Web Application Pentester
North Dallas Campus
Texas Capital is built to help businesses and their leaders. Our depth of knowledge and expertise allows us to bring the best of the big firms at a scale that works for our clients, with highly experienced bankers who truly invest in people’s success — today and tomorrow.
While we are rooted in core financial products, we are differentiated by our approach. Our bankers are seasoned financial experts who possess deep experience across a multitude of industries. Equally important, they bring commitment — investing the time and resources to understand our clients’ immediate needs, identify market opportunities and meet long-term objectives. At Texas Capital, we do more than build business success. We build long-lasting relationships.
Texas Capital provides a variety of benefits to colleagues, including health insurance coverage, wellness program, fertility and family building aids, life and disability insurance, retirement savings plans with a generous 401K match, paid leave programs, paid holidays, and paid time off (PTO).
Headquartered in Dallas with offices in Austin, Fort Worth, Houston, Richardson, Plano and San Antonio, Texas Capital was recently named Best Regional Bank in 2024 by Bankrate and was named to The Dallas Morning News’ Dallas-Fort Worth metroplex Top Workplaces 2023 and GoBankingRate’s 2023 list of Best Regional Banks. For more information about joining our team, please visit us at www.texascapitalbank.com.
Brief Overview of Position
The Web Application Pentester role is responsible for conducting application penetration tests and software security architecture reviews to identify risk throughout Texas Capital’s secure software development lifecycle. This role will serve as a subject matter expert (SME) in the areas of web application, API, and cloud security. As a senior member of the team, you will ensure the security, integrity, and confidentiality of all Texas Capital web assets. Success in this role includes the ability to work in a fast paced environment, communicate effectively across the organization, identifying and reducing risk while still meeting business needs and objectives, and a passion to teach and learn from other colleagues.
Responsibilities
- Conduct application security penetration tests to identify vulnerabilities in the software design and implementation.
- Assess emerging application security systems, standards, authentication protocols, and products to determine where they fill gaps, overlap with existing solutions, or extend capabilities.
- Provide guidance on application security architecture standards and design patterns inclusive of web, API, and cloud system integration.
- Partner with application technology subject matter experts (SMEs) to define and formalize security policies required to build, support, and consume application services.
- Influence and facilitate a culture of secure software design and development through application security awareness and best practices.
- Communicate application security concepts effectively across all organization levels.
- Review technical design documentation to ensure security related items are incorporated.
- Ability to think critically, prioritize tasks and solve problems independently or as a team member.
The duties listed above are the essential functions, or fundamental duties within the job classification. The essential functions of individual positions within the classification may differ. Texas Capital Bank may assign reasonably related additional duties to individual employees consistent with standard departmental policy.
Qualifications
- Bachelor's Degree required or equivalent experience in Information Technology or Computer Science discipline.
- AWAE/OSWE, OSCP, CEH, GWAPT, or GPEN security certifications desired.
- 5+ years of experience conducting security assessments in a secure SDLC workflow, such as Security Architecture Analysis, Static Application Security Testing (SAST), Software Composition Analysis (SCA), and Dynamic Application Security Testing (DAST).
- Experience of using a variety of application security tools such as Burp Suite, GitHub Advanced Security, SQLMap, SSLyze, etc.
- Understanding of security protocols, cryptography, authentication, authorization, and security relative to Applications/APIs.
- 5+ years of experience in support, development, design, and implementation of technology solutions on large initiatives - preferably in Financial Services
- Experience working with industry security frameworks (GLBA, CSA, CIS, FFIEC, PCI DSS, GDPR, HIPAA, NIST, etc.)
- Experience building, designing, or securing software architectures including APIs and Microservice-based web services, understand API Gateway pattern and products (e.g., AWS API Gateway, MuleSoft, Software AG, etc.) and implement and access controls for users and API Integrations.
- Experience with common web stack technologies (HTTP, REST, etc.) and platforms (e.g., AngularJS, Tomcat, .Net, MS SQL, etc.)
- Experience with Continuous Integration/Continuous Deployment tools and processes
- Proven written and verbal skills to communicate security risks to various audiences, ranging from technical to non-technical.
- Experience working with line of business, 2LOD (Risk), and 3LOD (Audit) functions to drive risk reduction across the enterprise.
- Working knowledge of Application Identity and Access management (IAM) including Single Sign On, MFA, identity providers and frameworks for Applications. (FIDO, SAML, OAuth, OpenID Connect)
- MS Office skills including Visio, PowerPoint, Excel and Word and experience using these tools to build system designs and provide updates.
Expert level experience and very detailed technical knowledge in at least 3 of the following areas: general information security; security engineering; application architecture; authentication and security protocols; applications session management; applied cryptography; common communication protocols; mobile frameworks; single sign-on technologies; exploit automation platforms; RESTful web services.
The duties listed above are the essential functions, or fundamental duties within the job classification. The essential functions of individual positions within the classification may differ. Texas Capital Bank may assign reasonably related additional duties to individual employees consistent with standard departmental policy.Texas Capital is an Equal Opportunity Employer.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: API Gateway APIs Application security Automation AWS Burp Suite CEH Cloud Computer Science Cryptography DAST Exploit FFIEC GDPR GitHub GLBA GPEN GWAPT HIPAA IAM MSSQL NIST OpenID OSCP OSWE PCI DSS SAML SAST SDLC Security assessment SQL Tomcat Vulnerabilities
Perks/benefits: 401(k) matching Fertility benefits Flex vacation Health care Insurance Wellness
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.