Security Engineer - Penetration (Pen) Tester
Boulder, Colorado, United States
- Prioritize, lead, and perform advanced penetration testing for network, web applications, business application, and cloud infrastructure.
- Guide the team in the development of technical frameworks, tools and execution of pen tests
- Conduct red team assessments and adversary emulation engagements to support the organizations risk management program.
- Coordinate and execute “Purple teaming” exercises in collaboration with the Security Operations team
- Collaborate with 3rd parties including consulting firms and security researchers on coordinating assessments, validating vulnerability reports/findings and influencing remediation
- Build processes to coordinate pentests and establish remediation cadence cross-functions
- Scope and deliver security testing engagements on-time within stakeholder requirements and organizational needs
- Work closely with the Information Security team and Software Development teams in securing product software and network assets
- Provide technical reviews of deliverables, results and internal documentation
- Evaluate remediation suggestions and provide consultative support with implementation f remediation steps, standards, and best practices where needed,
- At least 2 years’ experience in an IT or security function, with at least 1 year of hands-on experience in a penetration testing role
- Experience with Python, PowerShell, or similar scripting language
- Experience using industry standard offensive security tools
- You have proven experience pen testing in web applications, network, wifi and cloud computing solution (AWS, GCP, Kubernetes/Docker)
- You have a proficiency with enterprise operating systems, including Linux and Windows
- You have practical experience with assessing encryption, IAM systems, VPN and authentication technologies
- Strong familiarity with at least one of the following: OWASP Top 10, PTES, or NSA Vulnerability and Penetration Testing Standards
- Experience facilitating penetration testing efforts in one or more of the following Compliance frameworks (FedRAMP, PCI, SOCII, HIPAA)
- Experience with API penetration testing
- Experience with containerization offensive techniques
- Drive and determination
- Ability to work in a fast paced and dynamic environment
- Ability to participate with others as a member of the team to ensure that demanding and difficult projects are handled smoothly and cooperatively to enhance the success of the projects and maintain strong relationships within all parts of the company.
- Strong communication and presentation skills
- Driven to perform
- Self-directed: needs little explicit direction
- Able to organize, prioritize, and delegate tasks to efficiently move projects forward.
- BS (or equivalent) in Cyber security, Information Security, IT, EE, Network Engineering, Computer Science, or related field
Invitae offers a competitive total rewards package, which includes healthcare coverage, 401k, and a broad range of other benefits, outlined below:
Health, dental, vision, short- and long-term disability, and basic life insurance coverage
Paid time off, holiday pay, parental leave, and other health and wellness supports
Expected Pay Rate in Colorado: $69,000
Compensation for the role will depend on a number of factors, including a candidate’s geographic location, qualifications, skills, competencies and experience and may fall outside of the range shown.
At Invitae, we value diversity and provide equal employment opportunities (EEO) to all employees and applicants without regard to race, color, religion, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. We will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of the San Francisco Fair Chance Ordinance.