Systems Engineer III, Cybersecurity Penetration Tester

About the position The Systems Engineer III, Cybersecurity Penetration Tester, is responsible for planning, executing, and leading complex security assessments across a variety of environments. Responsibilities • Plan, execute, and lead complex penetration tests, including internal, external, web application, network, mobile, IoT, API, social engineering, and cloud (e.g., AWS, Azure) assessments. • Perform red team engagements to simulate attacks and advanced persistent threats, highlighting gaps in security controls; some travel and on-site engagements required. • Identify, exploit, and document vulnerabilities using manual and automated techniques, adhering to methodologies and frameworks like OWASP Top 10, PTES, and MITRE ATT&CK. • Analyze testing results, assess risks, and produce detailed reports with findings, exploitation procedures, risk ratings, and actionable remediation recommendations. • Collaborate with client development, IT, and security teams to validate fixes, retest vulnerabilities, and improve overall security practices. • Mentor junior penetration testers, provide training on tools and techniques, demonstrate continuous learning, and contribute to team knowledge sharing. • Develop or customize scripts, tools, and methodologies to enhance testing efficiency and coverage. • Stay current with emerging threats, vulnerabilities, exploits, and offensive security trends. • Communicate technical findings clearly to non-technical stakeholders, including senior management. Requirements • Bachelor's degree in computer science, Information Security, Cybersecurity, or related field (or equivalent experience). • Five (5) or more years of hands-on experience in penetration testing or ethical hacking, preferably in enterprise or regulated environments. • Advanced security-related industry certifications (e.g., OSCP, GPEN) required. • Advanced proficiency with tools such as Burp Suite, Nmap, Metasploit, Nessus, Kali Linux, Wireshark, Social Engineering Toolkit, and cloud-specific testing frameworks. • Thorough understanding of Adversary TTPs and ability to emulate them in assessments. • Strong knowledge of network protocols, operating systems (Windows, Linux), web technologies, and common vulnerabilities (e.g., OWASP Top 10, SANS Top 25). • Experience in red teaming, vulnerability assessment, and reporting. • Excellent problem-solving, analytical, and communication skills (written and verbal). • Ability to work independently and lead engagements while collaborating in a team environment. • Proficient in exploit development and scripting languages such as Python, Ruby, Go, etc. Nice-to-haves • Offensive Security Certified Professional (OSCP), GIAC Penetration Tester (GPEN), GIAC Web Application Penetration Tester (GWAPT), or other relevant certifications (OSCE, GXPN, CEH, or equivalent). Benefits • Flexible paid time off • 5% 401K matching program • Equity opportunities • Incentive and bonus programs • Up to 16 weeks of paid parental leave • Flexible spending accounts • Full-health benefits with base employee coverage fully funded, comprising: • Medical, dental, and vision coverage • Life insurance • Short and long-term disability coverage • Income protection benefits Apply tot his job