What are the responsibilities and job description for the Senior Cyber Penetration Tester & Engineer - Remote position at UNFI?
PURPOSE:
UNFI is looking for an experienced technical Cybersecurity Penetration Tester and Engineer Senior to help us create a resilient food supply chain. The Cyber Penetration Tester and Engineer Senior will focus on performing threat emulations and identifying cybersecurity issues within the UNFI environment against a wide range of technologies and systems, performing technical penetration testing of APIs, web applications, networks, cloud services, databases, directory services, and infrastructure. They will be part of the cybersecurity threat and emulation team and will collaborate with staff from other teams across UNFI. While management responsibilities are not part of the role, the expectation is that they can lead engagements, communicate technical details to senior leadership, mentor junior staff, provide technical direction to the program. Coding skills and a passion for cybersecurity is a must, with a preference for testers who view cybersecurity and penetration testing as more than just a job but also a hobby.
ESSENTIAL FUNCTIONS:
Job Responsibilities | Percentage
Education/Certifications/or Equivalent combination of education training and experience:
UNFI is an Equal Opportunity employer committed to creating an inclusive and respectful environment for all. All qualified applicants will receive equal consideration for employment without regard to race, color, age, religion, sex, sexual orientation, gender identity or expression, national origin, disability, protected veteran status, or other protected ground. Accommodation is available upon request for candidates taking part in all aspects of the job selection process. - M/F/Veteran/Disability. VEVRAA Federal Contractor.
Compensation:
UNFI anticipates paying the above-referenced pay rate (or within the above-referenced pay range) for this position. Actual Pay, where applicable, will depend on a number of factors, including, but not limited to, education, experience, training, and any requirements under applicable collective bargaining agreements. UNFI is committed to transparency in pay in compliance with applicable state and local laws.
Benefits:
For Washington positions (or positions that may be performed remotely from Washington), https://www.unfi.com/jobs-more-info-wa.html for Washington-specific paid time off details.
Candidates hired into this position will also be eligible to participate in the following benefits programs: Paid Time Off; Sick Time; paid holidays and parental leave; 401K Program; medical, dental, vision, life, and accidental death/dismemberment insurance; short-term and long-term disability insurance program, Flexible Spending Account and/or Health Savings Account, subject to meeting the eligibility requirements and the terms and conditions of these programs, and subject to any requirements under applicable collective bargaining agreements.
UNFI’s compensation, benefits, and paid time off policies are subject to change in the Company’s sole discretion, consistent with applicable law. This job posting should not be construed as an offer of employment with certain terms, nor should it be construed as a guaranteed minimum.
Qualified applications with arrest or conviction records will be considered for employment in accordance with the Los Angeles County Fair Chance Ordinance and the California Fair Chance Act.
UNFI is looking for an experienced technical Cybersecurity Penetration Tester and Engineer Senior to help us create a resilient food supply chain. The Cyber Penetration Tester and Engineer Senior will focus on performing threat emulations and identifying cybersecurity issues within the UNFI environment against a wide range of technologies and systems, performing technical penetration testing of APIs, web applications, networks, cloud services, databases, directory services, and infrastructure. They will be part of the cybersecurity threat and emulation team and will collaborate with staff from other teams across UNFI. While management responsibilities are not part of the role, the expectation is that they can lead engagements, communicate technical details to senior leadership, mentor junior staff, provide technical direction to the program. Coding skills and a passion for cybersecurity is a must, with a preference for testers who view cybersecurity and penetration testing as more than just a job but also a hobby.
