THE POSITION IS DESCRIBED BELOW. IF YOU WANT TO APPLY, CLICK THE APPLY NOW BUTTON AT THE TOP OR BOTTOM OF THIS PAGE. AFTER YOU CLICK APPLY NOW AND COMPLETE YOUR APPLICATION, YOU’LL BE INVITED TO CREATE A PROFILE, WHICH WILL LET YOU SEE YOUR APPLICATION STATUS AND ANY COMMUNICATIONS. IF YOU ALREADY HAVE A PROFILE WITH US, YOU CAN LOG IN TO CHECK STATUS.

Need Help?
If you have a disability and need assistance with the application, you can request a reasonable accommodation. Send an email to Accessibility (accommodation requests only; other inquiries won’t receive a response).

PLEASE REVIEW THE FOLLOWING JOB DESCRIPTION:

Are you a skilled and motivated Intermediate/Senior penetration tester and want to join our team? The ideal candidate will be responsible for conducting thorough security assessments of company applications, identifying vulnerabilities, and working closely with various teams to enhance our overall security posture. This role will also consist of additional responsibilities such as coordinating operations with blue/purple/red teams or leading an initiative to achieve new goals.
Office Centric role (required 4 days a week in office) Atlanta or Raleigh only
*Please note that Truist will not sponsor an applicant for employment authorization, nor will we offer any immigration-related support for this position (including H-1B, F-1 OPT, F-1 STEM OPT, F-1 CPT, J-1, TN-1 or TN-2, E-3, or sponsorship for U.S. permanent residence.) *

REQUIRED REQUIREMENTS:

• 5+ years of experience in web application penetration testing or equivalent experience with platforms such as HackTheBox, TryHackMe, Proving Grounds, VulnHub or GitHub.
• Proven ability to discover and exploit advanced vulnerabilities
• Experienced in using penetration testing tools such as Burp Suite, Metaspoit, and Nessus.
• Experience assessing and/or exploiting various cloud environments.
• Strong understanding of web technologies, protocols, and common security vulnerabilities.
• Excellent written and verbal communication skills.
• Knowledge of key technology aspects such as networking protocols and data routing.
• Knowledgeable of the concept of the Software Development Life Cycle (SDLC) and how security practices are integrated within software development
• Understanding of industry-standard security frameworks such as MITRE ATT&CK.
• Knowledge of the key security frameworks, such as OWASP.

PREFERRED QUALIFICATIONS:

• Certifications such as OSWP, CREST, OSCP, or other relevant offensive security certifications
• Experience with scripting languages such as python and bash
• Knowledge of regulatory compliance standards (NYDFS, NIST CSF, PCI-DSS, SOX, SOC1, UCF)
• Published CVE/CWE contributions, hackathon participation, CTF events, and independent security projects
  Apply today if you are passionate about penetration testing, have a knack for finding vulnerabilities, and enjoy the challenge of continuously learning about emerging threats. Join our team and help safeguard our digital assets.

• Mentor Junior Pentesters and those with a passion to learn Pentesting
• Advise on security policies, procedures, and long-term strategies for organizational cybersecurity improvement.
• Schedule and conduct demo sessions with application teams to understand the functionality and architecture of target applications.
• Perform advanced comprehensive penetration tests on a set list of company applications, adhering to industry-standard best practices for each test.
• Utilize a variety of tools including Burp Suite, Metasploit, Kali Linux, Nessus, and other relevant hacking tools.
• Conduct testing across diverse environments, including mobile applications, web applications, on-premise targets, APIs, AWS, Azure and mainframe infrastructures.
• Document and report vulnerabilities, including detailed explanations, reproduction steps, and potential impacts.
• Provide clear and actionable recommendations for various stakeholders such as remediation or development teams.
• Conduct retests to verify the successful resolution of identified vulnerabilities.
• Stay updated with the latest security threats and testing methodologies.