Penetration Testing Engineer II
About The Position
The Penetration Testing Engineer II will be responsible for managing program assessments from initial planning through final reporting, including scheduling and stakeholder communications. This role involves preparing assessment documentation and contributing to process improvement and automation for the assessment methodology. Key duties include conducting security assessments of client and contractor hardware to ensure compliance with security requirements and analyzing adherence to federal and legislative regulations. The engineer will collaborate with cybersecurity and development teams to identify critical and high-risk assets such as web/mobile applications, servers, networks, Point of Sales machines, and robots. A core function is performing in-depth security assessments and penetration testing on these assets, adhering to standards like OWASP Top 10, SANS Top 25, HIPAA, and PCI DSS. The position requires identifying and exploiting vulnerabilities in various software applications, infrastructure, people, and processes across Walmart's network. The engineer will also be responsible for composing test reports, recording vulnerability data according to GRC processes, and providing technical debriefs to engineers/developers to aid in vulnerability remediation. Additionally, the role involves evaluating, maintaining, and creating testing tools, hardware, and equipment.
Requirements
- Master’s degree or the equivalent in Computer Science, Information Technology, Engineering, or related field plus 1 year of experience in information technology or related experience; OR Bachelor's degree or the equivalent in Computer Science, Information Technology, Engineering, or related field plus 2 years of experience in information technology or related experience; OR 4 years of experience in information technology or related experience.
- Experience with performing in-depth security assessment/penetration testing of business critical and high-risk assets as per OWASP Top 10.
- Experience with managing a program assessment (scoping) from initial planning, scheduling, and communications with systems owners and related stakeholders through to final reporting.
- Experience with delivering technical debriefs to engineers/developers, which helps them in fixing the identified vulnerability.
- Experience with manual and automated vulnerability assessment of web applications using Burp Suite, PostMan, MicroFocus Fortify, Nikto, Skipfish, SSLScan, DirBuster, Flagfox, Wappalyzer, Live HTTP Header and Tamper Data, Kali Linux.
- Experience with evaluating and maintaining testing tools, hardware, and equipment, creating new tools where appropriate.
- Bachelor's degree in computer science, information technology, engineering, information systems, cybersecurity, or related area.
- 3 years’ experience in penetration testing or related area at a technology, retail, or data-driven company.
Nice To Haves
- Certification in Security+, Network+, GISF, or GSEC.
- Background in creating inclusive digital experiences, demonstrating knowledge in implementing Web Content Accessibility Guidelines (WCAG) 2.2 AA standards, assistive technologies, and integrating digital accessibility seamlessly.
- Knowledge of accessibility best practices and joining Walmart in creating accessible products and services following Walmart’s accessibility standards and guidelines for supporting an inclusive culture.
Responsibilities
- Manage a program assessment (scoping) from initial planning, scheduling, communications with systems owners and related stakeholders through to final reporting.
- Prepare required assessment documentation.
- Assist in process improvement and automation for the assessment methodology.
- Conduct assessments of client and contractor hardware, to ensure compliance with security requirements.
- Analyze and determine compliance with applicable federal and legislative regulations.
- Partner with other cyber security and development team to identify businesses critical/high-risk assets [Web/mobile application, Servers, Network, Point of Sales machines, Robots].
- Perform in-depth security assessment/penetration testing of businesses’ critical and high-risk assets as per OWASP top ten, SANS top twenty-five, HIPPA and PCI DSS standard.
- Identify and exploit vulnerabilities in commercial, open source, and custom software applications; infrastructure; people; and processes running across one of the world’s largest networks.
- Compose test reports and record vulnerability data according to Governance, Risk, and Compliance (GRC) processes.
- Deliver technical debriefs to engineers/developers, which helps them in fixing the identified vulnerability.
- Evaluate and maintain testing tools, hardware, and equipment, creating new tools where appropriate.
Benefits
- Competitive pay
- Performance-based bonus awards
- Medical coverage
- Vision coverage
- Dental coverage
- 401(k)
- Stock purchase
- Company-paid life insurance
- Paid time off (PTO, including sick leave)
- Parental leave
- Family care leave
- Bereavement
- Jury duty leave
- Voting leave
- Short-term disability
- Long-term disability
- Company discounts
- Military Leave Pay
- Adoption and surrogacy expense reimbursement
- Live Better U (Walmart-paid education benefit program for full-time and part-time associates in Walmart and Sam's Club facilities, covering tuition, books, and fees for programs from high school completion to bachelor's degrees, including English Language Learning and short-form certificates)
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
