Penetration Testing Consultant

This is a fully remote position, open to applicants in Texas.

📋 Description

• Offers consulting services in information security for BMO as a whole, as well as for specific businesses and groups.

• Collaborates with stakeholders to identify challenges and opportunities, enabling BMO to achieve its objectives by grasping the business vision, goals, and KPIs.

• Facilitates dialogues and employs a structured approach to plan, gather, analyze, document, communicate, and manage initiatives and issues with stakeholders, utilizing various elicitation techniques to probe, challenge, and comprehend associated risks.

• Develops and advocates for best practices in information security, staying informed about industry trends and business developments through benchmarking and participation in professional organizations.

• Monitors metrics and milestones, offering recommendations for resolutions and escalating issues as necessary when challenges arise.

• Designs professional presentations and delivers them in a clear and impactful manner.

⛳️ Requirements

• A minimum of 3+ years of experience in Manual Penetration Testing, specifically in Web or API.

• Strong familiarity with testing Web applications, including a solid understanding of HTTP/S protocols, headers, cookies, sessions, and CORS behavior within your web testing experience.

• Experience in testing authentication and authorization mechanisms such as OAuth, JWT, session flaws, and IDOR/BOLA.

• Proficient in using Burp Suite Professional, OWASP ZAP, and IBM’s APP SCAN (including proxying, repeater, intruder, and extensions).

• Extensive practical knowledge of the OWASP Top 10 (Web + API) and common vulnerabilities.

• Capability to identify and exploit business logic vulnerabilities and multi-step attack paths.

• Preference for candidates holding at least one certification in a related field, particularly information security certifications from reputable institutions (e.g., OSCP, GMOB, GWAPT, OSWE).

• Understanding of secure coding and architecture.

• Proficiency in at least one scripting language.

• Ability to document reproducible steps for technically accurate findings.

🏝️ Benefits

• Health insurance

• Tuition reimbursement

• Accident and life insurance

• Retirement savings plans