×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity

Penetration Testing Engineer- VP

Job in Quincy, Norfolk County, Massachusetts, 02170, USA
Listing for: State Street Corporation
Full Time position
Listed on 2026-06-25
Job specializations:
  • IT/Tech
    Cybersecurity
  • Engineering
    Cybersecurity
Salary/Wage Range or Industry Benchmark: 120000 - 202500 USD Yearly USD 120000.00 202500.00 YEAR
Job Description & How to Apply Below
Who We Are Looking For

We are seeking a Senior Penetration Testing Engineer to join State Street's Penetration Testing Team, reporting to the Penetration Testing Team Manager. This role sits within the Threat Intelligence and Assurance organization and is a deeply technical engineering position with strong hands-on expectations.

You will serve as a subject matter expert in application penetration testing, executing detailed assessments and contributing to the design and oversight of network penetration testing performed in partnership with third-party providers. The focus of this role is on building and applying rigorous, repeatable testing approaches that evaluate security control effectiveness and real-world exploitability across complex systems.

Operating in a highly regulated banking environment, you will ensure testing outputs are technically sound, evidence-based, and aligned to risk and audit expectations. You will work closely with engineering and infrastructure teams to analyze root causes, validate fixes, and drive improvements in secure system design and implementation.

What you will be responsible for

As a Senior Penetration Testing Engineer, you will:

* Design and manage third-party network penetration tests, including scoping, vendor selection, rules of engagement, quality assurance, and validation of results.

* Lead end-to-end application penetration testing across internal and third-party providers (web, API), including scoping, execution, exploitation, and retesting.

* Perform advanced testing across authn/authz, business logic, injection, API abuse, crypto misuse, and access control weaknesses.

* Establish and enforce testing standards for both internal teams and external vendors to ensure consistency, depth, and regulatory defensibility.

* Deliver high-quality, regulator-ready reporting with clear exploitability, risk context, and actionable remediation guidance.

* Lead the use of AI/LLM-enabled testing techniques and conduct assurance testing of enterprise AI/LLM deployments (e.g., prompt injection, model abuse, data exposure risks).

* Partner with engineering and infrastructure teams to validate remediation, reduce recurrence, and strengthen secure development and deployment practices.

What we value

These skills will help you succeed in this role

* Technical depth with ownership, balancing hands-on expertise with accountability for end-to-end outcomes across internal and external testing.

* Strong judgment and vendor oversight, ensuring third-party testing meets enterprise standards and delivers meaningful assurance.

* Practical, risk-focused mindset, prioritizing real-world exploitability and business impact.

* Clear, concise communication, producing executive-ready outputs and actionable technical guidance.

* Collaboration and partnership, working closely with engineering, infrastructure, and risk stakeholders.

* Innovation and adaptability, particularly in applying AI/LLM techniques to offensive security challenges.

* Continuous improvement, enhancing methodologies, playbooks, and testing consistency across internal and third-party efforts

Education &

Preferred Qualifications

* 5+ years in penetration testing with strong experience across both application and network testing in high-security/highly regulated environments.

* Experience managing third-party penetration testing vendors, including quality validation and outcome assurance.

* Deep expertise in application penetration testing (web, APIs, mobile) and solid understanding of enterprise network attack paths.

* Strong knowledge of modern architectures (cloud-native, microservices, identity platforms, CI/CD pipelines).

* Ability to translate technical findings into actionable, risk-based remediation guidance and influence stakeholders.

* Nice to have: experience using AI/LLM tools to perform network and application penetration testing and configuration/security reviews.

* Education/Certifications (desired, not mandatory): BS/MS in relevant field; OSCP/OSEP/OSWE, GPEN/GXPN, GWAPT, PNPT, GCPN, or similar.

Additional requirements

Hybrid Schedule based on location

Salary Range:

$120,000 - $202,500 Annual

The range quoted above applies to the role…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search