Our Ability Jobs

At U.S. Bank, we’re on a journey to do our best. Helping the customers and businesses we serve to make better and smarter financial decisions and enabling the communities we support to grow and succeed. We believe it takes all of us to bring our shared ambition to life, and each person is unique in their potential. A career with U.S. Bank gives you a wide, ever-growing range of opportunities to discover what makes you thrive at every stage of your career. Try new things, learn new skills and discover what you excel at—all from Day One.

Job Description

U.S. Bank is seeking a Senior Web Application Penetration Tester with demonstrated competence and experience to contribute toward the success of our information security program. As a Senior Penetration Tester, you will be responsible for assessing the security of our web applications by identifying vulnerabilities and recommending mitigation strategies to enhance their resilience against cyber threats. This role requires a deep understanding of web application security principles, advanced web application penetration testing techniques, and the ability to work collaboratively with cross-functional teams.

The role offers a hybrid/flexible schedule, which means there’s an in-office expectation of 3 or more days per week and the flexibility to work outside the office location for the other days at one of the following locations:

• Cincinnati, OH

• Minneapolis, MN

• Charlotte, NC

Basic Qualifications

• Bachelor's degree in Engineering or Science, or equivalent work experience

• Eight or more year of experience in information security

• Two or more years of experience in IT infrastructure management, application architecture, risk management, data architecture, middleware technology, and IT operations and project management

Preferred Skills/Experience

• At least five years performing web application and/or API penetration testing.

• 3-5 years or more experience in Technical writing/documentation.

• Familiarity with and understanding of information security architecture.

• 3+ years’ experience with & understanding of IT standards, procedures, policies.

• Offensive Security Web Assessor Certification (OSWA), GIAC Web Application Penetration Tester (GWAPT), or similar is a plus. - Offensive Security Certified Professional Certification (OSCP) is a plus.

• Experience with ServiceNow Application Vulnerability Response is a plus.

• Understanding of and experience with change control is a plus.

• Product and vendor evaluation experience is a plus.

Subject matter expertise (5+ years’ experience) in the following:

• Information security technologies including Burp Suite Pro and OWASP Zap.

-Strong knowledge of web application security principles, OWASP Top 10, and industry best practices for secure web application development.

-Hands-on experience with manual testing techniques, including SQL injection, cross-site scripting (XSS), CSRF, and other common web application vulnerabilities.

-Excellent written and verbal communication skills, with the ability to convey technical concepts effectively to both technical and non-technical stakeholders.

If there’s anything we can do to accommodate a disability during any portion of the application or hiring process, please refer to our disability accommodations for applicants (https://careers.usbank.com/global/en/disability-accommodations-for-applicants) .

Benefits:

Our approach to benefits and total rewards considers our team members’ whole selves and what may be needed to thrive in and outside work. That's why our benefits are designed to help you and your family boost your health, protect your financial security and give you peace of mind. Our benefits include the following (some may vary based on role, location or hours):

• Healthcare (medical, dental, vision)

• Basic term and optional term life insurance

• Short-term and long-term disability

• Pregnancy disability and parental leave

• 401(k) and employer-funded retirement plan

• Paid vacation (from two to five weeks depending on salary grade and tenure)

• Up to 11 paid holiday opportunities

• Adoption assistance

• Sick and Safe Leave accruals of one hour for every 30 worked, up to 80 hours per calendar year unless otherwise provided by law

EEO is the Law

U.S. Bank is an equal opportunity employer committed to creating a diverse workforce. We consider all qualified applicants without regard to race, religion, color, sex, national origin, age, sexual orientation, gender identity, disability or veteran status, among other factors. Applicants can learn more about the company’s status as an equal opportunity employer by viewing the federal KNOW YOUR RIGHTS (https://eeoc.gov/sites/default/files/2023-06/22-088_EEOC_KnowYourRights6.12ScreenRdr.pdf) EEO poster.

E-Verify

U.S. Bank participates in the U.S. Department of Homeland Security E-Verify program in all facilities located in the United States and certain U.S. territories. The E-Verify program is an Internet-based employment eligibility verification system operated by the U.S. Citizenship and Immigration Services. Learn more about the E-Verify program (https://careers.usbank.com/verification-of-eligibility-for-employment) .

The salary range reflects figures based on the primary location, which is listed first. The actual range for the role may differ based on the location of the role. In addition to salary, U.S. Bank offers a comprehensive benefits package, including incentive and recognition programs, equity stock purchase 401(k) contribution and pension (all benefits are subject to eligibility requirements). Pay Range: $108,375.00 - $127,500.00 - $140,250.00

Job postings typically remain open for approximately 20 days of the posting date listed above, however the job posting may be closed earlier should it be determined the position is no longer required due to business need. Job postings in areas with a high volume of applicants, such as customer service, contact center, and Financial Crimes investigations, remain open for approximately 5 days of the posting listed date.