Principal Penetration Tester

We are CONNECTING HEALTH AND WEALTH. Come be part of remarkable. 

How you can make a difference  

We are seeking a highly skilled Principal Penetration Tester to join our cybersecurity team. This role involves proactive identification and mitigation of vulnerabilities in our customer-facing SaaS applications. The ideal candidate will have extensive experience in penetration testing, particularly in web-based applications, and a strong understanding of offensive security techniques.

What you’ll be doing

• Lead Penetration Testing: Perform thorough penetration testing on applications, networks, systems, and infrastructure. Simulate real-world attacks to identify vulnerabilities and risks.
• Security Assessments: Conduct risk assessments and vulnerability analysis, providing detailed reports that outline findings, severity, and remediation recommendations.
• Red Team Engagements: Lead and participate in advanced Red Team exercises to test an organization’s security readiness against sophisticated attacks.
• Tool Development: Build, modify, and customize tools/scripts for specific penetration testing scenarios.
• Reporting and Documentation: Generate comprehensive reports that explain the vulnerabilities found, their potential impact, and recommended remediation strategies.
• Collaboration: Work closely with IT, development, and operations teams to communicate vulnerabilities and guide remediation efforts.
• Research and Development: Stay up-to-date on the latest threats, vulnerabilities, and security technologies. Continuously research new attack techniques and defense strategies.
• Mentorship: Mentor junior team members, providing guidance and sharing knowledge of best practices and cutting-edge techniques. Continue to formally document HealthEquity’s layered security model and build out current and future state security models.
• Foster a working environment that is conducive to two-way communication, teamwork and learning.

What you will need to be successful

• Proven experience in penetration testing, particularly on SaaS applications.
• Familiarity with solutions like Burp Suite, Metasploit, and OWASP Top 10.
• Strong understanding of web application security and common vulnerabilities.
• Ability to think like an attacker and approach testing with a black box mentality.
• Ability to chain multiple exploits together to demonstrate complex attack scenarios.
• Excellent problem-solving skills and attention to detail.
• Strong communication skills, with the ability to explain complex security issues to non-technical stakeholders.

#LI-Remote

This is a remote position.