Senior Cybersecurity Engineer - Penetration Tester

About the position

JOIN TARGET CYBERSECURITY AS A SENIOR ENGINEER - PENETRATION TESTER. Target is an iconic brand, a Fortune 50 company and one of America's leading retailers. Target as a tech company? Absolutely. We're the behind-the-scenes powerhouse that fuels Target's passion and commitment to cutting-edge innovation. We anchor every facet of one of the world's best-loved retailers with a strong technology framework that relies on the latest tools and technologies-and the brightest people-to deliver incredible value to guests online and in stores. Target Technology Services is on a mission to offer the systems, tools and support that guests and team members need and deserve. Our high-performing teams balance independence with collaboration, and we pride ourselves on being versatile, agile and creative. We drive industry-leading technologies in support of every angle of the business, and help ensure that Target operates smoothly, securely and reliably from the inside out. As a Senior Engineer Penetration Tester on the Security Testing Services team, you help our team mission of protecting Target's guests by leveraging deep context of our environment, strong partnerships, and relentless curiosity as we drive industry-leading pentesting at scale. Our team values are collaboration, respect, being highly adaptive, and purposeful with our work. Our team of in-house penetration testers are conducting a variety of tests but are mainly focused on large comprehensive evaluation of our key Target business functions and processes along with PCI required testing. You'll be in direct contact with teams in a variety of business portfolios, giving you first-hand knowledge of how Target operates.

Responsibilities

• Perform penetration testing against our Target-developed applications, and our scoped PCI assets
• Manage the entire lifecycle of penetration testing from discovery, triage, testing, and validation of findings
• Identify and report security vulnerabilities in web applications, APIs, networks, and enterprise systems
• Provide clear, well-written assessments and findings with clearly defined business impact
• Consult with Target Tech and Security partner teams to explain findings, address security concerns, and provide guidance
• Support mentorship and knowledge sharing within the team
• Triage Bug Bounty program reports and escalate high and critical security issues with our partner teams
• Engage in threat model activities and provide domain expertise to best support identifying threats
• Provide technical oversight and coach others to resolve complex technical issues
• Advocate for team penetration testing and bug bounty program process and tool improvements

Requirements

• 4-year degree or equivalent experience
• 5+ years of penetration testing experience
• Demonstrates strong domain-specific knowledge regarding penetration testing and web application security testing
• Advanced knowledge of Burp Suite and other security tools (nmap, nuclei, etc)
• Ability to work independently and collaborate with teams effectively
• Strong time management and ability to meet deadlines
• Ability to prioritize impactful findings
• Experience working with Mac, Windows, and Linux
• Builds strong commitment within the team to support the appropriate team priorities
• Strong verbal and written communication skills - clearly communicates security concepts to leadership and partners within product team
• Demonstrates a solid understanding of the impact of own work on the team and/or guests
• Ability to automate and script tasks using preferred language (GoLang, Python, etc)
• Strong problem-solving and critical-thinking skills
• Passionate about mentorship and knowledge-sharing
• Stays current with new and evolving technologies via formal training and self-directed education

Benefits

• Comprehensive health benefits and programs, which may include medical, vision, dental, life insurance and more
• 401(k)
• Employee discount
• Short term disability
• Long term disability
• Paid sick leave
• Paid national holidays
• Paid vacation