Penetration Testing Program Intern, Winter 2026 (Co-op Internship) - 4 months

📋 Description

• • Join BMO’s award-winning campus program as a Penetration Testing Program Intern for Winter 2026 and spend four high-impact months helping defend one of North America’s largest banks. You will be embedded in the Enterprise Information Security team, working shoulder-to-shoulder with senior penetration testers, red-team leads, and cyber-threat hunters to uncover vulnerabilities before adversaries do.
• • Own discrete pieces of real-world engagements: scope a target environment, design safe exploit chains, execute controlled tests, and document findings that are immediately briefed to technology owners and risk committees. Your work will directly influence how BMO hardens customer-facing web and mobile applications, cloud workloads, APIs, and critical mainframe services.
• • Build and maintain the Penetration Testing Program’s knowledge base by creating reusable test cases, attack-pattern libraries, and automated scripts that accelerate future assessments. You will be encouraged to open-source non-sensitive tooling under BMO’s GitHub presence, growing your public profile while giving back to the security community.
• • Leverage data analytics to quantify cyber-risk. Mine vulnerability scan outputs, threat-intel feeds, and incident-response data to produce executive dashboards that translate technical findings into business impact. Your insights will help prioritize remediation budgets and shape strategic roadmaps.
• • Champion secure-by-design thinking across agile squads. Participate in threat-modeling workshops, sprint reviews, and purple-team exercises to ensure security controls are baked into new features from inception rather than bolted on later.
• • Facilitate user-acceptance testing for new security tooling—everything from dynamic application security testing (DAST) platforms to cloud-native runtime sensors. Your feedback will guide vendor selection and configuration decisions that affect thousands of developers.
• • Contribute to BMO’s regulatory and audit readiness. Map penetration-test findings to NIST 800-53, PCI-DSS, OSFI guidelines, and internal control frameworks, ensuring evidence packages are crisp and complete for examiners and external auditors.
• • Collaborate with the wider campus cohort through the Women in Banking Mentorship Program, BMO Social Squad events, and the BMO Academy learning platform. Present your internship project at the end-of-term “Demo Day” to senior executives and potential future hiring managers.
• • Stay ahead of the curve by tracking emerging threats—ransomware-as-a-service tactics, cloud container escapes, AI-driven phishing—and translating them into actionable test scenarios. You will be given dedicated learning hours and a training budget to pursue SANS courses, capture-the-flag competitions, or certification attempts.
• • Embrace a culture of continuous improvement. At the close of your internship you will deliver a retrospective that identifies process gaps and recommends automation or workflow enhancements, leaving the program stronger for the next cohort of students.