Senior Offensive Security Engineer - Pentester
Job Description
Senior Offensive Security Engineer - Pentester at Bank of America, based in Denver, CO (onsite), leads high risk vulnerability assessments across the bank’s global technology environment, mentors engineers, and collaborates with senior leadership.
Responsibilities
- Lead and execute assessments of the bank's technologies, applications, and security controls, adapting testing approaches to evolving threats.
- Collaborate on technical assessments using a broad set of penetration testing techniques (reconnaissance, weaponization, delivery, exploitation) to identify and demonstrate high risk vulnerabilities across diverse tech stacks.
- Identify misconfigurations and vulnerabilities, assess security impact, and document risk with clear reporting.
- Coordinate with senior leadership on development projects and partner with stakeholders to complete assessments.
- Mentor junior engineers and support monitoring and incident response to strengthen threat hunting capabilities.
- Partner closely with security colleagues, CIO clients, and multiple lines of business.
- Proactively hunt for high risk vulnerabilities across the bank’s global technology footprint.
Requirements
- Minimum of 5+ years of professional offensive security experience.
- Ability to view organizational and system risk from a threat actor perspective and communicate it clearly to technical and non‑technical audiences.
- Strong proficiency with common penetration testing tools such as Burp Suite, Metasploit, and Nmap.
- Solid understanding of voice and data networks, major operating systems, Active Directory and related peripherals, with a drive to learn new technologies.
- Knowledge of attacker tactics, techniques, and procedures, familiarity with industry classifications and frameworks, and the ability to chain vulnerabilities for advanced exploitation.
- Proficiency in delivering reports and documenting vulnerabilities in a technical context.
- Ability to code or script in languages such as Python, Java, or C#.
Technologies
- Burp Suite
- Metasploit
- Nmap
- Python
- Java
- C#
Desirable Skills
- Certifications: OSCP, GPEN, GXPN, OSED, OSEP, OSWE, OSCE, GWAPT
- Ability to work remotely if needed
- Previous experience in the financial industry
- Experience with hardware hacking, embedded systems analysis, and IoT hacking
Details
- Location: Denver, CO onsite
- Shift: 1st shift (United States of America)
- Hours per week: 40
- Compensation: USD 160,000 - 205,000 per year
Similar Jobs
J
J