Lead Penetration Test Engineer

About The Position

Requirements

• Bachelor’s degree in Computer Science, Information Systems, or a related field, or equivalent experience.
• Minimum 8 years of experience in information security with a strong focus on penetration testing, application security, and vulnerability management.
• Hands-on experience with penetration testing tools (e.g., Burp Suite, Nessus, Metasploit, Nmap) and methodologies (e.g., OWASP Top 10, MITRE ATT&CK, PTES).
• Expertise in identifying and exploiting common infrastructure and web application vulnerabilities (e.g., XSS, SQL Injection, IDOR).
• Familiarity with vulnerability classification and scoring frameworks (CVE, CVSS, CWE).
• Strong scripting or programming skills (e.g., Bash, Python, Go, PowerShell, JavaScript).
• Experience performing security assessments (DAST, SAST, SCA, credential scanning) and integrating security testing into CI/CD pipelines.
• Ability to translate complex technical findings into clear, actionable reports and confidently brief cross‑functional teams and executives.
• At least one recognized offensive security certification (OSCP, OSCE3, OSEP, GXPN, GPEN, or CREST CRT/CCT).

Nice To Haves

• Experience with cloud security across AWS, Azure, or GCP.
• Knowledge of AI/ML security and adversarial testing methods, including evaluating LLMs and other models for manipulation, evasion, and data integrity risks.
• Demonstrated involvement in the infosec community (e.g., open-source projects, bug bounties, CVE research, conference talks, or security publications).
• Experience applying the MITRE ATT&CK Framework to offensive security operations and threat emulation.
• Familiarity with secure software development practices and the software development lifecycle.
• Experience with Java application technologies, deployment frameworks, and associated security best practices.
• Ability to work collaboratively across teams while independently owning deliverables and maintaining accountability to deadlines.

Responsibilities

• Conduct comprehensive penetration testing of web applications, infrastructure, and cloud environments using both manual and automated techniques.
• Develop custom scripts, tools, and methodologies to enhance penetration testing capabilities and automate security testing within CI/CD pipelines.
• Apply cloud‑specific offensive techniques, including IAM abuse, container and serverless exploitation, and cloud misconfiguration testing.
• Collaborate with engineering and development teams to analyze vulnerabilities, develop remediation plans, and strengthen application security across development and production lifecycles.
• Perform detailed security assessments using DAST, SAST, and SCA tools to ensure continuous validation and improvement of security controls.
• Lead and participate in attack simulations and tabletop exercises to validate security controls and improve organizational response capabilities.
• Research emerging threats, attack vectors, and adversarial techniques to inform offensive and defensive strategies.
• Partner with internal teams to design and execute threat assessments based on intelligence feeds and threat actor analysis.
• Communicate and present penetration testing and security assessment findings to both technical and non‑technical stakeholders.
• Provide actionable remediation guidance and risk mitigation strategies to strengthen the organization’s overall security posture.

Benefits

• Health care coverage designed for the mind and body.
• Generous time off helps keep you energized for your time on.
• Access a wealth of resources to grow your career and learn valuable new skills.
• Secure your financial future through competitive pay, retirement planning, a continuing education program with a company-matched student loan contribution, and financial wellness programs.
• Best-in class benefits for families.
• Retail discounts.
• Referral incentive awards.