Principal Penetration Tester, Information Security

We are seeking a highly skilled and experienced Lead Penetration Tester to join our security team. This role is an Individual Contributor position, where you will be responsible for performing advanced penetration tests on applications and infrastructure, including reverse engineering or exploit development. You will work closely with the Architecture, Software Engineering, Platform Engineering and Quality Engineering teams to identify vulnerabilities, assess risks and recommend effective mitigation strategies.

WHAT YOU WILL BE DOING

• Conduct Advanced Penetration Testing: Perform in depth penetration testing on web applications, APIs and cloud infrastructure to identify security vulnerabilities.
• Vulnerability Assessment: Evaluate and analyze security vulnerabilities within applications and infrastructure and prioritize findings based on risk and impact.
• Reporting and Documentation: Prepare detailed and comprehensive reports outlining findings, potential impact and recommended remediation steps. Communicate these reports effectively to technical and nontechnical stakeholders.
• Remediation Support: Collaborate with different stakeholders to provide guidance and support in the remediation of identified vulnerabilities.
• Security Tools & Automation: Utilize industry standard tools (e.g., Burp Suite, Metasploit, Nmap, Kali tools etc) and develop custom scripts or tools to enhance penetration testing capabilities. Automate repetitive testing tasks where possible.
• Threat Modeling: Participate in threat modeling exercises to assess potential security risks during the design phase of applications and infrastructure.
• Compliance & Standards: Ensure that penetration testing activities are aligned with relevant industry standards and compliance requirements, such as OWASP, NIST and ISO 27001.
• Risk-Based Mitigation Recommendations: Propose targeted mitigation steps for identified risks and threats, ensuring that recommendations are aligned with the application's risk profile, business context and the results of security assessments. Communicate these recommendations clearly to stakeholders, balancing security needs with business objectives to support informed decision-making and effective risk management.
• Mentorship: Provide guidance and mentorship to junior penetration testers, fostering a culture of continuous learning and professional growth.

WHAT YOU BRING

• Qualifications:
• Education: Bachelor’s degree in Computer Science, Information Security
• Relevant certifications (e.g., OSCP, OSCE, GPEN, GXPN, GICSP, GWAPT, OSWE, etc CISSP is a plus) are highly desirable.
• Experience: 
• Minimum 7-10 years of hands on experience in penetration testing of Applications, API, Thick Client and cloud infrastructure. 
• Proven track record of identifying and mitigating security vulnerabilities in complex environments. 
• Handson experience with reverse engineering or exploit development.
• Applications Development & Delivery, Secure SDLC
• Technical Skills:
• Expertise in penetration testing tools and techniques
• Strong understanding of network protocols, operating systems (Windows, Linux) and cloud environments AWS & Azure
• Experience with automation, scripting (Python, Go, Shell, Bash, etc.) for custom testing
• In Depth knowledge of secure coding practices

Saviynt is an amazing place to work. We are a high-growth, Platform as a Service company focused on Identity Authority to power and protect the world at work. You will experience tremendous growth and learning opportunities through challenging yet rewarding work that directly impacts our customers, all within a welcoming and positive work environment. If you're resilient and enjoy working in a dynamic environment you belong with us!
Saviynt is an equal opportunity employer, and we welcome everyone to our team.  All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.