Penetration Tester (REMOTE)

Employment Type:

Full time

Shift:

Description:

Open to Remote locations

Trinity Health penetration testers perform security tests on networks, web-based applications, and computer systems. They design these tests and tools to try to break into security-protected applications and networks to probe for vulnerabilities. In this role, you'll be providing advanced knowledge, concepts, and analytical skills in the area of Information Security to direct and support the management and administration of information security services in one or more specific information security domains, which includes:

• Risk Assessments (Projects or Programs)
• Data Loss Prevention
• User Access Reviews
• Regulatory Compliance; i.e. PCI
• Security Reporting Tracking
• Vulnerability Scanning & Mitigation
• eDiscovery and Forensics
• Incident Response Coordination
• Communications and Awareness

Highly desired skills include:

- Advanced computer skills
- Information security knowledge and experience
- Scripting and Programming
- Reporting and Writing
- Problem Solving Skills

Qualifying Certifications:

Burp Suite Certified Practitioner (BSCP)
Practical Network Penetration Tester (PNPT)
Offensive Security Certified Professional (OSCP)
Offensive Security Web Expert (OSWE)
eLearnSecurity Junior Penetration Tester (eJPT)
eLearnSecurity Certified Professional Penetration Tester (eCPPT)
Certified Penetration Tester (CWAPT)
GIAC Web application Penetration Tester (GWAPT)
GIAC Penetration Tester (GPEN)

In this role, a candidate will be expected to perform enterprise and system focused network and application penetration test engagements. Communicate findings and strategy effectively to client stakeholders, including technical staff, executive leadership, and peers. Apply security testing and penetration testing techniques and mindset to a wide range of projects. Represent Enterprise Information Security on IT standards and review committees. Acts as an advocate and resource on information security for various teams, areas and/or system-wide initiatives.  

ESSENTIAL FUNCTIONS

• Knows, understands, incorporates and demonstrates the Trinity Health Mission, Vision and Values in behaviors, practices and decisions.
• Develops designs and operates one or more information security domains. Provides technical consultation and assistance in identifying, evaluating and documenting use of systems and other related services to ensure compliance with EIS policies.
• Independently perform web, mobile, and thick application penetration tests.
• Perform security reviews of application designs, covering all types of applications (web application, web services, mobile applications, thick client applications, SaaS)
• Apply offensive cybersecurity testing techniques, coordinate testing projects with internal and external systems.
• Reports the nature of identified cyber security risks and recommends risk mitigation measures to improve the cyber security posture of the enterprise.
• Participate in Security Assessments of networks, systems and applications
• Work on improvements for provided security services, including the continuous enhancement of existing methodology material and supporting assets.
• Participates in site-specific meetings.  Participates in the creation of the development and implementation of annual objectives and tactical plans to achieve strategic planning initiatives.  Monitors or enforces security policies, procedures and standards to ensure conformance with TIS objectives.
• Other duties as needed and assigned by the manager.
• Maintains a working knowledge of applicable Federal, State, and local laws and regulations, Trinity Health’s Organizational Integrity Program, Standards of Conduct, as well as other policies and procedures in order to ensure adherence in a manner that reflects honest, ethical, and professional behavior.
• Ensures all projects and services meet Trinity Health Information security and regulatory standards, policies and procedures while delivering business requirements.
• pay grade 15 range 98,240.28-147,360.42  Actual compensation will fall within the range but may vary based on factors such as experience, qualifications, education, location, licensure, certification requirements, and comparisons to colleagues in similar roles.

MINIMUM QUALIFICATIONS

• Bachelor’s degree or an equivalent combination of education and experience.
• Minimum of two (2) to five (5)  years of Penetration Testing, and or progressive experience tied to IT security, operations, development with a focus on securing IT environments/infrastructure.
• In-depth knowledge and experience with penetration testing. Expected to test and analyze security functions for malware, design weaknesses, technical flaws, and system vulnerabilities. 
• Certification(s) in one or more of the following: GPEN, GXPN, OSCP, OSWE, OSCE, eJPT, eCPPT, eCPTX, PNPT, Burp Suite Certified Practitioner would be ideal.
• Experience in reconnaissance (network & system), exploitation, and lateral movement (post exploitation activities), Wi-Fi, malware, packet analysis, reverse engineering.
• Demonstrates proven extensive knowledge of application security, network segregation, access controls, IDS/IPS devices, cryptography, physical security, and information security risk management;
• Experience with tools such as Burpsuite, Kali Linux, NMAP, AttackForge, Jira, and Git
• Demonstrates knowledge of Networking protocols, TCP/IP stack, systems architecture, and operating systems.
• Demonstrates knowledge of common programming and scripting languages, such as Python, PowerShell, Ruby, or Bash.
• Cybersecurity frameworks and methodologies from industry-leading practices such as NIST, FFIEC, and OWASP.
• Must be team oriented, supportive, and committed to excellence and possess high level of initiative and self-motivation with demonstrated work ethic.
• Must be committed to continual personal and professional growth, possess a pro-active approach with a willingness to “go the extra mile” every time for the customer.
• Must be comfortable operating in a collaborative, shared leadership environment.
• Must possess a personal presence that is characterized by a sense of honesty, integrity, and caring with the ability to inspire and motivate other.

PHYSICAL AND MENTAL REQUIREMENTS AND WORKING CONDITIONS

• This position operates in a typical office environment.  The area is well lit, temperature-controlled and free from hazards. 
• Incumbent communicates frequently, in person and over the telephone, with people in a number of different locations on technical issues. 
• Manual dexterity is needed in order to operate a keyboard. Hearing is needed for extensive telephone and in person communications. 
• The environment in which the incumbent will work requires the ability to concentrate, meet deadlines, work on several projects at the same period and adapt to interruptions. 
• The incumbent must be capable of traveling in the course of completing project assignments. 
• Must be available for on-call rotations to support 24x7x365 service availability.
• Must be able to travel to the various Trinity Health sites (up to 20%) as needed (may or may not apply).

Our Commitment

Rooted in our Mission and Core Values, we honor the dignity of every person and recognize the unique perspectives, experiences, and talents each colleague brings. By finding common ground and embracing our differences, we grow stronger together and deliver more compassionate, person-centered care. We are an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, or any other status protected by federal, state, or local law.