Penetration Tester (REMOTE)

About the position Trinity Health penetration testers perform security tests on networks, web-based applications, and computer systems. They design these tests and tools to try to break into security-protected applications and networks to probe for vulnerabilities. In this role, you'll be providing advanced knowledge, concepts, and analytical skills in the area of Information Security to direct and support the management and administration of information security services in one or more specific information security domains, which includes: Risk Assessments (Projects or Programs), Data Loss Prevention, User Access Reviews, Regulatory Compliance; i.e. PCI, Security Reporting Tracking, Vulnerability Scanning & Mitigation, eDiscovery and Forensics, Incident Response Coordination, Communications and Awareness. In this role, a candidate will be expected to perform enterprise and system focused network and application penetration test engagements. Communicate findings and strategy effectively to client stakeholders, including technical staff, executive leadership, and peers. Apply security testing and penetration testing techniques and mindset to a wide range of projects. Represent Enterprise Information Security on IT standards and review committees. Acts as an advocate and resource on information security for various teams, areas and/or system-wide initiatives. Ensures all projects and services meet Trinity Health Information security and regulatory standards, policies and procedures while delivering business requirements.

Responsibilities

• Develops designs and operates one or more information security domains.
• Provides technical consultation and assistance in identifying, evaluating and documenting use of systems and other related services to ensure compliance with EIS policies.
• Independently perform web, mobile, and thick application penetration tests.
• Perform security reviews of application designs, covering all types of applications (web application, web services, mobile applications, thick client applications, SaaS).
• Apply offensive cybersecurity testing techniques, coordinate testing projects with internal and external systems.
• Reports the nature of identified cyber security risks and recommends risk mitigation measures to improve the cyber security posture of the enterprise.
• Participate in Security Assessments of networks, systems and applications.
• Work on improvements for provided security services, including the continuous enhancement of existing methodology material and supporting assets.
• Participates in site-specific meetings.
• Participates in the creation of the development and implementation of annual objectives and tactical plans to achieve strategic planning initiatives.
• Monitors or enforces security policies, procedures and standards to ensure conformance with TIS objectives.
• Other duties as needed and assigned by the manager.
• Maintains a working knowledge of applicable Federal, State, and local laws and regulations, Trinity Health’s Organizational Integrity Program, Standards of Conduct, as well as other policies and procedures in order to ensure adherence in a manner that reflects honest, ethical, and professional behavior.

Requirements

• Bachelor’s degree or an equivalent combination of education and experience.
• Minimum of two (2) to five (5) years of Penetration Testing, and or progressive experience tied to IT security, operations, development with a focus on securing IT environments/infrastructure.
• In-depth knowledge and experience with penetration testing.
• Expected to test and analyze security functions for malware, design weaknesses, technical flaws, and system vulnerabilities.
• Experience in reconnaissance (network & system), exploitation, and lateral movement (post exploitation activities), Wi-Fi, malware, packet analysis, reverse engineering.
• Demonstrates proven extensive knowledge of application security, network segregation, access controls, IDS/IPS devices, cryptography, physical security, and information security risk management.
• Experience with tools such as Burpsuite, Kali Linux, NMAP, AttackForge, Jira, and Git.
• Demonstrates knowledge of Networking protocols, TCP/IP stack, systems architecture, and operating systems.
• Demonstrates knowledge of common programming and scripting languages, such as Python, PowerShell, Ruby, or Bash.
• Cybersecurity frameworks and methodologies from industry-leading practices such as NIST, FFIEC, and OWASP.
• Must be team oriented, supportive, and committed to excellence and possess high level of initiative and self-motivation with demonstrated work ethic.
• Must be committed to continual personal and professional growth, possess a pro-active approach with a willingness to “go the extra mile” every time for the customer.
• Must be comfortable operating in a collaborative, shared leadership environment.
• Must possess a personal presence that is characterized by a sense of honesty, integrity, and caring with t