
Penetration Testing Consultant
Posted 23 hours ago

Posted 23 hours ago
This is a fully remote position, open to applicants in Texas.
• Offers consulting services in information security for BMO as a whole, as well as for specific businesses and groups.
• Collaborates with stakeholders to identify challenges and opportunities, enabling BMO to achieve its objectives by grasping the business vision, goals, and KPIs.
• Facilitates dialogues and employs a structured approach to plan, gather, analyze, document, communicate, and manage initiatives and issues with stakeholders, utilizing various elicitation techniques to probe, challenge, and comprehend associated risks.
• Develops and advocates for best practices in information security, staying informed about industry trends and business developments through benchmarking and participation in professional organizations.
• Monitors metrics and milestones, offering recommendations for resolutions and escalating issues as necessary when challenges arise.
• Designs professional presentations and delivers them in a clear and impactful manner.
• A minimum of 3+ years of experience in Manual Penetration Testing, specifically in Web or API.
• Strong familiarity with testing Web applications, including a solid understanding of HTTP/S protocols, headers, cookies, sessions, and CORS behavior within your web testing experience.
• Experience in testing authentication and authorization mechanisms such as OAuth, JWT, session flaws, and IDOR/BOLA.
• Proficient in using Burp Suite Professional, OWASP ZAP, and IBM’s APP SCAN (including proxying, repeater, intruder, and extensions).
• Extensive practical knowledge of the OWASP Top 10 (Web + API) and common vulnerabilities.
• Capability to identify and exploit business logic vulnerabilities and multi-step attack paths.
• Preference for candidates holding at least one certification in a related field, particularly information security certifications from reputable institutions (e.g., OSCP, GMOB, GWAPT, OSWE).
• Understanding of secure coding and architecture.
• Proficiency in at least one scripting language.
• Ability to document reproducible steps for technically accurate findings.
• Health insurance
• Tuition reimbursement
• Accident and life insurance
• Retirement savings plans
Monarch Money
Databricks
Prima
Instacart
Get handpicked remote jobs straight to your inbox weekly.