Information Security Pen Tester / Security Engineer - Hybrid

Position Summary
The Information Security Pen Tester / Security Engineer will assist in managing network penetration testing efforts for the company. This individual will support, as needed, the internal investigations team in addressing data loss and other cybersecurity incidents. They will work closely with senior team members and other departments to develop and maintain a dedicated penetration testing strategy. The role involves a foundational understanding of offensive and defensive cyber operations, to support Caris business functions. The engineer will collaborate with various teams to develop security solutions while adhering to best practices. This position requires a mix of technical skills, strong organizational and analytical abilities, and an eagerness to learn about investigation and security processes.

Job Responsibilities

• Develop and maintain continuous attack surface penetration campaigns (CASPT) under supervision to validate network security and provide feedback.
• Provide written reports of findings (detailed reports and executive summaries) and present to various departments.
• Assist, when needed, in internal investigations in compliance with corporate policies and applicable local/federal laws.
• Assist in incident response efforts as directed by senior team members, following the corporate incident response plan.
• Collaborate with business units to ensure security controls are appropriate and effective.
• Interface with third-party penetration testing organizations to understand and implement technical remediations.
• Design, plan, and participate in security assessments and penetration testing.
• Gain experience in analyzing system requirements for audit and compliance purposes.
• Work with cross-functional teams to incorporate security best practices into the development lifecycle.
• Support periodic gap assessments to ensure compliance with relevant standards.
• Stay informed about developing cybersecurity trends and regulatory changes.
• Assist in monitoring and reporting on security and compliance metrics.
• Learn and develop skills in forensic evidence handling, investigations, and analysis.
• Participate in technical decision-making under guidance and training from senior engineers.

Required Qualifications

• High-school diploma
• 3 - 5 years of experience in information security and penetration testing, including Burp Suite, Nmap, Nessus, Metasploit, and Command and Control (C2) frameworks.
• Penetration Testing Certification such as OSCP, CRTO, GPEN, or equivalent.
• Experience with creating Rules of Engagement (RoE) regarding test plans.
• Knowledge of phishing, data theft, ransomware, and other cyber attack methodologies.
• Strong understanding of physical and network security principles.
• Strong problem-solving and analytical skills.
• Strong communication skills, both verbal and written.
• Ability to communicate technical concepts to both technical and non-technical stakeholders.
• Eagerness to learn new skills and adapt to a fast-paced environment.

Preferred Qualifications

• Bachelor's degree in Information Security, Cybersecurity, or a related educational experience.
• Significant experience in vulnerability assessments or penetration testing, including government sanctioned offensive operations.
• Legal experience or experience working with attorneys on cybersecurity investigations.
• Industry-standardized certification related to penetration testing such as GIAC GPEN, CompTIA PenTest+, or CCPT.
• ISC2 CISSP certification
• Knowledge of accepted cybersecurity compliance frameworks, including SOC 2, ISO, and NIST.
• Knowledge of the Health Insurance Portability and Accountability Act (HIPAA)
• Basic understanding of forensic analysis or evidence handling.

Training

• Training will be provided on job-specific, safety, and compliance topics relevant to the role.

Physical Demands

• Must possess ability to sit, stand, and/or work at a computer for long periods of time.
• Ability to work extended hours during implementations and on-call rotations.

Other

• The role may require occasional after-hours work for incident response.
• Some on-call responsibilities may be assigned in support of technical emergencies.
• Trainings and functions may require intermittent travel, paid by the company.
• Other duties as assigned by management.

Conditions of Employment: Individual must successfully complete pre-employment process, which includes criminal background check, drug screening, credit check ( applicable for certain positions) and reference verification.

This job description reflects management's assignment of essential functions. Nothing in this job description restricts management's right to assign or reassign duties and responsibilities to this job at any time.

Caris Life Sciences is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, gender, gender identity, sexual orientation, age, status as a protected veteran, among other things, or status as a qualified individual with disability.