Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Jobs InfoSec Jobs

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Application Penetration Tester
Company Fifth Third Bank
Location Cincinnati, OH
Preferred GIAC Certifications GWAPT, GPEN
Travel 5%
Salary Not provided
Contact Name Anonymous
Contact Email kyle.gonzalez/at/
Expires 2021-06-05

Job Description

Make banking a Fifth Third better®

We connect great people to great opportunities. Are you ready to take the next step? Discover a career in banking at Fifth Third Bank.

The Lead Information Security Engineer - Application Pentester (ISE-APT) - will be responsible for defining, delivering and supporting the enterprise security tools and architecture developed in collaboration with the IT Engineering and Application Development teams. The ISE-APT will also participate in a diverse variety of IS projects and support the ongoing operations of the Information Security department.

The ISE-APT will be focused on securing the enterprise by conducting application penetration testing on the Bank's application portfolio, and by partnering with the Application Development organization to remediate vulnerability findings.


Vulnerability/penetration testing/remediation.
*Perform dynamic application security testing using both manual and automated testing tools.
*Identify and remove any false positives from automated testing tool reports
*Mentor more junior members of the team.
*Contribute to and enhance the bank's application vulnerability management program.
*Define security requirements for the implementation of new applications and projects.
*Serve as a security engineer/consultant on projects.
*Participate in conducting security research on threats and remediation techniques/ technology, make recommendations to the IS/IT teams and oversee their implementation.
*Support the Bank's operational information security responsibilities, including the development maintenance of standards, procedures, and guidelines necessary to satisfy the Information Security department's network operations.
*Proactively monitor and investigate network security alerts from managed security service provider and in-house security tools.
*Assist in conducting risk assessments to evaluate the effectiveness of existing controls and determine the impact of proposed changes to business processes, applications and systems.
*Provide technical support to regulatory agencies, external auditors, and internal auditors, as required, to respond to audits and examinations of the Bank's control environment.
*Threat analysis / Incident Response: interpreting events and analyzing network traffic.
*Mitigating and addressing threat vectors including APT, DDoS, Phishing, Malicious Payload, Cloud, Mobile Device, Web Application.
*Knowledge of current and upcoming IT security technologies.
*Awareness of latest and common security threats.
*Excellent ability to diagnose and troubleshoot accessibility issues.
*Skill in oral and written communication, including presentations to senior management.
*Ability to influence, and work with employees at all levels of the organization.


Bachelors Degree or Masters Degree.
5+ year's progressive experience.
5+ years of information security applications and systems experience
3+ years of DAST (Dynamic Application Security Testing) experience
3+ years of automated information security penetration tools experience
3+ years of manual information security penetration testing tools, topics, and techniques experience
1+years of mobile (Android/IOS) penetration testing experience

Must be well versed with OWASP Top 10 vulnerabilities
Certifications such as GIAC Web Application Penetration Testing (GWAPT) or Offensive Security Certified Professional (OSCP) are preferred.

Fifth Third Bank, National Association is proud to have an engaged and inclusive culture and to promote and ensure equal employment opportunity in all employment decisions regardless of race, color, gender, national origin, religion, age, disability, sexual orientation, gender identity, military status, veteran status or any other legally protected status.