Senior Security Engineer - Penetration Testing

$83,430 - $222,480/Yr

CVS Health - Cheyenne, WY

posted 25 days ago

Full-time - Mid Level
Cheyenne, WY
Health and Personal Care Retailers

About the position

The Senior Security Engineer - Penetration Testing at CVS Health is responsible for conducting advanced penetration tests on various platforms, including web applications, mobile applications, network infrastructure, and cloud environments. This role is part of the enterprise penetration testing team within the Cyber Defense function, aimed at strengthening the security of CVS's application and network assets. The engineer will also develop methodologies, collaborate with other teams, and stay updated on cybersecurity trends to enhance the organization's security posture.

Responsibilities

  • Conduct advanced penetration tests on web applications, mobile applications, network infrastructure, and cloud environments.
  • Assist in scoping, executing, and peer reviewing penetration testing engagements.
  • Safely use various penetration testing tools and emulate hacker tactics when appropriate.
  • Develop scripts, tools, or methodologies to enhance CVS's penetration testing processes.
  • Create comprehensive and accurate reports and presentations for various stakeholders.
  • Stay updated with the latest cybersecurity threats, vulnerabilities, and trends.
  • Collaborate with other Cyber Defense teams to improve detection capabilities.

Requirements

  • 5+ years of overall experience with at least 3 years of hands-on experience in penetration testing applications and networks.
  • One or more offensive security certifications such as OSCP, OSCE, OSWE, GMOB, GPEN or equivalent.
  • Experience with cloud environments (GCP, Azure, AWS), web and mobile applications.
  • Deep understanding of network protocols, operating systems, and application technologies.
  • Strong knowledge of tools used for wireless, web application, and network security testing.
  • Good understanding of Unix/Linux/Mac/Windows operating systems, including bash and PowerShell.
  • Shell scripting or automation of simple tasks using Perl, Python, or Ruby.
  • Demonstrated ability to work independently or as part of a team.
  • Team player comfortable working in a dynamic environment.
  • Self-starter and capable individual contributor.
  • Ability to document and explain technical details to both technical & non-technical stakeholders.

Nice-to-haves

  • In-depth penetration testing of iOS and Android mobile applications.
  • Background in software development, system, and network administration.
  • Strong understanding of enterprise architecture and authentication mechanisms.
  • Good understanding of methods to secure microservices and APIs.
  • Strong understanding of networking, systems, and storage concepts in Cloud environments (AWS, Azure, GCP) preferred.
  • Knowledge of programming languages/scripting tools including Python, Shell scripts for penetration testing.
  • Advanced knowledge of penetration testing methodologies, tools, and frameworks such as Kali, Metasploit, Burp, Frida, and others.
  • Demonstrated ability to design, execute, and manage complex red team operations, including network exploitation and social engineering.
  • Experience bypassing modern defense mechanisms (EDR, SIEM, firewalls, etc.) and deep knowledge of adversary tactics (e.g., MITRE ATT&CK).

Benefits

  • Full range of medical, dental, and vision benefits.
  • 401(k) retirement savings plan.
  • Employee Stock Purchase Plan.
  • Fully-paid term life insurance plan.
  • Short-term and long-term disability benefits.
  • Well-being programs and education assistance.
  • Free development courses.
  • CVS store discount and discount programs with participating partners.
  • Paid Time Off (PTO) and paid holidays throughout the calendar year.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service