Principal Penetration Tester
About The Position
The Principal Penetration Tester is responsible for strengthening internal security assurance across enterprise technology environments through independent, compliance focused security testing. This role evaluates the design and operating effectiveness of security controls, identifies gaps against regulatory, policy, and risk requirements, and supports audit and regulatory readiness. The position also plays a key role in building and maturing a centralized internal security testing capability with defensible, repeatable outcomes. This role is centered on internal security and compliance testing, with emphasis on assessing control effectiveness, validating controls through realistic threat scenarios, and producing clear, audit ready results that inform leadership decisions and remediation priorities.
Requirements
- 10+ years of cybersecurity experience with strong focus on security control testing, assurance, or risk based security assessments
- Proven experience evaluating security controls across cloud, application, network, and infrastructure environments
- Strong working knowledge of security frameworks and standards such as NIST, ISO, CIS, OWASP, CVSS, and internal risk models
- Experience supporting internal audit activities, regulatory examinations, or compliance programs
- Demonstrated ability to design defensible test plans, evaluate evidence, and assess control design and operating effectiveness
- Strong written communication skills with experience producing audit ready documentation and executive level reporting
- Ability to collaborate and influence across engineering, risk, audit, and compliance stakeholders
Nice To Haves
- Experience in highly regulated enterprise environments such as financial services
- Familiarity with secure development practices and DevSecOps control validation
- Experience automating security testing or evidence collection using scripting or security tooling
- Preferred certifications include GPEN, CISSP, CISA, OSCP, or equivalent
Responsibilities
- Plan, execute, and analyze regulatory and internal security testing across applications, cloud platforms, infrastructure, and endpoint environments
- Evaluate security control effectiveness using threat informed methodologies that consider adversary behavior, attack techniques, and architectural context
- Perform scenario based testing to validate controls under realistic operating conditions
- Analyze findings and deliver clear, actionable reporting aligned to business and risk impact
- Partner with technology owners to support remediation planning and validation testing
- Coordinate with internal and external testing teams to manage execution risks and dependencies
- Support internal audit and regulatory examinations by providing testing results, evidence, and assessments
- Partner with leadership to build, formalize, and mature a centralized internal security testing program and governance model
- Mentor and provide technical guidance to other security testing resources
- Contribute to metrics, dashboards, and reporting that demonstrate control maturity and risk reduction
- Identify opportunities to improve efficiency through automation of testing and evidence collection
Benefits
- comprehensive medical, dental and vision coverage
- retirement benefits
- maternity/paternity leave
- flexible work arrangements
- education reimbursement
- wellness programs
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Principal
Number of Employees
5,001-10,000 employees
