Penetration Tester

Drive the security of critical banking applications and platforms through hands-on offensive testing.

As an Assessments & Exercises Vice President in the Cybersecurity and Technology Controls organization you will play a key role in safeguarding the firms most vital assets. Your primary responsibility will be to plan execute and report on penetration tests targeting high-impact applications platforms and services. Leveraging industry-standard methodologies and advanced techniques you will proactively identify vulnerabilities collaborate with application owners to understand root causes and guide effective remediation to strengthen the firms security posture.

We are seeking candidates with a passion for offensive security deep technical expertise in penetration testing and a commitment to continuous learning and excellence.

Job responsibilities

• Plan scope and execute penetration testing engagements across a variety of environments including web applications APIs cloud platforms infrastructure thick-client and/or mobile applications.
• Collect and validate pre-requisites for each engagement ensuring all necessary access documentation and approvals are in place.
• Perform manual and automated testing to identify vulnerabilities misconfigurations and security weaknesses leveraging industry-standard tools and custom scripts.
• Document and communicate findings through comprehensive reports that include technical details risk assessments and actionable remediation recommendations.
• Conduct peer reviews of penetration test reports to ensure accuracy consistency and quality of deliverables.
• Collaborate with development infrastructure and security teams to clarify findings support remediation efforts and provide subject matter expertise on offensive security.
• Stay current with emerging threats vulnerabilities and attack techniques by leveraging threat intelligence security research and participation in relevant industry groups.
• Contribute to the continuous improvement of penetration testing methodologies tools and frameworks to enhance effectiveness and alignment with firm strategy and regulatory requirements.

Required qualifications capabilities and skills

• 5+ years of hands-on penetration testing experience in offensive security with a proven track record of scoping executing and reporting on complex engagements.
• Expertise in manual penetration testing of web API cloud (AWS/Azure/GCP) infrastructure thick-client and/or mobile applications (android/iOS) including the use of industry-standard tools (e.g. Burp Suite Nmap Metasploit etc.).
• Strong understanding of security assessment methodologies such as OWASP Top Ten NIST Cybersecurity Framework and other relevant standards.
• Ability to identify and articulate systemic security issues related to threats vulnerabilities and risks and provide clear actionable recommendations for remediation.
• Exceptional organizational and communication skills including the ability to write detailed technical reports and present findings to both technical and non-technical stakeholders.
• Experience conducting peer reviews of penetration test reports and mentoring junior testers.
• Continuous learner who keeps up with the latest offensive security trends tools and techniques.

Preferred qualifications capabilities and skills

• Knowledge of cybersecurity practices operational risk management and incident response methodologies within the US financial services sector including relevant regulations threats and risks.
• Proficiency in penetration testing and security concepts for both Windows and Unix-like operating systems.
• Experience conducting security-focused source code reviews (e.g. Python Java Rust).
• Experience in reverse engineering thick-client and mobile applications to identify vulnerabilities.
• Relevant certifications such as OSWE CREST (CRT CCT) OSCP OSCE GXPN GWAPT GPEN GMOB or BSCP.