BMO
Software Application Security Testing Consultant
BMO, Indianapolis, Indiana, United States,
Software Application Security Testing Consultant
Please note this role could be based anywhere in the USA.Summary of Responsibilities:The Security Testing Consultant reports to the Sr. Manager of Penetration Testing and assists with the security testing activities for BMO based applications and technologies. The role will be responsible for the execution and coordination of ethical hacking to identify weaknesses and areas for improvement.Essential Functions:Team Leadership:
Assists with security testing activities aimed at exploiting vulnerabilities in order to enhance the security of BMO applications and technologies. Works with management and peers to foster the development of less experienced Security Testing Consultants.Subject Matter Expertise:
Provides technical leadership to business areas as a Security Testing subject matter expert. Assists with efforts on the execution of security testing operations to include pre-engagement (scoping), engagement (testing), and post-engagement activities (reporting).Secure Testing:
Assists in delivery of security testing projects according to a structured process, including writing test reports. This may include oversight and/or execution of the configuration and deployment of security testing software and application of results to security analysis.Information Security Risk Management:
Works with leadership to mature security testing team capabilities including reporting and remediation guidance in alignment with local and global regulatory requirements. Identifies security gaps and deficiencies by conducting risk assessments; able to recommend corrective action of identified vulnerabilities and weaknesses.Secure Application Development:
Assists with the execution of highly technical/analytical security assessments of custom web applications, mid-tier application services, backend mainframe applications, and databases, including manual, custom, and industry known attack methods using a risk-based intelligence-led methodology. Identifies potential misuse scenarios. Advises on secure development practices.REQUIREMENTS:MUST have a passion for the information security industry, including keeping abreast with current software technologies, platforms, frameworks, security issues, and emerging attacks.MUST have familiarity with testing manual web applications, APIs, and web services.MUST have familiarity with BurpSuite Professional.MUST have familiarity with black-box, grey-box, and white-box security assessments.MUST have familiarity with manual application security testing, penetration testing methodologies, the OWASP Top 10, and the OWASP Testing Guide.QUALIFICATIONS:Bachelor’s degree in Information Security, Information Technology, Information Systems Management, or Computer Science.3-5 years of experience in the areas of Application Security Testing (web and mobile applications).Strong written and verbal skills with the ability to present complex technical observations to a non-technical audience.Good time management skills; the ability to commit and adhere to time-sensitive deliverables.Ability to work remotely, with or without others, take direction, and be a self-starter that takes initiative.Ability to have or achieve within one (1) year of employment, an industry recognized security certification (i.e. Offensive Security Certified Professional (OSCP), Offensive Security Web Expert (OSWE), etc.).Relevant professional certifications such as: OSCP, OSWE, GWAPT, GMOB, GPEN, GXPN, GAWN, etc.Large complex multi-national Financial Services industry related experience.Prior consulting experience is a plus.Salary:$87,000.00 - $161,400.00Pay Type:
SalariedThe above represents BMO Financial Group’s pay range and type. Salaries will vary based on factors such as location, skills, experience, education, and qualifications for the role, and may include a commission structure. Salaries for part-time roles will be pro-rated based on number of hours regularly worked. For commission roles, the salary listed above represents BMO Financial Group’s expected target for the first year in this position.Application Deadline:
09/29/2024BMO Financial Group’s total compensation package will vary based on the pay type of the position and may include performance-based incentives, discretionary bonuses, as well as other perks and rewards. BMO also offers health insurance, tuition reimbursement, accident and life insurance, and retirement savings plans. To view more details of our benefits, please visit:
BMO Total Rewards .BMO is committed to an inclusive, equitable, and accessible workplace. By learning from each other’s differences, we gain strength through our people and our perspectives. BMO is an equal opportunity/affirmative action employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected Veteran status, age, or any other characteristic protected by law. Accommodations are available on request for candidates taking part in all aspects of the selection process. To request accommodation, please contact your recruiter.
