Job Description
Employment Type:Full timeShift:Description:Open to Remote locationsTrinity Health penetration testers perform security tests on networks, web-based applications, and computer systems.They design these tests and tools to try to break into security-protected applications and networks to probe for vulnerabilities.In this role, you'll be providing advanced knowledge, concepts, and analytical skills in the area of Information Security to direct and support the management and administration of information security services in one or more specific information security domains, which includes:oRisk Assessments (Projects or Programs)o Data Loss Preventiono User Access Reviewso Regulatory Compliance; i.e.PCIo Security Reporting Trackingo Vulnerability Scanning & Mitigationo eDiscovery and Forensicso Incident Response Coordinationo Communications and AwarenessHighly desired skills include: Advanced computer skills- Information security knowledge and experience- Scripting and Programming- Reporting and Writing- Problem Solving SkillsQualifying Certifications:Burp Suite Certified Practitioner (BSCP)Practical Network Penetration Tester (PNPT)Offensive Security Certified Professional (OSCP)Offensive Security Web Expert (OSWE)eLearnSecurity Junior Penetration Tester (eJPT)eLearnSecurity Certified Professional Penetration Tester (eCPPT)Certified Penetration Tester (CWAPT)GIAC Web application Penetration Tester (GWAPT)GIAC Penetration Tester (GPEN)In this role, a candidate will be expected to perform enterprise and system focused network and application penetration test engagements.Communicate findings and strategy effectively to client stakeholders, including technical staff, executive leadership, and peers.Apply security testing and penetration testing techniques and mindset to a wide range of projects.Represent Enterprise Information Security on IT standards and review committees.Acts as an advocate and resource on information security for various teams, areas and/or system-wide initiatives.ESSENTIAL FUNCTIONSKnows, understands, incorporates and demonstrates the Trinity Health Mission, Vision and Values in behaviors, practices and decisions.Develops designs and operates one or more information security domains.Provides technical consultation and assistance in identifying, evaluating and documenting use of systems and other related services to ensure compliance with EIS policies.Independently perform web, mobile, and thick application penetration tests.Perform security reviews of application designs, covering all types of applications (web application, web services, mobile applications, thick client applications, SaaS)Apply offensive cybersecurity testing techniques, coordinate testing projects with internal and external systems.Reports the nature of identified cyber security risks and recommends risk mitigation measures to improve the cyber security posture of the enterprise.Participate in Security Assessments of networks, systems and applicationsWork on improvements for provided security services, including the continuous enhancement of existing methodology material and supporting assets.Participates in site-specific meetings.Participates in the creation of the development and implementation of annual objectives and tactical plans to achieve strategic planning initiatives.Monitors or enforces security policies, procedures and standards to ensure conformance with TIS objectives.Other duties as needed and assigned by the manager.Maintains a working knowledge of applicable Federal, State, and local laws and regulations, Trinity Health's Organizational Integrity Program, Standards of Conduct, as well as other policies and procedures in order to ensure adherence in a manner that reflects honest, ethical, and professional behavior.Ensures all projects and services meet Trinity Health Information security and regulatory standards, policies and procedures while delivering business requirements.pay grade 15 range 98,240.28-147,360.42 Actual compensation will fall within the range but may vary based on factors such as experience, qualifications, education, location, licensure, certification requirements, and comparisons to colleagues in similar roles.MINIMUM QUALIFICATIONSBachelor's degree or an equivalent combination of education and experience.Minimum of two (2) to five (5) years of Penetration Testing, and or progressive experience tied to IT security, operations, development with a focus on securing IT environments/infrastructure.In-depth knowledge and experience with penetration testing.Expected to test and analyze security functions for malware, design weaknesses, technical flaws, and system vulnerabilities.Certification(s) in one or more of the following:GPEN, GXPN, OSCP, OSWE, OSCE, eJPT, eCPPT, eCPTX, PNPT, Burp Suite Certified Practitioner would be ideal.Experience in reconnaissance (network & system), exploitation, and lateral movement (post exploitation activities), Wi-Fi, malware, packet analysi