CybersecurityJobs.io
← Back to all jobs

Job Description

A Penetration Tester specializing in mobile, API, and application security will perform rigorous testing and security assessments across mobile, web, API, and AI-enabled applications for U.S. Bank National Association. This onsite position is based in Irving, Texas, with a yearly salary range of USD 105,400 to 124,000. The role requires a strong foundation in security testing and collaboration with engineering teams to drive remediation.

Responsibilities

  • Conduct penetration tests of mobile platforms (Android and iOS), web applications, and APIs using a mix of manual techniques and tooling.
  • Identify security weaknesses and, when appropriate, demonstrate impact through controlled exploitation.
  • Produce clear findings with risk ratings and remediation guidance for both technical and non-technical stakeholders.
  • Apply established testing methodologies, standards, and playbooks while continuing to develop practical exploitation skills.
  • Research emerging threats, tools, and techniques, including AI and application security risks, and apply learnings during assessments where applicable.
  • Participate in security assessments of AI-enabled applications and services, including systems with machine learning models, APIs, or large language models (LLMs).
  • Contribute to team initiatives such as process improvements, internal documentation, tool usage, and knowledge sharing.
  • Collaborate with peers and stakeholders during engagements and remediation discussions.

Requirements

  • Bachelor's degree in Engineering or Science, or an equivalent combination of education and work experience.
  • Five or more years of experience in information security.
  • Two or more years of experience in IT infrastructure management.
  • Two or more years of experience in application architecture.
  • Two or more years of experience in risk management.
  • Two or more years of experience in data architecture.
  • Two or more years of experience in middleware technology.
  • Two or more years of experience in IT operations or project management.
  • Three or more years of hands-on experience testing Android and/or iOS applications.
  • Working knowledge of mobile platform security risks and common weaknesses.
  • Familiarity with OWASP MASVS and MASTG.
  • Practical understanding of the OWASP Top 10 and OWASP API Security Top 10.
  • Experience identifying authentication, authorization, input validation, and business logic vulnerabilities.
  • Proficiency with Burp Suite (Community or Pro), Postman, or Insomnia.
  • Ability to perform manual testing beyond automated scanner output.
  • Exposure to AWS and/or Azure environments.
  • Basic familiarity with cloud-hosted or containerized application architectures.
  • Working knowledge of HTTP/S, authentication and authorization (OAuth, JWT), and general networking concepts.
  • Exposure to tools such as Nmap, Metasploit, and Kali Linux.
  • Familiarity with AI and machine learning security concepts.
  • Aware of AI-related risks, including prompt injection, insecure model or API access, and data leakage.
  • Understanding of how AI security risks intersect with traditional application and API testing.
  • Interest in contributing to light automation or scripting to improve testing efficiency.
  • Ability to produce clear, well-structured written findings and remediation guidance.
  • Comfortable discussing security findings with engineers, application owners, and security partners.

Technologies

  • Burp Suite
  • Postman
  • Insomnia
  • AWS
  • Azure
  • Nmap
  • Metasploit
  • Kali Linux
  • Frida
  • JADX
  • ServiceNow
  • Python
  • Bash
  • PowerShell
  • OAuth
  • JWT
  • HTTP
  • HTTP/S

Benefits

  • Healthcare coverage includes medical, dental, and vision
  • Basic and optional term life insurance
  • Short-term and long-term disability insurance
  • Pregnancy disability and parental leave
  • 401(k) with employer-funded retirement plan
  • Paid vacation ranging from two to five weeks based on salary grade and tenure
  • Up to 11 paid holidays per year
  • Adoption assistance
  • Sick and Safe Leave accruals at one hour for every 30 hours worked, up to 80 hours per calendar year unless restricted by applicable law

E-Verify

U.S. Bank participates in the U.S. Department of Homeland Security E-Verify program in all facilities located in the United States and certain U.S. territories. The E-Verify program is an Internet-based employment eligibility verification system operated by the U.S. Citizenship and Immigration Services.

Similar Jobs