Senior Offensive Security Engineer - Pentester
Company: Bank Of America
Location: Denver
Posted on: April 3, 2026
|
|
|
Job Description:
Job Description: At Bank of America, we are guided by a common
purpose to help make financial lives better through the power of
every connection. We do this by driving Responsible Growth and
delivering for our clients, teammates, communities and shareholders
every day. Being a Great Place to Work is core to how we drive
Responsible Growth. This includes our commitment to being an
inclusive workplace, attracting and developing exceptional talent,
supporting our teammates’ physical, emotional, and financial
wellness, recognizing and rewarding performance, and how we make an
impact in the communities we serve. Bank of America is committed to
an in-office culture with specific requirements for office-based
attendance and which allows for an appropriate level of flexibility
for our teammates and businesses based on role-specific
considerations. At Bank of America, you can build a successful
career with opportunities to learn, grow, and make an impact. Join
us! Job Description: Are you passionate about cybersecurity and
looking to work with some of the best information security
professionals in the world in challenging environments? Bank of
America is hiring top talent to join our team. You bring your
talent and passion, and we’ll provide you with an opportunity to
shine and grow. The Cyber Security Assurance Division is looking
for a Senior Full Stack Pentester to join a team of world-class
offensive security professionals. In this role, you will diligently
hunt for high-risk vulnerabilities across the bank’s global
technology environment. Understanding security policy and
compliance is important, but in this role your focus is to identify
exploitable vulnerabilities in critical systems; ones that can
bring about that “nightmare scenario.” This is a highly-technical
role that requires broad technical knowledge, a deep understanding
of threats, and a hacker mentality. You will lead and participate
in collaborative, technical assessments that leverage a wide range
of penetration testing techniques (reconnaissance, weaponization,
delivery, exploitation) to identify and prove the concept of
high-risk vulnerabilities across a variety of technologies. Your
strong problem-solving skills, practical demonstration of technical
competency, and lateral thinking will contribute to our team-first
culture of collaboration and impactful findings. This senior
technical role is responsible for leading and performing
assessments of the bank's technologies, applications, and cyber
security controls while adapting testing methods to evolving and
emerging threats. Key responsibilities include leading and
performing research, understanding the bank's security policy,
working with appropriate partners to complete assessments,
identifying misconfigurations and vulnerabilities to achieve
security impact, and reporting on the associated risk. These
individuals partner closely with security partners, CIO clients,
and multiple lines of business. You will coordinate with senior
leadership on development projects, share your knowledge and
experience by mentoring junior engineers, and assist with
monitoring and response functions, so those teams can practice and
improve their capability to respond to a realistic threat actor.
Required Skills: Minimum of 5 years of professional offensive
security experience Must be able to critically examine an
organization and system through the perspective of a threat actor
and articulate risk in clear, precise terms to technical and
non-technical audiences. Must be very proficient with the common
tools associated with penetration testing (Burp Suite, Metasploit,
nmap, etc.). Must have a solid understanding of voice and data
networks, major operating systems, active directory, their
associated peripherals, and a strong desire to learn new
technologies and skill sets. Must demonstrate knowledge of tactics,
techniques, and procedures associated with malicious activity, an
understanding of industry classifications and frameworks, and the
ability to chain vulnerabilities in the advanced exploitation of
systems. Must be proficient in report delivery and technical
documentation of vulnerabilities. Must be able to effectively code
in a programming or scripting language (Python, Java, C#, etc.)
Desirable Skills: Certifications: OSCP, GPEN, GXPN, OSED, OSEP,
OSWE, OSCE, GWAPT Ability to work remotely if/when necessary
Previous experience working in the financial industry Experience
with hardware hacking, embedded systems analysis, and IoT hacking
This job will be open and accepting applications for a minimum of
seven days from the date it was posted. Shift: 1st shift (United
States of America) Hours Per Week: 40 Pay Transparency details US -
CO - Denver - 1144 15th St - Denver Gis (CO9926), US - DC -
Washington - 1800 K St NW - 1800 K Street NW (DC1842), US - IL -
Chicago - 540 W Madison St - Bank Of America Plaza (IL4540), US -
MA - Boston - 100 Federal St - 100 Federal St Lp (MA5100), US - NJ
- Jersey City - 101 Hudson St - 101 Hudson (NJ2101), US - WA -
Seattle - 401 Union St - Rainier Square (WA1510) Pay and benefits
information Pay range $160,000.00 - $205,000.00 annualized salary,
offers to be determined based on experience, education and skill
set. Discretionary incentive eligible This role is eligible to
participate in the annual discretionary plan. Employees are
eligible for an annual discretionary award based on their overall
individual performance results and behaviors, the performance and
contributions of their line of business and/or group; and the
overall success of the Company. Benefits This role is currently
benefits eligible. We provide industry-leading benefits, access to
paid time off, resources and support to our employees so they can
make a genuine impact and contribute to the sustainable growth of
our business and the communities we serve.
Keywords: Bank Of America, Longmont , Senior Offensive Security Engineer - Pentester, IT / Software / Systems , Denver, Colorado
