Senior Penetration Testing Engineer

Posted 10 Days Ago
Be an Early Applicant
New York, NY
122K-251K Annually
Senior level
Fintech • Financial Services
The Role
As a Senior Penetration Testing Engineer, you will conduct web application and network penetration tests, perform code reviews, execute security assessments, analyze vulnerabilities, and collaborate with cross-functional teams. You will create proof-of-concept exploits, coordinate security assessment deliverables, and stay updated on emerging threats while contributing to the development of automated security testing tools.
Summary Generated by Built In

“I can succeed as a Senior Penetration Testing Engineer at Capital Group”:

As the Senior Penetration Testing Engineer, you are an individual contributor in the Capital Group (CG) AppSec / Penetration Testing team. The CG AppSec team is part of Information Security in CG’s Information Technology Group. In the role you will be performing web application and network penetration tests, code reviews, security design reviews, red/purple team assessments, and providing security signoffs for technology initiatives. You will be discovering security issues across web applications, native applications and other systems through threat modeling, code reviews (Java, TypeScript/JavaScript, Python), and dynamic application testing. As the Senior Penetration Testing Engineer, you will also be responsible for performing red and purple team assessments for Capital Group’s detective security controls. The team members are geographically dispersed with varying experience levels. As the senior member on the team, you will be creating proof-of-concept exploits for the security issues discovered. You will be responsible for coordinating and communicating with the key technology stakeholders for delivery of security assessments and explaining technology risks and mitigations. This role is hybrid (in-office 3 days/week) and can be in Irvine CA, San Antonio TX, or New York NY depending on candidate current location and/or preference.

In addition, you will be responsible for:

  • Conducting Comprehensive Security Assessments: Perform in-depth penetration tests, infrastructure vulnerability assessments, and application security assessments to identify weaknesses and potential attack vectors.

  • Executing Tests/Assessments: Plan and execute penetration testing activities using a variety of tools (SAST, DAST, SCA tools) and techniques, including network scanning and web application testing.

  • Analyzing and Reporting Findings: Analyze test results and prepare detailed reports documenting identified vulnerabilities, their potential impact, and recommended remediation actions.

  • Collaborating with Stakeholders: Work closely with cross-functional teams across technology, infrastructure, business including developers, system administrators, and business stakeholders, to prioritize and address security findings. You will be expected to communicate effectively and have an empathetic outlook towards development teams by authoring clear, actionable guidance on writing secure code.

  • Staying Abreast of Emerging Threats: Keep up to date with the latest security trends, vulnerabilities, and attack techniques to continuously improve testing methodologies and stay ahead of potential threats. Be an active advocate to software development teams in educating them on secure software development methodologies.

  • Develop automated proof-of-concepts, and automated security tests by authoring security testing tools.

  • Execute red and purple team tests of detective tooling including EDR tools, security telemetry tools, anti-virus software, having knowledge of MITRE ATT&CK Framework (Cloud, macOS, Windows, Linux), AI-based software systems.

  • Develop, organize and lead the Capture-the-Flag (CTF) competitions and be an active participant in such competitions.

 “I am the person Capital Group is looking for.”

  • You have a bachelor's degree in computer science, a related field, or equivalent experience.

  • You have a minimum of 5 years of experience in Penetration Testing, Red Team or Application Security

  • You have a strong understanding of network security, TCP/IP, DNS, TLS, HTTP, IPSec, 802.11, etc.

  • You have experience with security protocols and/or technologies such as REST APIs, Burp Suite, ZAP, Kali Linux, Windows, macOS, Nmap, Metasploit, Powersploit, Lolbins, etc.

  • You can automate tasks in Python, bash, Java, C/C#/C++, Rust, etc.

  • You have a strong understanding of attacks in AWS, Azure, GCP, OAuth, websockets, etc.

  • You have professional certifications such as Offensive Security Certified Professional (OSCP), OffSec Certified Expert (OSCE) or GIAC Penetration Tester (GPEN) preferred.

  • Strong knowledge of common security vulnerabilities, attack vectors, and exploitation techniques.

  • You have excellent communication skills (written, oral), with the ability to simplify and document complex technical details to both technical and non-technical audiences.

  • You can learn quickly and have a track record of developing a deep understanding of systems and risks to the business.

  • You have experience coaching and working with engineers to build security and privacy by design.

  • You have experience performing application design, threat detection, incident response, patching, vulnerability remediation, secure development training, and user training.

  • You have experience using secure development frameworks (i.e.. OWASP Top 10, SANS Top 25 and Microsoft SDL).

