Unknown Company is hiring a Senior Penetration Tester

Humana is looking for a Senior Penetration Tester to enable secure and compliant business operations by performing application security-focused penetration tests. You will conduct comprehensive security assessments to identify vulnerabilities across our technology infrastructure and translate technical findings into actionable business risk recommendations.

What You'll Do

• Lead moderate to complex penetration tests with autonomy and make recommendations to leadership.
• Design and execute comprehensive penetration tests across web applications, network infrastructure, cloud environments, and mobile platforms.
• Identify and document novel vulnerabilities in web applications, APIs, thick clients, Cloud, and AI/LLM/ML-powered applications.
• Develop targeted test cases for specific technologies and environments not covered by standard approaches.
• Draft comprehensive technical reports with clear risk assessments and actionable remediation guidance for technical and executive audiences.
• Present findings to development teams, infrastructure groups, and business stakeholders.
• Lead closing meetings with business stakeholders such as application owners, security teams, and information security offices.
• Use independent judgment to prioritize findings based on business impact, exploitability, and organizational risk tolerance.
• Maintain proficiency with current testing tools, exploit techniques, and emerging attack vectors with considerable autonomy.
• Research and integrate new testing methodologies and develop custom tools when commercial solutions are insufficient.
• Ensure assessments meet service level agreements, such as completing standard web application assessments within established timeframes.
• Contribute technical expertise during consulting rotations and occasional 'lunch & learns'.
• Deconflict alerts as requested by incident response and threat hunting teams.
• Make recommendations regarding security testing approaches based on offensive security expertise and best industry practices.
• Propose enhancements to testing methodologies, identify gaps in organizational security controls, and suggest new assessment approaches.
• Occasionally collaborate with architecture and engineering teams as a consulted stakeholder.

What We're Looking For

• Minimum 5 years of experience in penetration testing, ethical hacking, or offensive security operations.
• Experience with enterprise security testing across network infrastructure, mobile and web applications, and cloud environments.
• Advanced proficiency in scripting languages such as Python, PowerShell, Bash, or Ruby for automation and custom tool development.
• Proficiency with industry-standard tools, including Burp Suite, Metasploit, Nmap, BloodHound, and custom exploitation frameworks.
• Experience with major Cloud Service Providers, including AWS, Azure, and GCP security testing.
• Strong understanding of network protocols, web application architectures, and enterprise security technologies.
• Knowledge of regulatory compliance frameworks, particularly PCI DSS penetration testing requirements and methodologies.
• Demonstrated ability to work autonomously on complex technical security assessments.
• Excellent communication skills with experience in presenting technical findings to both technical and executive stakeholders.
• Relevant industry certifications, including but not limited to: OSCP, OSWE, CPTS, CBBH, or equivalent advanced credentials.

Nice to Have

• 7+ years of experience in advanced penetration testing or red team operations.
• 7+ years of experience in Application Security-focused research and exploit development.
• Expertise in Mobile application security testing (iOS/Android).
• Experience performing Cloud (AWS, Azure, or GCP), Microsoft Active Directory, and Entra ID-focused security assessments.
• Familiarity with AI/ML security testing, including LLM-powered applications, prompt injection attacks, and AI model security assessments.
• Experience with security automation, CI/CD pipeline security testing, and DevSecOps practices.
• Published research, blog posts, or speaking engagements at industry conferences such as DEF CON, BSIDES, Black Hat, or regional security conferences.
• CWEE, OSCE3 certifications.

Technical Stack

• Scripting: Python, PowerShell, Bash, Ruby
• Tools: Burp Suite, Metasploit, Nmap, BloodHound
• Cloud: AWS, Azure, GCP

Team & Environment

You will join a highly specialized offensive security team within Cyber Threat Simulation (CTS), collaborating with Red Team, Breach and Attack Simulation, and Bug Bounty professionals. You will report to an Associate Director of Penetration Testing.

Benefits & Compensation

• Compensation range: $117,600 - $161,700 per year.
• Access to Hack The Box Pro Labs, all HTB role-based training paths and certifications.
• Discretionary certification funding and conference/training budgets.
• Dedicated Fridays for research and development.
• Medical, dental and vision benefits.
• 401(k) retirement savings plan.
• Time off (including paid time off, company and personal holidays, volunteer time off, paid parental and caregiver leave).
• Short-term and long-term disability and life insurance.

Work Mode

This is a remote position.

Humana is an equal opportunity employer and does not discriminate against any employee or applicant for employment because of race, color, religion, sex, sexual orientation, gender identity, national origin, age, marital status, genetic information, disability or protected veteran status.