Penetration Testing Consultant
Employment Information
Report this job
Job expired or something wrong with this job?
Job Description
Penetration Testing Consultant at BMO focusing on manual testing for applications. Engaging across the full lifecycle from scoping to remediation.
Responsibilities:
- Provides information security consulting services for BMO overall and businesses/groups.
- Liaises with stakeholders to understand problems and opportunities and enables BMO to meet its goals by understanding business vision, objectives and KPIs
- Facilitates discussions and follows a disciplined approach to plan, elicit, analyse, document, communicate and manage initiatives and issues with stakeholders by applying a variety of elicitation techniques to probe, challenge and understand associated risks.
- Develops and champions information security best practices, including staying abreast of industry information security and business trends through benchmarking and/or participation in professional associations.
- Tracks metrics and milestones, providing recommendations for resolution and escalating as appropriate when issues arise.
- Creates professional presentations and deliver them in a meaningful concise way.
Requirements:
- Min of 3+ years experience with Manual Penetration Testing experience in Web or API
- Strong exposure for testing Web applications in the following areas: A solid grasp of HTTP/S protocols, headers, cookies, sessions, and CORS behavior within your web testing experience
- Experience testing authentication and authorization mechanisms (OAuth, JWT, session flaws, IDOR/BOLA)
- Strong proficiency with Burp Suite Professional, OWASP ZAP, IBM’s APP SCAN (proxying, repeater, intruder, extensions)
- Deep practical knowledge of OWASP Top 10 (Web + API) and common vulnerabilities
- Ability to identify and exploit business logic vulnerabilities and multi-step attack paths
- Preference for candidates who have at least one certification in a related field, with strong preference for Information security certifications from a well-recognized institution (e.g. OSCP, GMOB, GWAPT, OSWE)
- Secure coding and architecture understanding
- Proficiency in at least one scripting language
- Proficiency in documenting reproducible steps for technical accurate findings
Benefits:
- Health insurance
- Tuition reimbursement
- Accident and life insurance
- Retirement savings plans
Similar Jobs
Principal Cyber-Security Engineer – GRC, AI
Principal Cyber-Security Engineer driving AI integration within FICO's GRC, emphasizing automation and compliance. Leading high-visibility audit engagements and mentoring team members across departments.
Lernbegleiter, Sicherheit und Objektschutz
Trainer for security expertise remotely at WBS TRAINING. Focusing on competency development for course participants with a strong educational approach.
Social Security Disability Hearing Attorney
Social Security Disability Hearing Attorney helping clients navigate the SSDI and SSI application processes. Representing them in appeals and providing legal consultation remotely.
Penetration Testing Consultant
Penetration Testing Consultant at BMO conducting extensive manual security assessments for critical financial applications. Collaborating with stakeholders to enhance security strategies and practices.
Security Hardware Technician
Security Hardware Technician installing, maintaining, and troubleshooting security hardware systems. Responsible for configuration, repair, and optimization of security equipment.
Vendedor de productos de seguridad industrial
Industrial Salesperson building strong client relationships in the mining sector for 3M. Identifying new business opportunities and presenting tailored solutions to customer needs.
Global Program Manager, Health and Security Consulting
Program Director leading delivery of health and consulting solutions at International SOS. Oversees complex programs supporting health, security, and organizational resilience risks.
Senior Software Engineer – Product Security, Security Automation
Software Engineer in Product Security developing security tooling and automation for a global organization in cybersecurity. Collaborate with teams to safeguard a multi-cloud production environment.
Fees Coordinator, Social Security Disability Experience Required
Fee Tracking Coordinator at Mindset Care, Inc. managing SSA attorney fee payments and authorizations within Social Security Disability practice.
Security Engineer
Join a global tech company as a Security Engineer focusing on Endpoint Privilege Management. Drive the rollout of a new EPM solution in a fully remote role based in Poland.
Full-Stack Engineer, Identity & Security
Identity & Security Engineer responsible for designing security foundations for AI orchestration Layer. Collaborating to ensure authorization and auditing for actions and workflows across platforms.
Information Security Engineer
Information Security Engineer identifying security risks and managing firewalls at Gainwell Technologies. Developing and enforcing security policies while providing technical support for enterprise systems.
Senior Manager, Information Systems Security
Senior Manager responsible for managing information system security education and compliance activities at Gainwell. Ensuring safety protocols in place for facility management and personnel operations.
Head of Cybersecurity
Head of Cybersecurity for high-growth B2B SaaS firm managing data protection and compliance. Define cybersecurity strategy and mature security functions across the organization.
Principal Architect – Security, Performance
Principal Architect responsible for security and performance in eCommerce for Dealer Tire and SimpleTire platforms. Collaborating on cloud architecture and application performance optimization.
Ingeniero Seguridad Cloud, Semi Senior
Cloud Security Engineer focused on implementing security controls and compliance for cloud environments at Stefanini, ensuring protection of digital assets.
System Architect – Infrastructure Security
System Architect responsible for enhancing infrastructure security at Target Group. Collaborating with IT and Security teams to mitigate risks and strengthen technology resilience.
Deputy Chief Information Security Officer
Deputy Chief Information Security Officer at Mercury responsible for the bank's 2LOD Information Security program. Ensure security policies and examiner readiness for regulatory standards in a fintech environment.
VP of Security
VP of Security overseeing Serve's security strategy for autonomous delivery. Leading initiatives and developing security practices in a high-growth tech environment.
Security Engineer
Security Engineer at Coterie enhancing security operations and access management in cloud-native environments. Collaborating with teams to conduct access reviews and manage privileged access programs.