Security Engineer - Penetration (Pen) Tester

Boulder, Colorado, United States

Invitae logo
Invitae
Apply now Apply later

Posted 1 month ago

Invitae is dedicated to bringing comprehensive genetic information into mainstream medicine to improve healthcare for billions of people. Our team is driven to make a difference for the patients we serve. We are leading the transformation of the genetics industry by making genetic testing affordable and accessible for everyone to guide health decisions across all stages of life.   POSITION SUMMARY: The Security Engineer - Penetration Tester has a broad scope of responsibilities ranging from testing a variety of ArcherDX’s flagship cloud-based genomics products, relaying findings to owners and information security teams, and helping to drive overall improvements to ArcherDX’s security posture.  This position will have a special focus on penetration testing, uncovering the security vulnerabilities, and working with the appropriate product owners to help mitigate vulnerabilities.   We are looking for a smart, passionate, and experienced Penetration Tester with a broad range of experience working in dynamic enterprise environments.   RESPONSIBILITIES: Job performance will involve a variety of activities including:
  • Prioritize, lead, and perform advanced penetration testing for network, web applications, business application, and cloud infrastructure. 
  • Guide the team in the development of technical frameworks, tools and execution of pen tests
  • Conduct red team assessments and adversary emulation engagements to support the organizations risk management program.
  • Coordinate and execute “Purple teaming” exercises in collaboration with the Security Operations team 
  • Collaborate with 3rd parties including consulting firms and security researchers on coordinating assessments, validating vulnerability reports/findings and influencing remediation
  • Build processes to coordinate pentests and establish remediation cadence cross-functions
  • Scope and deliver security testing engagements on-time within stakeholder requirements and organizational needs
  • Work closely with the Information Security team and Software Development teams in securing product software and network assets
  • Provide technical reviews of deliverables, results and internal documentation
  • Evaluate remediation suggestions and provide consultative support with implementation f remediation steps, standards, and best practices where needed, 
EXPERIENCE:
  • At least 2 years’ experience in an IT or security function, with at least 1 year of hands-on experience in a penetration testing role 
  • Experience with Python, PowerShell, or similar scripting language
  • Experience using industry standard offensive security tools
  • You have proven experience pen testing in web applications, network, wifi and cloud computing solution (AWS, GCP, Kubernetes/Docker) 
  • You have a proficiency with enterprise operating systems, including Linux and Windows
  • You have practical experience with assessing encryption, IAM systems, VPN and authentication technologies
  • Strong familiarity with at least one of the following: OWASP Top 10, PTES, or NSA Vulnerability and Penetration Testing Standards 
  • Experience facilitating penetration testing efforts in one or more of the following Compliance frameworks (FedRAMP, PCI, SOCII, HIPAA)
  • Experience with API penetration testing 
  • Experience with containerization offensive techniques
KEY ATTRIBUTES:
  • Drive and determination
  • Ability to work in a fast paced and dynamic environment
  • Ability to participate with others as a member of the team to ensure that demanding and difficult projects are handled smoothly and cooperatively to enhance the success of the projects and maintain strong relationships within all parts of the company.
  • Strong communication and presentation skills
  • Self-starter
    • Driven to perform
    • Self-directed: needs little explicit direction 
    • Able to organize, prioritize, and delegate tasks to efficiently move projects forward. 
EDUCATION:   
  •  BS (or equivalent) in Cyber security, Information Security, IT, EE, Network Engineering, Computer Science, or related field

Invitae offers a competitive total rewards package, which includes healthcare coverage, 401k, and a broad range of other benefits, outlined below:
Health, dental, vision, short- and long-term disability, and basic life insurance coverage
Paid time off, holiday pay, parental leave, and other health and wellness supports

Expected Pay Rate in Colorado: $69,000
Compensation for the role will depend on a number of factors, including a candidate’s geographic location, qualifications, skills, competencies and experience and may fall outside of the range shown.

At Invitae, we value diversity and provide equal employment opportunities (EEO) to all employees and applicants without regard to race, color, religion, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. We will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of the San Francisco Fair Chance Ordinance.

Job tags: AWS Compliance Docker Encryption FedRAMP HIPAA Kubernetes Linux Offensive Security PCI Penetration Tester Penetration testing Pen testing PowerShell Python Red team Risk management Vulnerabilities Windows
Job region(s): North America
Job stats:  20  2  0
Share this job: