Penetration Tester Team Lead-Remote - (Brentwood, Tennessee, United States)
Location: Brentwood, Tennessee
Internal Number: 42930970704
Healthcare Without Rival Premise Health is the world's leading direct healthcare provider and one of the largest digital providers in the country, serving over 11 million eligible lives across more than 2,500 of the largest commercial and municipal employers in the U.S. Premise partners with its clients to offer fully connected care – in-person and in the digital environment. It operates more than 800 onsite and nearsite wellness centers in 45 states and Guam, delivering care through the Digital Wellness Center and onsite, nearsite, mobile, and event solutions.
Premise delivers value by simplifying complexity and breaking down barriers to give diverse member populations access to convenient, integrated, high-quality care. We offer more than 30 products, delivering the breadth and depth of care required to serve organizations' total populations. The result is healthcare that meets the needs of members and their families, helping them live healthier while lowering costs for organizations.
Premise offers a wide range of dynamic, purpose-driven career opportunities. We are currently looking for a Senior Pentester, Team Lead to join our team remotely.
About the role: The Senior Pentester, Team Lead demonstrates an ability to coach and lead team members in pentest and security assurance activities gained from multiple years of experience within various areas of technology. The Team Lead will guide the team in all areas of Offensive Security including Red Team exercises, Purple Team engagements and Penetration Testing. This includes activities related to the execution and presentation of penetration tests and vulnerability assessments for internal and external systems, applications and devices. The Team Lead will interact with multiple departments and assist support personnel in understanding how to secure systems, remediation/mitigation of found vulnerabilities and understanding of vulnerabilities. The Team Lead may be asked to assist in threat modeling, “Purple Team” exercises, and provide recommendations based on current industry trends.
Assess web applications, medical devices, hardware devices, and third-party software for security vulnerabilities.
Provide initial research into applications and devices prior to security testing.
Maintain an understanding of new vulnerabilities and attack techniques.
Develop detailed testing plans and use-cases to ensure coverage of scope and reduction of attack surface
Provide Pentest Team Members with feedback and guidance on engagements and career development.
Responsible for compiling the findings of their testing into formal reports that will be provided to the system and application stakeholders.
Creates reusable security artifacts
Interact with the stakeholders during all assessment phases to coordinate access, resolve issues during testing, and help address security concerns, working with teams to provide possible remediation options.
Build relationships with other departments to better understand business needs.
Ability to meet established deadlines and communicate potential blockers.
Analyze attacker tactics, techniques, and procedures (TTPs) and how they apply to Premise Health for the purpose of testing existing security controls against real world attacks.
Assist in proof-of-concept initiatives for business applications.
Understand and critique project workflows to improve efficiencies.
Ability to analyze, recommend, and define requirements for automation
Design and execute adversary emulation and simulation operations
Provide support to the senior security engineers by assisting in the management of security technologies (e.g. web proxy, IDS, EDR, WAF).
Bachelor’s degree in a related field is desired, not required.
OCSP, GPEN, GWAPT or other security related certifications are desired, not required.
8+ years of experience in information technology, preference to those with development, network, or systems administration experience.
6+ years of Penetration Testing Experience.
2+ years coding experience.
Demonstrated leadership abilities
Experience with at least three automation and scripting languages (e.g. PowerShell, BASH, Python).
Experience and understanding of HIPAA, HITECH, and PCI preferred.
Capture the Flag experience a plus.
Bug bounty experience a plus.
Effective verbal and written communication skills. Should be able to adapt communication style to suit different audiences
Demonstrated experience in process optimization, business communications
Strong web application development, security flaw and remediation technical understanding
Demonstrated experience with a variety of open source and commercial testing tools in areas such as web interception proxies, packet capture, debugging and API interaction.
Interest in determining new, interesting, and sustainable tools to assist in testing exercises.
Proficient with testing tools such as Burp, ZAP, OpenVAS, Impactor, CME, Wireshark, or HackRF.
Ability to setup a virtual environment using VMware, Virtual Box, or similar technology.
Understanding of password cracking and encryption technology.
Familiarity with exploit development and tool development.
Work-life balance is at the foundation of how decisions are made and where Premise is headed. We can only help people get, stay, and be well if we do the same for ourselves. In addition to competitive pay, Premise offers benefits packages including medical, dental, vision, life insurance, 401(k), paid holidays and vacation time, a company-sponsored wellness program, and much more our talent acquisition team will be happy to share with you.
Premise Health is an equal opportunity employer; we value inclusion, and we do not discriminate based on race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status or disability status.
Compensation is between $110,000 to $130,000 annually. Premise offers a comprehensive benefits package to all full-time team members including Medical, Dental, Vision, 401K, Paid Time Off, Paid Holidays, annual CEU/CME allowance, and Tuition Reimbursement. Benefits offered to part-time team members include 401K, Paid Time Off, Paid Holidays and annual CEU/CME allowance. PRN team members may also enroll in 401K.
To support Premise Health’s commitment to the safety, health and wellbeing of our team members, clients and patients, Premise Health encourages all new team members to be fully vaccinated and up to date with a COVID-19 vaccine. Where applicable state or local laws or a client require, individuals who are offered and accept a position with Premise Health will be required to provide proof of vaccination in the form of a CDC vaccination card as part of the pre-employment onboarding process. *Except where a reasonable medical or religious accommodation can be granted.