Penetration Tester Jobs

About The Position

Requirements

• Technical Skills
• Strong hands on experience with penetration testing across:
• Networked products and systems
• Operating systems and applications
• Devices deployed in customer managed environments
• Experience testing:
• Authentication and authorization mechanisms
• Privilege boundaries and lateral movement scenarios
• Configuration and update workflows
• Secure communication paths and trust assumptions
• Familiarity with common offensive security tools and techniques
• Experience
• 5+ years of hands on penetration testing or offensive security experience
• Demonstrated ability to test products, not just enterprise IT environments
• Experience working directly with engineering teams on remediation, verification, and validation
• Certificates, Licenses, Registrations
• A professional security management certification or is working towards obtaining a professional security management certification such as:
• OSCP – Offensive Security Certified Professional
• OSEP / OSWE / OSEE – Advanced OffSec certifications
• GIAC GPEN – Penetration Tester
• GIAC GXPN – Exploit Researcher & Advanced Pentester
• GIAC GMOB – Mobile Device Security Analyst
• CREST CRT / Registered Penetration Tester

Nice To Haves

• Experience with medical devices, IoMT, or safety critical systems
• Exposure to systems with mixed platforms (e.g., workstation, mobile, embedded)
• Embedded systems, firmware, or hardware testing experience
• Familiarity with:
• CVSS (v3.1 or v4)
• Threat modeling methodologies (e.g., STRIDE, PASTA, Attack Trees, CIA)
• Software supply chain and dependency risk
• Experience assessing systems deployed in healthcare or regulated environments

Responsibilities

• Penetration Testing & Exploitation
• Perform manual and automated penetration testing of:
• Medical devices and bedside systems
• Clinical software running on workstation and mobile platforms
• Device to device and system to system communication paths
• Assess security across:
• Physical access and local interfaces
• Operating system and application layers
• Network exposure within customer environments
• Authentication, authorization, and privilege boundaries
• Update, provisioning, and configuration mechanisms
• Focus on realistic attacker behavior, not theoretical vulnerabilities
• Assess security of systems that include optional or supporting cloud‑based services as part of product workflows.
• Product Focused Security Assessment
• Validate exploitability of issues identified through:
• Threat modeling
• Architecture reviews
• Vulnerability scanning and SBOM analysis
• Test systems with legacy constraints, limited resources, or long lifecycle expectations
• Evaluate security risks in the context of clinical use, availability, and safety
• Reporting & Collaboration
• Produce clear, structured penetration test reports that include:
• Reproducible steps and supporting evidence
• Impact assessment in clinical and operational context
• Practical, product appropriate remediation guidance
• Partner with Product Security to:
• Support CVSS scoring and risk classification
• Validate mitigations and compensating controls
• Retest fixes and confirm closure
• Work collaboratively with Engineering and Test teams without acting as a gatekeeper or compliance authority

Benefits

• Along with a competitive salary and bonus structure, Natus offers a comprehensive healthcare package that starts on your first day of employment, paid statutory holidays, 3 weeks’ vacation and 7 sick days, RRSP Match, tuition reimbursement program eligibility and more...