CybersecurityJobs.io
← Back to all jobs

Job Description

Senior Offensive Security Engineer - Pentester at Bank of America, based in Denver, CO (onsite), leads high risk vulnerability assessments across the bank’s global technology environment, mentors engineers, and collaborates with senior leadership.

Responsibilities

  • Lead and execute assessments of the bank's technologies, applications, and security controls, adapting testing approaches to evolving threats.
  • Collaborate on technical assessments using a broad set of penetration testing techniques (reconnaissance, weaponization, delivery, exploitation) to identify and demonstrate high risk vulnerabilities across diverse tech stacks.
  • Identify misconfigurations and vulnerabilities, assess security impact, and document risk with clear reporting.
  • Coordinate with senior leadership on development projects and partner with stakeholders to complete assessments.
  • Mentor junior engineers and support monitoring and incident response to strengthen threat hunting capabilities.
  • Partner closely with security colleagues, CIO clients, and multiple lines of business.
  • Proactively hunt for high risk vulnerabilities across the bank’s global technology footprint.

Requirements

  • Minimum of 5+ years of professional offensive security experience.
  • Ability to view organizational and system risk from a threat actor perspective and communicate it clearly to technical and non‑technical audiences.
  • Strong proficiency with common penetration testing tools such as Burp Suite, Metasploit, and Nmap.
  • Solid understanding of voice and data networks, major operating systems, Active Directory and related peripherals, with a drive to learn new technologies.
  • Knowledge of attacker tactics, techniques, and procedures, familiarity with industry classifications and frameworks, and the ability to chain vulnerabilities for advanced exploitation.
  • Proficiency in delivering reports and documenting vulnerabilities in a technical context.
  • Ability to code or script in languages such as Python, Java, or C#.

Technologies

  • Burp Suite
  • Metasploit
  • Nmap
  • Python
  • Java
  • C#

Desirable Skills

  • Certifications: OSCP, GPEN, GXPN, OSED, OSEP, OSWE, OSCE, GWAPT
  • Ability to work remotely if needed
  • Previous experience in the financial industry
  • Experience with hardware hacking, embedded systems analysis, and IoT hacking

Details

  • Location: Denver, CO onsite
  • Shift: 1st shift (United States of America)
  • Hours per week: 40
  • Compensation: USD 160,000 - 205,000 per year

Similar Jobs