  • You are proficient in bypassing and tuning security technologies (i.e.. Anti-Malware, IDS, DLP, FIM, Firewalls, SIEM, MFA, Web Proxies and WAF).

  • You have familiarity with AWS security best practices and Infrastructure-as-Code.

  • You can work independently, collaboratively and take the initiative to drive security initiatives forward.

  • You can manage multiple tasks and coordinate/delegate to achieve speedy resolutions to application security-related security incidents working with stakeholders globally.

  • You have strong analytical and problem-solving abilities, with a keen attention to detail.

‎ 

Southern California Base Salary Range: $148,045-$236,872

‎ 

San Antonio Base Salary Range: $121,706-$194,730

‎ 

‎ 

New York Base Salary Range: $156,935-$251,096

‎ 

‎ 

‎ 

‎ 

‎ 

‎ 

‎ 

‎ 

 ‎ 

 ‎

 ‎

In addition to a highly competitive base salary, per plan guidelines, restrictions and vesting requirements, you also will be eligible for an individual annual performance bonus, plus Capital’s annual profitability bonus plus a retirement plan where Capital contributes 15% of your eligible earnings.

You can learn more about our compensation and benefits here.

* Temporary positions in Canada and the United States are excluded from the above mentioned compensation and benefit plans.


We are an equal opportunity employer, which means we comply with all federal, state and local laws that prohibit discrimination when making all decisions about employment. As equal opportunity employers, our policies prohibit unlawful discrimination on the basis of race, religion, color, national origin, ancestry, sex (including gender and gender identity), pregnancy, childbirth and related medical conditions, age, physical or mental disability, medical condition, genetic information, marital status, sexual orientation, citizenship status, AIDS/HIV status, political activities or affiliations, military or veteran status, status as a victim of domestic violence, assault or stalking or any other characteristic protected by federal, state or local law.

Top Skills

Java
JavaScript
Python
Typescript
The Company
HQ: Los Angeles,, CA
8,820 Employees
On-site Workplace
Year Founded: 1931

What We Do

Since 1931, Capital Group, home of American Funds®, has been singularly focused on delivering superior results for long-term investors using high-conviction portfolios, rigorous research and individual accountability. As of December 31, 2021, Capital Group manages more than $2 trillion in equity and fixed income assets for millions of individual and institutional investors.

Capital Group is a private firm that employs more than 8,000 associates and has offices in Europe, Asia, Australia and the Americas. For more than 90 years, our goal has remained the same: to improve people’s lives through successful investing.

*** We’ve been made aware of an employment scam fraudulently using Capital Group’s name. Please note: Capital Group currently does not offer 100% remote work positions. On average, the interview process can take one to three months to go from resume submission to offer. Financial transactions are never part of the job onboarding process. For your own cyber safety and security, if you suspect fraud, please do not respond to or interact with messages claiming to be from Capital Group. You can also contact [email protected] to verify a job opportunity. ***

For important legal information please click the company details website link: https://www.capitalgroup.com/us/landing-pages/linkedin-terms-of-use.html

Similar Jobs

NBCUniversal Logo NBCUniversal

ServiceNow Staff Software Engineer

AdTech • Cloud • Digital Media • Information Technology • News + Entertainment • App development
Remote
Hybrid
New York, NY, USA
68000 Employees
130K-190K Annually

NBCUniversal Logo NBCUniversal

Sr Staff Software Engineer, Cloud Control Plane

AdTech • Cloud • Digital Media • Information Technology • News + Entertainment • App development
Remote
Hybrid
New York, NY, USA
68000 Employees
145K-210K Annually

NBCUniversal Logo NBCUniversal

Data Engineer

AdTech • Cloud • Digital Media • Information Technology • News + Entertainment • App development
Remote
Hybrid
New York, NY, USA
68000 Employees
100K-135K Annually

NBCUniversal Logo NBCUniversal

AI Cyber Defense Engineer

AdTech • Cloud • Digital Media • Information Technology • News + Entertainment • App development
Remote
Hybrid
New York, NY, USA
68000 Employees
125K-155K Annually

Similar Companies Hiring

MyBambu Thumbnail
Social Impact • Payments • Other • Mobile • Fintech • Financial Services • App development
West Palm Beach, Florida
120 Employees
Energy CX Thumbnail
Utilities • Professional Services • Greentech • Financial Services • Energy • Consulting • Business Intelligence
Chicago, IL
55 Employees
MassMutual India Thumbnail
Insurance • Information Technology • Fintech • Financial Services • Big Data
Hyderabad, Telangana

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account