Senior Cybersecurity Engineer - Penetration Tester

About the position

JOIN TARGET CYBERSECURITY AS A SENIOR ENGINEER - PENETRATION TESTER. About Us Target is an iconic brand, a Fortune 50 company and one of America’s leading retailers. Target as a tech company? Absolutely. We’re the behind-the-scenes powerhouse that fuels Target’s passion and commitment to cutting-edge innovation. We anchor every facet of one of the world’s best-loved retailers with a strong technology framework that relies on the latest tools and technologies—and the brightest people—to deliver incredible value to guests online and in stores. Target Technology Services is on a mission to offer the systems, tools and support that guests and team members need and deserve. Our high-performing teams balance independence with collaboration, and we pride ourselves on being versatile, agile and creative. We drive industry-leading technologies in support of every angle of the business, and help ensure that Target operates smoothly, securely and reliably from the inside out. Attention: This role is defined as hybrid in Minneapolis, MN. The candidate selected for this role must reside in Minneapolis or the surrounding area. Relocation packages are available if you currently do not live in the required area for this role. Residing in Minneapolis or the surrounding area is a requirement for the role and is not negotiable.

Responsibilities

• Perform penetration testing against Target-developed applications and scoped PCI assets.
• Manage the entire lifecycle of penetration testing from discovery, triage, testing, and validation of findings.
• Identify and report security vulnerabilities in web applications, APIs, networks, and enterprise systems.
• Provide clear, well-written assessments and findings with clearly defined business impact.
• Consult with Target Tech and Security partner teams to explain findings, address security concerns, and provide guidance.
• Support mentorship and knowledge sharing within the team.
• Triage Bug Bounty program reports and escalate high and critical security issues with partner teams.
• Engage in threat model activities and provide domain expertise to best support identifying threats.
• Provide technical oversight and coach others to resolve complex technical issues.
• Advocate for team penetration testing and bug bounty program process and tool improvements.

Requirements

• 4-year degree or equivalent experience.
• 5+ years of penetration testing experience.
• Demonstrates strong domain-specific knowledge regarding penetration testing and web application security testing.
• Advanced knowledge of Burp Suite and other security tools (nmap, nuclei, etc).
• Ability to work independently and collaborate with teams effectively.
• Strong time management and ability to meet deadlines.
• Ability to prioritize impactful findings.
• Experience working with Mac, Windows, and Linux.
• Strong verbal and written communication skills - clearly communicates security concepts to leadership and partners within product team.
• Demonstrates a solid understanding of the impact of own work on the team and/or guests.
• Ability to automate and script tasks using preferred language (GoLang, Python, etc).
• Strong problem-solving and critical-thinking skills.
• Passionate about mentorship and knowledge-sharing.
• Stays current with new and evolving technologies via formal training and self-directed education.

Benefits

• Comprehensive health benefits and programs, which may include medical, vision, dental, life insurance and more.
• 401(k).
• Employee discount.
• Short term disability.
• Long term disability.
• Paid sick leave.
• Paid national holidays.
• Paid vacation.