Penetration Testing Consultant

🕒 June 6

🤠 Texas – Remote

🤠 Texas – Remote

💵 $88.8k - $165.6k / year

⏰ Full Time

🟡 Mid-level

🟠 Senior

👮‍♂️ Cybersecurity / Security Engineer

Apply Now

Find Similar Remote Jobs

Receive Emails For Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Upload Resume

BMO U.S.

WebsiteLinkedInAll Job Openings

5001 - 10000 employees

🏦 Banking

💸 Finance

💳 Fintech

Banking • Finance • Fintech

BMO U. S. is a diversified financial services company operating in the United States. It offers a broad range of financial products and services including personal and business banking, mortgage services, investments, financial planning, insurance, and wealth management. Additionally, it provides commercial loans, commercial mortgages, and other financial solutions tailored for small businesses and large enterprises. The company places a strong emphasis on customer service and offers digital and cross-border banking solutions to meet the needs of diverse clients. BMO U. S. is also involved in asset management and capital markets operations, making it a full-service financial institution.

📋 Description

• Provides information security consulting services for BMO overall and businesses/groups. • Liaises with stakeholders to understand problems and opportunities and enables BMO to meet its goals by understanding business vision, objectives and KPIs • Facilitates discussions and follows a disciplined approach to plan, elicit, analyse, document, communicate and manage initiatives and issues with stakeholders by applying a variety of elicitation techniques to probe, challenge and understand associated risks. • Develops and champions information security best practices, including staying abreast of industry information security and business trends through benchmarking and/or participation in professional associations. • Tracks metrics and milestones, providing recommendations for resolution and escalating as appropriate when issues arise. • Creates professional presentations and deliver them in a meaningful concise way.

🎯 Requirements

• Min of 3+ years experience with Manual Penetration Testing experience in Web or API • Strong exposure for testing Web applications in the following areas: A solid grasp of HTTP/S protocols, headers, cookies, sessions, and CORS behavior within your web testing experience • Experience testing authentication and authorization mechanisms (OAuth, JWT, session flaws, IDOR/BOLA) • Strong proficiency with Burp Suite Professional, OWASP ZAP, IBM’s APP SCAN (proxying, repeater, intruder, extensions) • Deep practical knowledge of OWASP Top 10 (Web + API) and common vulnerabilities • Ability to identify and exploit business logic vulnerabilities and multi-step attack paths • Preference for candidates who have at least one certification in a related field, with strong preference for Information security certifications from a well-recognized institution (e.g. OSCP, GMOB, GWAPT, OSWE) • Secure coding and architecture understanding • Proficiency in at least one scripting language • Proficiency in documenting reproducible steps for technical accurate findings

🏖️ Benefits

• Health insurance • Tuition reimbursement • Accident and life insurance • Retirement savings plans