledge of web application vulnerabilities such as XSS, SQLi, LFI/RFI, etc.
Education and preferred certifications
The following certifications are not mandatory but considered an asset: GIAC (GPEN, GSEC, GXPN), CEH, RHCT, RHCE, OSCP, CISSP
Bachelor's degree in computer science or a related discipline, or equivalent work experience required, 6-8 years of experience in information security or related technology experience required, experience in the securities or financial services industry is a plus
For over 230 years, the people of BNY Mellon have been at the forefront of finance, expanding the financial markets while supporting investors throughout the investment lifecycle. BNY Mellon can act as a single point of contact for clients looking to create, trade, hold, manage, service, distribute or restructure investments & safeguards nearly one-fifth of the world's financial assets. BNY Mellon remains one of the safest, most trusted and admired companies. Every day our employees make their mark by helping clients better manage and service their financial assets around the world. Whether providing financial services for institutions, corporations or individual investors, clients count on the people of BNY Mellon across time zones and in 35 countries and more than 100 markets. It's the collective ambition, innovative thinking and exceptionally focused client service paired with a commitment to doing what is right that continues to set us apart. Make your mark: bnymellon.com/careers.
Client Technology Solutions provides our business partners with client-focused, technology-based solutions. These enhance their ability to be successful through world-class software solutions and leading-edge infrastructure. Client Technology Solutions provides employees with the tools and resources to enhance their professional qualifications and careers.
BNY Mellon is an Equal Employment Opportunity/Affirmative Action Employer.
Minorities/Females/Individuals With Disabilities/Protected Veterans.
Primary Location: United States-Virginia-Ashburn
Internal Jobcode: 45126
Job: Information Technology
Organization: Information Security-HR11724
Requisition Number: 1902942