Senior Web Application Penetration Tester

at  US Bank National Association

At U.S. Bank, we’re on a journey to do our best. Helping the customers and businesses we serve to make better and smarter financial decisions and enabling the communities we support to grow and succeed. We believe it takes all of us to bring our shared ambition to life, and each person is unique in their potential. A career with U.S. Bank gives you a wide, ever-growing range of opportunities to discover what makes you thrive at every stage of your career. Try new things, learn new skills and discover what you excel at—all from Day One.

JOB DESCRIPTION

U.S. Bank is seeking a Senior Web Application Penetration Tester with demonstrated competence and experience to contribute toward the success of our information security program. As a Senior Penetration Tester, you will be responsible for assessing the security of our web applications by identifying vulnerabilities and recommending mitigation strategies to enhance their resilience against cyber threats. This role requires a deep understanding of web application security principles, advanced web application penetration testing techniques, and the ability to work collaboratively with cross-functional teams.

BASIC QUALIFICATIONS

• Bachelor’s degree in Engineering or Science, or equivalent work experience
• Eight or more year of experience in information security
• Two or more years of experience in IT infrastructure management, application architecture, risk management, data architecture, middleware technology, and IT operations and project management

PREFERRED SKILLS/EXPERIENCE

• At least five years performing web application and/or API penetration testing.
• 3-5 years or more experience in Technical writing/documentation.
• Familiarity with and understanding of information security architecture.

• 3+ years’ experience with & understanding of IT standards, procedures, policies.

• Offensive Security Web Assessor Certification (OSWA), GIAC Web Application Penetration Tester (GWAPT), or similar is a plus. - Offensive Security Certified Professional Certification (OSCP) is a plus.

• Experience with ServiceNow Application Vulnerability Response is a plus.

• Understanding of and experience with change control is a plus.
• Product and vendor evaluation experience is a plus.

SUBJECT MATTER EXPERTISE (5+ YEARS’ EXPERIENCE) IN THE FOLLOWING:

• Information security technologies including Burp Suite Pro and OWASP Zap.
• Strong knowledge of web application security principles, OWASP Top 10, and industry best practices for secure web application development.
• Hands-on experience with manual testing techniques, including SQL injection, cross-site scripting (XSS), CSRF, and other common web application vulnerabilities.
• Excellent written and verbal communication skills, with the ability to convey technical concepts effectively to both technical and non-technical stakeholders.
  If there’s anything we can do to accommodate a disability during any portion of the application or hiring process, please refer to our disability accommodations for applicants.

Our approach to benefits and total rewards considers our team members’ whole selves and what may be needed to thrive in and outside work. That’s why our benefits are designed to help you and your family boost your health, protect your financial security and give you peace of mind. Our benefits include the following (some may vary based on role, location or hours):

• Healthcare (medical, dental, vision)
• Basic term and optional term life insurance
• Short-term and long-term disability
• Pregnancy disability and parental leave
• 401(k) and employer-funded retirement plan
• Paid vacation (from two to five weeks depending on salary grade and tenure)
• Up to 11 paid holiday opportunities
• Adoption assistance
• Sick and Safe Leave accruals of one hour for every 30 worked, up to 80 hours per calendar year unless otherwise provided by la