×
Register Here to Apply for Jobs or Post Jobs. X

Security Assurance Penetration Tester

Job in Farmington, Ontario County, New York, 14425, USA
Listing for: Elsevier
Full Time position
Listed on 2026-07-12
Job specializations:
  • IT/Tech
    Cybersecurity, Data Security
Salary/Wage Range or Industry Benchmark: 71600 - 119400 USD Yearly USD 71600.00 119400.00 YEAR
Job Description & How to Apply Below

Collaborative Penetration Tester

Are you a collaborative penetration tester looking to work for a mission driven global organization?

About the Role

This role supports the offensive security function within Elsevier's Security Engineering team. You will perform hands-on security testing and peer review activities, validate vulnerabilities and security controls, and support the automation of security assurance processes. This is a hands-on role for a motivated security professional eager to grow in a collaborative, fast-paced environment.

About the Team

The Security Assurance team supports the third-party penetration testing program, security control validation, and ongoing offensive security testing activities.

Responsibilities

Tracking and triaging findings from third-party assessments, ensuring timely follow-up and remediation tracking.

Collaborating with development, platform, and product teams to communicate findings, track remediation efforts, and improve overall security posture.

Facilitating post-assessment reviews and lessons learned sessions with development teams to identify recurring security issues and promote secure development practices.

Maintaining program documentation, test records, and reporting artifacts.

Conducting penetration testing of web applications, APIs, cloud environments, and internal systems, escalating complex testing scenarios as needed.

Performing peer review of penetration testing deliverables, including test plans, findings, and final reports.

Participating in scoping exercises and contributing to the selection of appropriate testing methodologies.

Supporting security assessments of GenAI-powered applications and features, including LLM integrations, RAG pipelines, and AI agents.

Assisting in testing for AI-specific vulnerabilities such as prompt injection, jail breaking, insecure output handling, model data leakage, and training data poisoning.

Contributing to the development of internal GenAI security testing checklists and methodologies, aligned with frameworks such as OWASP Top 10 for LLMs.

Requirements

Experience in information security, penetration testing, or a related field. Experience or coursework in software development, Dev Ops, or scripting is highly desirable.

At least one relevant security certification (e.g., Security+, eJPT, PNPT, CEH, or equivalent) preferred; advanced offensive security certifications such as OSCP are a plus.

Foundational understanding of web application architecture, networking, and operating system security.

Familiarity with common penetration testing tools (e.g., Burp Suite, Nmap, Metasploit, Nuclei, or equivalent).

Working knowledge of OWASP Top 10, common CVEs, and vulnerability scoring frameworks (CVSS).

Scripting ability in at least one language (Python, Bash, Power Shell, or similar); development experience is a strong plus.

Basic understanding of cloud environments (AWS, Azure, or GCP) and associated security considerations.

Exposure to SAST/DAST tools and secure code review practices is desirable.

Awareness of GenAI security risks (prompt injection, LLM abuse, insecure AI integrations)

Elsevier is a renowned global information analytics company that primarily focuses on providing scientific, technical, and medical (STM) research content, tools, and services. It is one of the largest publishers of academic journals and scholarly literature in the world.

Elsevier operates in various domains, including science, technology, medicine, social sciences, and more. They publish a vast number of peer-reviewed journals covering a wide range of disciplines. These journals act as platforms for researchers and academics to share their findings and contribute to the advancement of knowledge in their respective fields.

In addition to publishing, Elsevier offers a suite of digital solutions and services to support researchers, scientists, and professionals in their work. They provide online platforms like Science Direct, Scopus, and Mendeley, which offer access to a vast repository of scholarly articles, research papers, and other scientific content. These platforms often serve as essential resources for software developers seeking to stay updated with the latest scientific advancements.

U.S. National Base Pay Range: $71,600 - $119,400. Geographic differentials may apply in some locations to better reflect local market rates.

Final date to receive applications is 09/10/2026.

We know your well-being and happiness are key to a long and successful career. We are delighted to offer country specific benefits.  to access benefits specific to your location.

We are committed to providing a fair and accessible hiring process. If you have a disability or other need that requires accommodation or adjustment, please let us know by completing our Applicant Request Support Form or please contact

Criminals may pose as recruiters asking for money or personal information. We never request money or banking details from job applicants. Learn more about spotting and avoiding scams here.

Please…

To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary