Pathward is hiring a
IT Security Engineer III

Summary

The job description is for an Offensive Focused Security Engineer role at Pathward, a financial empowerment company that works to increase financial availability and opportunity. The role involves penetration testing, red team operations, vulnerability assessment, reporting, tool development, collaboration, research, security advisory, and audit support.

Requirements

• Bachelor's degree or equivalent education and work experience
• Relevant certifications such as OSCP, OSCE, CEH, or similar
• 5+ years of experience in penetration testing, red teaming, or a similar offensive security role
• Experience with various penetration testing tools (e.g., Metasploit, Burp Suite, Nmap, Nessus)
• Proven ability to conduct advanced red team exercises in cloud infrastructures, simulating real-world attack scenarios
• Familiarity with scripting languages (e.g., Python, Bash, PowerShell)
• OSCP (Offensive Security Certified Professional)
• Extensive experience with AWS, Azure, or GCP, including security assessments and penetration testing of cloud environments
• Knowledge of advanced attack techniques (e.g., buffer overflows, privilege escalation, lateral movement)

Responsibilities

• Penetration Testing: Perform in-depth penetration testing of networks, web applications, APIs, mobile applications, and other systems to identify security vulnerabilities
• Red Team Operations: Participate in or lead red team exercises to simulate advanced persistent threats (APTs) and real-world attack scenarios
• Vulnerability Assessment: Conduct security assessments, vulnerability scanning, and analysis of systems and applications
• Reporting: Document and report findings in a clear, concise manner, providing actionable recommendations to stakeholders for remediation
• Tool Development: Develop, customize, and utilize tools, scripts, and exploits to assist in penetration testing activities
• Collaboration: Work closely with the defensive security team to ensure vulnerabilities are properly mitigated and to improve overall security defenses
• Research: Stay up-to-date with the latest cybersecurity threats, attack vectors, and vulnerabilities, and contribute to research initiatives
• Security Advisory: Provide expert guidance and support to clients or internal teams on security best practices and risk management strategies
• Audit Support: Assist with external information security audits for regulatory compliance with government entities such as the Office of the Comptroller of the Currency (OCC), Payment Card Industry (PCI) audits, and penetration testing

Benefits

• Health insurance
• Retirement benefits
• Life and disability insurance
• Paid time off
• Bonuses and incentives
• Professional development opportunities
• Wellness programs
• Family and parental leave