FREE ACCESS
5,000–10,000 jobs/day
See all jobs on JobTailor
Search thousands of fresh jobs every day.
Discover
- Fresh listings
- Fast filters
- No subscription required
Create a free account and start exploring right away.
About the role
Key responsibilities & impact- Provides information security consulting services for BMO overall and businesses/groups.
- Liaises with stakeholders to understand problems and opportunities and enables BMO to meet its goals by understanding business vision, objectives and KPIs
- Facilitates discussions and follows a disciplined approach to plan, elicit, analyse, document, communicate and manage initiatives and issues with stakeholders by applying a variety of elicitation techniques to probe, challenge and understand associated risks.
- Develops and champions information security best practices, including staying abreast of industry information security and business trends through benchmarking and/or participation in professional associations.
- Tracks metrics and milestones, providing recommendations for resolution and escalating as appropriate when issues arise.
- Creates professional presentations and deliver them in a meaningful concise way.
Requirements
What you’ll need- Min of 3+ years experience with Manual Penetration Testing experience in Web or API
- Strong exposure for testing Web applications in the following areas: A solid grasp of HTTP/S protocols, headers, cookies, sessions, and CORS behavior within your web testing experience
- Experience testing authentication and authorization mechanisms (OAuth, JWT, session flaws, IDOR/BOLA)
- Strong proficiency with Burp Suite Professional, OWASP ZAP, IBM’s APP SCAN (proxying, repeater, intruder, extensions)
- Deep practical knowledge of OWASP Top 10 (Web + API) and common vulnerabilities
- Ability to identify and exploit business logic vulnerabilities and multi-step attack paths
- Preference for candidates who have at least one certification in a related field, with strong preference for Information security certifications from a well-recognized institution (e.g. OSCP, GMOB, GWAPT, OSWE)
- Secure coding and architecture understanding
- Proficiency in at least one scripting language
- Proficiency in documenting reproducible steps for technical accurate findings
Benefits
Comp & perks- Health insurance
- Tuition reimbursement
- Accident and life insurance
- Retirement savings plans
ATS Keywords
✓ Tailor your resumeApplicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard Skills & Tools
Manual Penetration TestingWeb Application TestingAPI TestingHTTP/S ProtocolsAuthentication MechanismsAuthorization MechanismsBusiness Logic VulnerabilitiesSecure CodingScripting LanguageDocumenting Technical Findings
Soft Skills
Stakeholder LiaisonProblem SolvingCommunicationPresentation SkillsAnalytical ThinkingRisk ManagementFacilitationCollaborationElicitation TechniquesMetrics Tracking
Certifications
OSCPGMOBGWAPTOSWE