Sr Application Security Testing Consultant
$87,000 - $161,400/Yr
BMO - Dallas, TX
posted about 2 months ago
Full-time - Mid Level
Dallas, TX
Credit Intermediation and Related Activities
About the position
The Sr Application Security Testing Consultant at BMO Financial Group is responsible for executing and coordinating security testing activities for BMO applications. Reporting to the Lead of DevSecOps, this role involves conducting Static and Dynamic Application Security Testing (SAST/DAST), providing information security consulting services, and collaborating with developers and stakeholders to enhance security measures. The consultant will also participate in the execution of the information security strategy, ensuring compliance with regulatory requirements and identifying security gaps.
Responsibilities
- Provide technical leadership as a Security Testing subject matter expert.
- Assist in the execution of security testing operations including pre-engagement, engagement, and post-engagement activities.
- Deliver security testing projects according to a structured process, including writing test reports.
- Oversee and execute the configuration and deployment of security testing software.
- Work with leadership to mature security testing team capabilities and provide remediation guidance.
- Conduct risk assessments to identify security gaps and recommend corrective actions.
- Assist in executing technical security assessments of web applications, API security testing, and backend applications.
- Advise on secure development practices and identify potential misuse scenarios.
Requirements
- 5 - 7 years of relevant experience in application security testing.
- Post-secondary degree in Computer Science, Information Systems, or a related field, or equivalent experience.
- Knowledge of coding languages such as C#, JAVA, JavaScript, TypeScript, and Python.
- Familiarity with rapid development processes like Waterfall and Agile.
- Understanding of coding vulnerabilities, frameworks, and patching processes.
- Knowledge of OWASP Top 10 and secure coding frameworks.
- Familiarity with code scanning software and vulnerability scanning processes.
- Understanding of network protocols and connectivity.
Nice-to-haves
- CISSP, CISSLP, GIAC, OSCP, OSWE, GWAPT, GMOB, GPEN, GXPN, GAWN certifications are an asset.
- Familiarity with CI/CD Integration of AppSec Testing Tools (SAST, SCA, IAST).
- Experience with API security.
Benefits
- Health insurance
- Tuition reimbursement
- Accident and life insurance
- Retirement savings plans
