Penetration Tester

Who Are We?  
We’re not just a company; we’re a global force. Fiercely committed to ensuring that everyone, everywhere, can live their lives digitally safe. Our family of brands – Norton, Avast, LifeLock, Avira, AVG, ReputationDefender and CCleaner – unite the brightest minds, the sharpest tech, and the most diverse thinking to protect over 500 million people. And we’ve built an inclusive workplace, where your well-being is a priority because true success comes from a place of balance and authenticity. When you're thriving, you’re unstoppable. So, bring us your bold ideas and passion that refuses to quit. The digital world isn’t some distant reality – it's the world we live in, and we’re ready for it. If you’re ready to push boundaries and be part of something bigger, join #TeamGen.

 
How We Work? 
Our hybrid work model (3 days in the office) gives us the face-to-face time to have creative conversations, meaningful meetings, make quick decisions and build relationships. At the same time, it offers flexibility you need to focus and do your best work

Mission and Goals
A senior member of the Gen Red Team will play a crucial role in securing our digital assets by actively hunting for and identifying threats and vulnerabilities that are not detected by traditional scanning methods. You will be responsible for end-end application penetration testing and for conducting sophisticated adversarial simulations (Red Teaming) to continuously enhance Gen's cyber resilience against advanced attacks.

The ideal candidate will have a strong background in both information security and computer science, with a deep understanding of core concepts such as networking, application security, and operating system functionalities. Additionally, you should have the ability to learn and apply advanced techniques like application manipulation, exploit development, and stealthy operations.

Objectives

• Conduct network penetration, web, mobile, business application testing, source code reviews, and threat analysis.

• Lead Red and Purple Team exercises to improve defensive capabilities.

• Lead and execute penetration tests aligned with regulatory standards, specifically focusing on FTC and PCI compliance.

• Perform wireless network assessments, AI-driven system testing, and physical security assessments.

• Create comprehensive reports and presentations tailored for technical and executive audiences.

• Effectively communicate security findings and remediation strategies to technical teams, executive leadership, and legal counsel.

• Utilize attacker tools, tactics, and procedures (TTPs) safely in testing environments.

• Develop scripts, tools, and methodologies to enhance the red teaming and penetration testing processes.

Competencies

• 5+ years of penetration testing or related security experience.

• Expertise in at least three of the following:

  • Network penetration testing and manipulation of network infrastructure.

  • Web, mobile, and/or desktop application assessments.

  • Social engineering assessments (email, phone, or physical).

  • Automation or scripting using Perl, Python, Ruby, or similar languages.

  • Exploit development or modifying shellcode and existing exploit tools.

  • Application development in C#, ASP.NET, Objective C, or Java (J2EE).

  • Reverse engineering malware, data obfuscation, or cryptographic systems.

  • Regulatory penetration testing, particularly focusing on FTC and PCI compliance standards.

  • Source code review for control flow and security vulnerabilities.

• Strong knowledge of operating systems and network protocols.

• Proficiency with tools such as Burp Suite, Checkmarx, Snyk, Wireshark, Fiddler, and Wiz.

• Ethical approach to security and business operations.

• Fluency in written and spoken English (B2 level or higher).

• Familiarity with Kali Linux and security frameworks like MITRE ATT&CK.

• Desire to continuously learn new techniques and attack vectors.

Preferred Skills:

• Experience with wireless, web application, and network security testing tools.

• Familiarity with ICS, SCADA, BACnet protocols, and covert communication channels.

• Basic understanding of AI and machine learning security, including adversarial attacks, model poisoning and secure deployment of AI systems.

• Working knowledge of Unix/Linux/Mac/Windows operating systems, including scripting in Bash and Powershell.

• Experience with security controls in AWS, GCP, and Azure cloud environments.

• Understanding of security principles like defense-in-depth and security architectures.

• Experience in guiding and mentoring junior team members, with a focus on developing technical skills and expertise.

• Industry certifications like OSCP, OSWP, GPEN, GWAPT, OSCE, OSEE, GXPN, CEH or equivalent are highly desirable.

Gen is proud to be an equal-opportunity employer, committed to diversity and inclusivity. We base employment decisions on merit, experience, and business needs, without considering race, color, national origin, age, religion, sex, pregnancy, genetic information, disability, medical condition, marital status, sexual orientation, gender identity or expression, military or veteran status, or other unlawful factors. Gen prohibits discrimination based on these protected characteristics and recruits talented candidates from diverse backgrounds.

We consider individuals with arrest and conviction records and do not discriminate against employees for discussing their own pay or that of other employees or applicants. Learn more about pay transparency. 

To conform to U.S. export control regulations, applicant should be eligible for any required authorizations from the U.S. Government.