Brief Overview of Position 

The Web Application Pentester role is responsible for conducting application penetration tests and software security architecture reviews to identify risk throughout Texas Capital’s secure software development lifecycle.  This role will serve as a subject matter expert (SME) in the areas of web application, API, and cloud security.  As a senior member of the team, you will ensure the security, integrity, and confidentiality of all Texas Capital web assets.  Success in this role includes the ability to work in a fast paced environment, communicate effectively across the organization, identifying and reducing risk while still meeting business needs and objectives, and a passion to teach and learn from other colleagues.   

Responsibilities 

• Conduct application security penetration tests to identify vulnerabilities in the software design and implementation. 
• Assess emerging application security systems, standards, authentication protocols, and products to determine where they fill gaps, overlap with existing solutions, or extend capabilities. 
• Provide guidance on application security architecture standards and design patterns inclusive of web, API, and cloud system integration.  
• Partner with application technology subject matter experts (SMEs) to define and formalize security policies required to build, support, and consume application services. 
• Influence and facilitate a culture of secure software design and development through application security awareness and best practices. 
• Communicate application security concepts effectively across all organization levels. 
• Review technical design documentation to ensure security related items are incorporated. 
• Ability to think critically, prioritize tasks and solve problems independently or as a team member.  

The duties listed above are the essential functions, or fundamental duties within the job classification. The essential functions of individual positions within the classification may differ. Texas Capital Bank may assign reasonably related additional duties to individual employees consistent with standard departmental policy. 

Qualifications 

• Bachelor’s Degree required or equivalent experience in Information Technology or Computer Science discipline. 
• AWAE/OSWE, OSCP, CEH, GWAPT, or GPEN security certifications desired. 
• 5+ years of experience conducting security assessments in a secure SDLC workflow, such as Security Architecture Analysis, Static Application Security Testing (SAST), Software Composition Analysis (SCA), and Dynamic Application Security Testing (DAST). 
• Experience of using a variety of application security tools such as Burp Suite, GitHub Advanced Security, SQLMap, SSLyze, etc. 
• Understanding of security protocols, cryptography, authentication, authorization, and security relative to Applications/APIs. 
• 5+ years of experience in support, development, design, and implementation of technology solutions on large initiatives - preferably in Financial Services 
• Experience working with industry security frameworks (GLBA, CSA, CIS, FFIEC, PCI DSS, GDPR, HIPAA, NIST, etc.) 
• Experience building, designing, or securing software architectures including APIs and Microservice-based web services, understand API Gateway pattern and products (e.g., AWS API Gateway, MuleSoft, Software AG, etc.) and implement and access controls for users and API Integrations. 
• Experience with common web stack technologies (HTTP, REST, etc.) and platforms (e.g., AngularJS, Tomcat, .Net, MS SQL, etc.) 
• Experience with Continuous Integration/Continuous Deployment tools and processes 
• Proven written and verbal skills to communicate security risks to various audiences, ranging from technical to non-technical. 
• Experience working with line of business, 2LOD (Risk), and 3LOD (Audit) functions to drive risk reduction across the enterprise. 
• Working knowledge of Application Identity and Access management (IAM) including Single Sign On, MFA, identity providers and frameworks for Applications. (FIDO, SAML, OAuth, OpenID Connect) 
• MS Office skills including Visio, PowerPoint, Excel and Word and experience using these tools to build system designs and provide updates. 

Expert level experience and very detailed technical knowledge in at least 3 of the following areas: general information security; security engineering; application architecture; authentication and security protocols; applications session management; applied cryptography; common communication protocols; mobile frameworks; single sign-on technologies; exploit automation platforms; RESTful web services.

The duties listed above are the essential functions, or fundamental duties within the job classification.  The essential functions of individual positions within the classification may differ. Texas Capital Bank may assign reasonably related additional duties to individual employees consistent with standard departmental policy.Texas Capital is an Equal Opportunity Employer.