Analyst III - Penetration Tester

You want more out of a career. A place to share your ideas freely - even if they're daring or different. Where the true you can learn, grow, and thrive. At Verizon, we power and empower how people live, work and play by connecting them to what brings them joy. We do what we love - driving innovation, creativity, and impact in the world. Our V Team is a community of people who anticipate, lead, and believe that listening is where learning begins. In crisis and in celebration, we come together - lifting our communities and building trust in how we show up, everywhere & always. Want in? Join the #VTeamLife.

What you'll be doing...

The mission of Readiness and Proactive Security (RPS) is to ensure Verizon is resilient to attacks against our people, process, and technology. RPS focuses on testing, measuring, and improving Verizon's capabilities to prevent, detect, and respond to a cyber-attack. RPS proactively scans, identifies, validates, exploits, and ensures remediation of vulnerabilities in our technology products through Enterprise Vulnerability Management (EVM) and Enterprise Penetration Testing. Our Enterprise Red Team and dedicated Purple Team focus on ensuring Verizon is ready and resilient to attacks from threat actors by testing our detection and response.

The Penetration Tester & Quality Control analyst is responsible to ensure that all submitted Pentest reports meet the defined quality standards. The process is crucial for our Enterprise Penetration Testing program and supports in maintaining a high standard of results.

Responsibilities:

• Assisting with scheduling engagements of all types: Compliance Penetration Tests, PenTest as a Service, Responsible Vulnerability Disclosure and Red Team Campaigns, including coordinating with internal teams and external vendors.

• Participating in kick-off and coordination meetings to understand scope of engagements which in turn will help when performing QA checks.

• Supporting vulnerability findings tracking within internal systems and coordinating remediation validation tests.

• Contributing to detailed record-keeping of engagements, reports, communications, findings, and lessons learned in centralized systems.

• Supporting data input and validation to ensure accurate and valuable metrics reporting.

• Engineering new and maintaining existing tracking and metrics systems, including spreadsheets, dashboards, and automated workflows.

• Reviewing completed engagement reports to ensure they meet our documented QA standards.

• Checking for adherence to our reporting templates as well as performing Level 1-3 checks per our documented QA process.

• Validating that findings are clearly documented, categorized correctly, and free of inconsistencies.

• Identifying common QA issues and suggesting process improvements to enhance report quality and efficiency.

• Conducting retests of engagements to identify any additional findings or lateral movement opportunities.

• Communicating QA findings to report authors to improve future reporting quality.

• Maintaining detailed documentation of QA results and producing valuable metrics based on performance trends.

• Participating in scoping, documenting, and executing tests for technical vulnerabilities, model vulnerabilities, and systems abuse including but not limited to inaccuracy and other breaches of alignment.

• Communicating clearly with all stakeholders to ensure a successful penetration test.

• Driving positive change on the team through proactive work.

• Identifying areas where security can be improved at Verizon and support actions to achieve those goals.

You'll need to have:

• Bachelor's degree or four or more years of work experience.

• Four or more years of relevant work experience.

• Two or more years of work experience in offensive security (e.g., penetration testing).

• Knowledge of OWASP TOP 10.

• Knowledge of penetration testing cloud and network infrastructure, web apps, and/or bug bounty programs.

• Knowledge of Linux and Windows system administration.

• Fundamental knowledge of tools used for web application, and network security testing, such as Burp Suite, Kali Linux, Metasploit, Postmate, Garak, and/or PyRIT.

• Experience in one or more of the following: Python, JavaScript, Java, PowerShell, PHP, C, C#, Ruby, bash.

Even better if you have one or more of the following:

• Deep understanding of OWASP Top 10, OWASP API Top 10, MASVS.

• Knowledge in discerning the protection needs (i.e., security controls) of information systems and networks.

• Experience with application security risk procedures, security patterns, authentication technologies and security attack pathologies.

• Certifications such as: GXPN, GPEN, eWPT, GCIH, GWAPT, OSCP, OSWA, OSCE, OSWE.

• Service Delivery/Governance: ITILv2/3.

• Solid organizational skills that support efficient completion of complex projects with multiple stakeholders.

• Ability to communicate technical issues to a range of audiences.

• Solid understanding of common hosting environments such as containerization platforms (e.g., Docker and Kubernetes) and virtual machines running under hypervisors.

• Knowledge of machine learning including but not limited to Data Preparation, Model Engineering, Model Evaluation, Model Deployment, Monitoring and Maintenance, Transformers and multi-modal models.

• Familiarity on experience with model attack methodologies including jailbreak, model inversion, and research into evolving attacks against AI/ML systems.

• Ability to communicate technical issues to a range of audiences.

• Advanced certifications from Offensive Security (OSWE, OSCE, OSED, etc.) or similar industry recognized practical certifications.

• Experience developing, extending, or modifying exploits, shellcode or exploit tools.

• Website or application development experience along with experience in automation.

• Experience with source code review for control flow and security flaws.

• Is a continuous learner with a desire to stay current on security trends, tool, technologies and best practices.

If Verizon and this role sound like a fit for you, we encourage you to apply even if you don't meet every "even better" qualification listed above.

Verizon is an equal opportunity employer. We evaluate qualified applicants without regard to veteran status, disability or other legally protected characteristics.