U.S. Bank
Overview Join to apply for the Sr. Penetration Tester role at U.S. Bank .
U.S. Bank is seeking a Senior Penetration Tester (Web/API/Mobile/ATM) with demonstrated competence to contribute toward the information security program. The role involves assessing the security of web/mobile applications, APIs, and ATM platforms by identifying vulnerabilities, performing exploitations, and recommending mitigation strategies to enhance resilience against cyber threats. A deep understanding of web/mobile application security, ATM hardware/software, advanced testing techniques, and collaboration with cross-functional teams is required.
Responsibilities Lead dynamic penetration testing against hardened web/API, mobile applications, and ATM systems to uncover vulnerabilities and demonstrate business impact.
Deliver clear, actionable reports including findings, vulnerability scoring, and remediation guidance for technical and non-technical audiences.
Iterate testing methodologies by researching emerging threats, tools, and techniques to improve assessment strategies and team capabilities.
Balance hands-on testing with supporting broader team initiatives, including process optimization, tool/script development, and knowledge sharing.
The role offers a hybrid/flexible schedule with in-office expectation of 3+ days per week and flexibility to work from other locations.
Basic Qualifications Bachelor's degree in Engineering or Science, or equivalent work experience
Eight or more years of experience in information security
Two or more years of experience in IT infrastructure management, application architecture, risk management, data architecture, middleware technology, and IT operations and project management
Preferred Skills/Experience Web & API Penetration Testing: 5+ years of hands-on experience with modern web applications and APIs. Knowledge of OWASP Top 10, API Security Top 10, and SANS Top 25 vulnerabilities.
Manual Testing & Exploitation: Proficient in identifying and exploiting vulnerabilities using tools like Burp Suite Pro, Postman/Insomnia, and custom scripts; skilled in business logic flaws and access control issues.
Mobile Application Security: Familiarity with Android and iOS testing methodologies and platform-specific risks.
Technical Proficiency: Scripting skills (Python, PowerShell, Bash, Ruby, Go); understanding of HTTP/S, authentication protocols, and basic network fundamentals.
ATM Systems: Experience with ATM hardware/software security testing and related attack vectors.
Cloud & Platform Fluency: Experience in cloud environments (AWS, Azure) and containerization; familiarity with cloud-native security and common assessment tools.
Tooling & Automation: Ability to develop custom tools to automate testing workflows; familiarity with Nmap, Metasploit, Kali Linux.
Threat Modeling & Risk Assessment: Ability to perform threat modeling and prioritize testing efforts.
Regulatory & Compliance Awareness: Knowledge of PCI-DSS, HIPAA, NIST 800-53, ISO 27001, and FedRAMP.
Communication & Documentation: Strong written and verbal communication; ability to present findings to technical and non-technical audiences, including leadership.
Leadership & Mentorship: Experience leading engagements and mentoring junior testers.
Certifications: OSWE, OSEP, OSCP, GWAPT, GPEN, GMOB, OSWA, or equivalent.
Additional Experience: Source code review, ServiceNow Vulnerability Response, and understanding of change control and security architecture.
For candidates requiring accommodations: If there’s anything we can do to accommodate a disability during any portion of the application or hiring process, please refer to our disability accommodations for applicants.
Benefits Our benefits and total rewards consider team members’ needs to thrive in and outside work. Benefits include:
Healthcare (medical, dental, vision)
Basic and optional term life insurance
Disability coverage
Pregnancy disability and parental leave
401(k) and employer-funded retirement plan
Paid vacation and paid holidays
Adoption assistance
Sick and Safe Leave accruals
U.S. Bank is an equal opportunity employer. We consider all qualified applicants without regard to race, religion, color, sex, national origin, age, sexual orientation, gender identity, disability or veteran status, and other factors protected under applicable law.
E-Verify
U.S. Bank participates in the U.S. DHS E-Verify program in all facilities located in the United States and certain U.S. territories. Learn more about the E-Verify program.
The salary range reflects figures based on the primary location listed first. The actual range may differ by location. Benefits are subject to eligibility requirements.
Pay Range: $111,605.00 - $131,300.00
U.S. Bank will consider qualified applicants with arrest or conviction records. Background checks are conducted as required by law and policy. Applicants must comply with company policies including the Code of Ethics and Business Conduct.
Posting may be closed earlier due to high volume of applicants.
#J-18808-Ljbffr