ESSENTIAL FUNCTIONS:
Job Responsibilities | Percentage
- Perform technical penetration testing of APIs, web applications, networks, cloud services, databases, directory services, and infrastructure. – 75%
- Strategic attack simulation by analyzing UNFI’s internal and external attack surface and crafting bespoke penetration strategies. – 10%
- Writing comprehensive reports outlining identified vulnerabilities, potential exploitation paths. Provide remediation guidance and recommendations from the assessments and support any security questions from network, system, and/or application owners. – 10%
- Assess UNFI’s software development and cloud infrastructure from a security perspective and help drive internal security standards. – 5% Total – 100%
Education/Certifications/or Equivalent combination of education training and experience:
- At least 1 industry leading or senior level cybersecurity penetration certification, for example: Offensive Security Certified Professional (OSCP), GIAC Penetration Tester Certification (GPEN), GIAC Web Application Penetration Tester (GWATP), GIAC Cloud Penetration Tester (GCPN) or EC-Council Licensed Penetration Tester (LPT) Master.
- Active GitHub repository account with examples of security tools, scripts, exploits developed OR evidence of past and current artifacts.
- 8 years of hands-on cybersecurity experience within IT environments.
- 5 years of experience performing penetration testing and vulnerability assessments.
- Advanced penetration testing skills across both tools and scripting abilities. Expertise with the following tools: various C2s, Burp Suite, Nmap, Wireshark, Bloodhound. Expertise with cybersecurity scripting in Python, PowerShell, or Go to manipulate vulnerabilities and demonstrate potential exploits.
- Ability to employ OSINT techniques to maximize attack vectors, simulating real-world cyber threats.
- Skills in developing implants and evading common security tools.
- Ability to critically examine an organization and system using knowledge of tactics, techniques, and procedures associated with malicious insider activity, organized crime groups, and both state and non-state sponsored threat actors.
- Knowledge of web application and cloud infrastructure best practices and understanding of how to exploit misconfigurations and vulnerabilities.
- Knowledge of network access, identity and access management, including public key infrastructure and understanding of how to exploit misconfigurations and vulnerabilities.
- Experience creating rules of engagement, test plans, scripts to aid testing efforts, and technical assessment reports that detail findings and remediation efforts.
- Ability to translate technical findings into actionable insights.
- Ability to mentor junior staff and transfer technical knowledge as well as contribute to the team’s knowledge sharing.
- Some travel may be required.
- Most work is performed in a temperature-controlled office environment.
- Incumbent may sit for long periods of time at a desk or computer terminal.
- While performing the duties of this job, the employee is regularly required to sit; use hands to finger, handle, or feel; reach with hands and arms; and talk or hear.
- Incumbent may use calculators, keyboards, telephones, and other office equipment in the course of a normal workday.
- Stooping, bending, twisting, and reaching may be required in completion of job duties.
UNFI is an Equal Opportunity employer committed to creating an inclusive and respectful environment for all. All qualified applicants will receive equal consideration for employment without regard to race, color, age, religion, sex, sexual orientation, gender identity or expression, national origin, disability, protected veteran status, or other protected ground. Accommodation is available upon request for candidates taking part in all aspects of the job selection process. - M/F/Veteran/Disability. VEVRAA Federal Contractor.
Compensation:
UNFI anticipates paying the above-referenced pay rate (or within the above-referenced pay range) for this position. Actual Pay, where applicable, will depend on a number of factors, including, but not limited to, education, experience, training, and any requirements under applicable collective bargaining agreements. UNFI is committed to transparency in pay in compliance with applicable state and local laws.
Benefits:
For Washington positions (or positions that may be performed remotely from Washington), https://www.unfi.com/jobs-more-info-wa.html for Washington-specific paid time off details.
Candidates hired into this position will also be eligible to participate in the following benefits programs: Paid Time Off; Sick Time; paid holidays and parental leave; 401K Program; medical, dental, vision, life, and accidental death/dismemberment insurance; short-term and long-term disability insurance program, Flexible Spending Account and/or Health Savings Account, subject to meeting the eligibility requirements and the terms and conditions of these programs, and subject to any requirements under applicable collective bargaining agreements.
UNFI’s compensation, benefits, and paid time off policies are subject to change in the Company’s sole discretion, consistent with applicable law. This job posting should not be construed as an offer of employment with certain terms, nor should it be construed as a guaranteed minimum.
Qualified applications with arrest or conviction records will be considered for employment in accordance with the Los Angeles County Fair Chance Ordinance and the California Fair Chance Act.