#J-18808-Ljbffr
Please note this role could be based anywhere in the USA.Summary of Responsibilities:The Security Testing Consultant reports to the Sr. Manager of Penetration Testing and assists with the security testing activities for BMO based applications and technologies. The role will be responsible for the execution and coordination of ethical hacking to identify weaknesses and areas for improvement.Essential Functions:Team Leadership:
Assists with security testing activities aimed at exploiting vulnerabilities in order to enhance the security of BMO applications and technologies. Works with management and peers to foster the development of less experienced Security Testing Consultants.Subject Matter Expertise:
Provides technical leadership to business areas as a Security Testing subject matter expert. Assists with efforts on the execution of security testing operations to include pre-engagement (scoping), engagement (testing), and post-engagement activities (reporting).Secure Testing:
Assists in delivery of security testing projects according to a structured process, including writing test reports. This may include oversight and/or execution of the configuration and deployment of security testing software and application of results to security analysis.Information Security Risk Management:
Works with leadership to mature security testing team capabilities including reporting and remediation guidance in alignment with local and global regulatory requirements. Identifies security gaps and deficiencies by conducting risk assessments; able to recommend corrective action of identified vulnerabilities and weaknesses.Secure Application Development:
Assists with the execution of highly technical/analytical security assessments of custom web applications, mid-tier application services, backend mainframe applications, and databases, including manual, custom, and industry known attack methods using a risk-based intelligence-led methodology. Identifies potential misuse scenarios. Advises on secure development practices.REQUIREMENTS:MUST have a passion for the information security industry, including keeping abreast with current software technologies, platforms, frameworks, security issues, and emerging attacks.MUST have familiarity with testing manual web applications, APIs, and web services.MUST have familiarity with BurpSuite Professional.MUST have familiarity with black-box, grey-box, and white-box security assessments.MUST have familiarity with manual application security testing, penetration testing methodologies, the OWASP Top 10, and the OWASP Testing Guide.QUALIFICATIONS:Bachelor’s degree in Information Security, Information Technology, Information Systems Management, or Computer Science.3-5 years of experience in the areas of Application Security Testing (web and mobile applications).Strong written and verbal skills with the ability to present complex technical observations to a non-technical audience.Good time management skills; the ability to commit and adhere to time-sensitive deliverables.Ability to work remotely, with or without others, take direction, and be a self-starter that takes initiative.Ability to have or achieve within one (1) year of employment, an industry recognized security certification (i.e. Offensive Security Certified Professional (OSCP), Offensive Security Web Expert (OSWE), etc.).Relevant professional certifications such as: OSCP, OSWE, GWAPT, GMOB, GPEN, GXPN, GAWN, etc.Large complex multi-national Financial Services industry related experience.Prior consulting experience is a plus.Salary:$87,000.00 - $161,400.00Pay Type:
SalariedThe above represents BMO Financial Group’s pay range and type. Salaries will vary based on factors such as location, skills, experience, education, and qualifications for the role, and may include a commission structure. Salaries for part-time roles will be pro-rated based on number of hours regularly worked. For commission roles, the salary listed above represents BMO Financial Group’s expected target for the first year in this position.Application Deadline:
09/29/2024BMO Financial Group’s total compensation package will vary based on the pay type of the position and may include performance-based incentives, discretionary bonuses, as well as other perks and rewards. BMO also offers health insurance, tuition reimbursement, accident and life insurance, and retirement savings plans. To view more details of our benefits, please visit:
BMO Total Rewards .BMO is committed to an inclusive, equitable, and accessible workplace. By learning from each other’s differences, we gain strength through our people and our perspectives. BMO is an equal opportunity/affirmative action employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected Veteran status, age, or any other characteristic protected by law. Accommodations are available on request for candidates taking part in all aspects of the selection process. To request accommodation, please contact your recruiter.
#J-18808-Ljbffr