Software Application Security Testing Consultant

Application Deadline:

Address:

Job Family Group:

Please note this role could be based anywhere in USA

Summary of Responsibilities:

The Security Testing Consultant reports to the Sr. Manager of Penetration Testing and assists with the security testing activities for BMO based applications and technologies. The role will be responsible for the execution and coordination of ethical hacking to identify weaknesses and areas for improvement. Lead scoping calls

Essential Functions    

• Team Leadership – Assists with security testing activities aimed at exploiting vulnerabilities in order to enhance the security of BMO applications and technologies. Works with management and peers to foster the development of less experienced Security Testing Consultants.
• Subject Matter Expertise - Provides technical leadership to business areas as a Security Testing subject matter expert. Assists with efforts on the execution of security testing operations to include pre-engagement (scoping), engagement (testing) and post-engagement activities (reporting).
• Secure Testing - Assists in delivery of security testing projects according to a structured process, to include writing test reports. This may include oversight and/or execution of the configuration and deployment of security testing software and application of results to security analysis.

• Information Security Risk Management - Works with leadership to mature security testing team capabilities including reporting and remediation guidance in alignment with local and global regulatory requirements. Identifies security gaps and deficiencies by conducting risk assessments; able to recommend corrective action of identified vulnerabilities and weaknesses. Assists with the execution of planning, testing, tracking, and advises on necessary risk acceptance for identified security risks. 

• Secure Application Development - Assists with the execution of highly technical/analytical security assessments of custom web applications, mid-tier application services, backend mainframe applications and databases, including manual, custom and industry known attack methods using a risk-based intelligence-led methodology. Identifies potential misuse scenarios. Advises on secure development practices.

REQUIREMENTS:

• MUST have a passion for the information security industry, including keeping abreast with current software technologies, platforms, frameworks, security issues and emerging attacks.
• MUST have familiarity with testing manual web applications, APIs, and web services.
• MUST have familiarity with BurpSuite Professional
• MUST have familiarity with black-box, grey-box, and white-box security assessments.
• MUST have familiarity with manual application security testing, penetration testing methodologies, the OWASP Top 10, and the OWASP Testing Guide.

QUALIFICATIONS:

• Bachelor’s degree in Information Security, Information Technology, Information Systems Management, Computer Science.
• 3-5 years of experience in the areas of Application Security Testing (web and mobile applications).
• Strong written and verbal skills with the ability to present complex technical observations to a non-technical audience.
• Good time management skills; the ability to commit and adhere to time-sensitive deliverables.
• Ability to work remotely, with or without others, take direction, and be a self-starter that takes initiative.
• Ability to have or achieve within one (1) year of employment, an industry recognized security certification (i.e. Offensive Security Certified Professional (OSCP), Offensive Security Web Expert (OSWE), etc.

• Proficiencies with scripting languages such as Python, Javascript, Powershell, Bash, Ruby, Go, etc.
• Relevant professional certifications such as: OSCP, OSWE, GWAPT, GMOB, GPEN, GXPN, GAWN, etc.
• Large complex multi-national Financial Services industry related experience.
• Prior consulting experience is a plus

Salary:

Pay Type:

The above represents BMO Financial Group’s pay range and type.

Salaries will vary based on factors such as location, skills, experience, education, and qualifications for the role, and may include a commission structure. Salaries for part-time roles will be pro-rated based on number of hours regularly worked. For commission roles, the salary listed above represents BMO Financial Group’s expected target for the first year in this position.

BMO Financial Group’s total compensation package will vary based on the pay type of the position and may include performance-based incentives, discretionary bonuses, as well as other perks and rewards. BMO also offers health insurance, tuition reimbursement, accident and life insurance, and retirement savings plans. To view more details of our benefits, please visit: https://jobs.bmo.com/global/en/Total-Rewards

We’re here to help

At BMO we are driven by a shared Purpose: Boldly Grow the Good in business and life. It calls on us to create lasting, positive change for our customers, our communities and our people. By working together, innovating and pushing boundaries, we transform lives and businesses, and power economic growth around the world.

As a member of the BMO team you are valued, respected and heard, and you have more ways to grow and make an impact.  We strive to help you make an impact from day one – for yourself and our customers.  We’ll support you with the tools and resources you need to reach new milestones, as you help our customers reach theirs. From in-depth training and coaching, to manager support and network-building opportunities, we’ll help you gain valuable experience, and broaden your skillset.

To find out more visit us at http://jobs.bmo.com/us/en

BMO is committed to an inclusive, equitable and accessible workplace. By learning from each other’s differences, we gain strength through our people and our perspectives. BMO is an equal opportunity/affirmative action employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected Veteran status, age, or any other characteristic protected by law. Accommodations are available on request for candidates taking part in all aspects of the selection process. To request accommodation, please contact your recruiter.

Note to Recruiters: BMO does not accept unsolicited resumes from any source other than directly from a candidate. Any unsolicited resumes sent to BMO, directly or indirectly, will be considered BMO property. BMO will not pay a fee for any placement resulting from the receipt of an unsolicited resume. A recruiting agency must first have a valid, written and fully executed agency agreement contract for service to submit resumes.