Staff Penetration Testing Engineer

What you'll do...

Position: Staff Penetration Testing Engineer

Job Location: 811 Excellence Dr, Bentonville, AR 72716

Duties: Troubleshoots and leads the development and implementation of security risk management solutions by analyzing system information; reviewing and editing solution code; developing action plans for complex issues; developing risk mitigation plans and coding enhancements; mentoring and training team members on risk management topics and processes; collaborating with senior leadership on technical and architectural strategy and goals; ensuring the security technical delivery and architecture align with set technical and architectural strategies; developing solutions for complex technical issues and overseeing their implementation; and determining risk trends across multiple projects and systems and providing input to address risks in code and application development. Leads risk management and application penetration testing for large, complex projects by consulting with software development teams in the application of security methodologies and techniques; reviewing project requirements; writing and developing code to drive security testing systems; communicating project status and issues to appropriate team members and stakeholders; evaluating results against expected results; troubleshooting open issues and security vulnerability fixes; ensuring on-time delivery and hand-offs of project action items; and updating project teams regarding results and needed fixes. Leads application penetration testing and secure code review strategies for complex, critical impact projects by driving the development of test plans; determining testing scope for assigned projects; establishing and evaluating security metrics; reviewing and approving security requirements; identifying dependencies and risks; determining prioritization for risk remediation efforts based on criticality; evaluating application and system deployments for security vulnerabilities and developing code in order to secure gaps; and outlining risk mitigation deliverables and deadlines. Collaborates with partners in the value chain to achieve desired outcomes across international markets; leads cross-functional strategic technology focused initiatives and encourages team to cultivate relationships across the businesses and markets; establishes best practices in the relevant functional area for team members to collaborate with people having different perspectives; resolves technical and business issues related to collaborative efforts in varying business conditions. Completes security testing engagements utilizing advanced manual techniques; assesses the technical security risks of confirmed security vulnerabilities; determines remediation prioritization based on risks; reviews security testing engagements completed by other team members; mentors and train team members on testing techniques, risk assessment, mitigation, and remediation; identifies systemic issues with security controls and vulnerability trends. Analyzes system performance impacting the complete product for non-functional requirements like reliability, operability, performance efficiency and security; develops detailed design for an entire system within a domain; conducts review of platform/system design to ensure adherence to security and compliance norms. Monitors network performance and suggest metrics to monitor network performance effectively. Explores relevant products/solutions from an existing repertoire, that can address business/technical needs; assesses gaps/updates/modifications between the customer/business expectations and the existing product/solutions. Translates a broader infrastructure design or blueprint into technical specifications and details to develop advanced addressing and routing, security, data center, and IP multicast complex architectures with VPN and wireless domains. Contributes to the development of cyber risk assessment and/or management techniques to identify security gaps and weaknesses in the business.

Minimum education and experience required: Master's degree or the equivalent in Computer Science, Information Technology, Engineering, Information Systems, Cybersecurity, or related field plus 2 years of experience in penetration testing or related experience at a technology, retail, or data-driven company; OR Bachelor's degree or the equivalent in Computer Science, Information Technology, Engineering, Information Systems, Cybersecurity, or related field plus 4 years of experience in penetration testing or related experience at a technology, retail, or data-driven company.

Skills required: Must have experience with: Applying security principles, frameworks, methodologies, and controls to identify security gaps and recommend mitigations during penetration tests; Security testing techniques, including web application testing using tools like Burp Suite; Using secure coding standards and frameworks to identify and mitigate code-level vulnerabilities; Scripting across multiple languages, including Python and PowerShell, for automation and security tasks; Assessing technical security risks and prioritizing remediation based on risk impact; Utilizing architectural blueprint design to identify gaps between architecture and business requirements; Designing and conducting cyber risk assessments by integrating input from cross-functional teams; Proposing and implementing mitigation measures to address identified security gaps; Threat modeling and reviewing platform/system designs for security weaknesses; Cloud platform configurations with multiple operating systems, including Linux, macOS, and Windows. Employer will accept any amount of experience with the required skills.

Rate of pay: $110,000.00 - 220,000.00/year

Wal-Mart is an Equal Opportunity Employer.

Walmart and its subsidiaries are committed to maintaining a drug-free workplace and has a no tolerance policy regarding the use of illegal drugs and alcohol on the job. This policy applies to all employees and aims to create a safe and productive work environment.