JobRushJobRush
Sign inCreate account
All jobs

Penetration Testing Engineer- VP

Statestreet18h ago
United StatesHybrid$120K–$202.5KFull-timeSenior Level5+ yrs exp
Apply now

Top focus

Penetration Tester
  • Who We Are Looking For We are seeking a Senior Penetration Testing Engineer to join State Street’s Penetration Testing Team, reporting to the Penetration Testing Team Manager. This role sits within the Threat Intelligence and Assurance organization and is a deeply technical engineering position with strong hands-on expectations. You will serve as a subject matter expert in application penetration testing, executing detailed assessments and contributing to the design and oversight of network penetration testing performed in partnership with third-party providers. The focus of this role is on building and applying rigorous, repeatable testing approaches that evaluate security control effectiveness and real-world exploitability across complex systems. Operating in a highly regulated banking environment, you will ensure testing outputs are technically sound, evidence-based
  • aligned to risk and audit expectations. You will work closely with engineering and infrastructure teams to analyze root causes, validate fixes
  • drive improvements in secure system design and implementation. What you will be responsible for As a Senior Penetration Testing Engineer, you will:
  • Design and manage third-party network penetration tests, including scoping, vendor selection, rules of engagement, quality assurance, and validation of results.
  • Lead end-to-end application penetration testing across internal and third-party providers (web, API), including scoping, execution, exploitation, and retesting.
  • Perform advanced testing across authn/authz, business logic, injection, API abuse, crypto misuse, and access control weaknesses.
  • Establish and enforce testing standards for both internal teams and external vendors to ensure consistency, depth, and regulatory defensibility.
  • Deliver high-quality, regulator-ready reporting with clear exploitability, risk context, and actionable remediation guidance.
  • Lead the use of AI/LLM-enabled testing techniques and conduct assurance testing of enterprise AI/LLM deployments (e.g., prompt injection, model abuse, data exposure risks).
  • Partner with engineering and infrastructure teams to validate remediation, reduce recurrence, and strengthen secure development and deployment practices. What we value These skills will help you succeed in this role
  • Technical depth with ownership, balancing hands-on expertise with accountability for end-to-end outcomes across internal and external testing.
  • Strong judgment and vendor oversight, ensuring third-party testing meets enterprise standards and delivers meaningful assurance.
  • Practical, risk-focused mindset, prioritizing real-world exploitability and business impact.
  • Clear, concise communication, producing executive-ready outputs and actionable technical guidance.
  • Collaboration and partnership, working closely with engineering, infrastructure, and risk stakeholders.
  • Innovation and adaptability, particularly in applying AI/LLM techniques to offensive security challenges.
  • Continuous improvement, enhancing methodologies, playbooks, and testing consistency across internal and third-party efforts Education & Preferred Qualifications
  • 5+ years in penetration testing with strong experience across both application and network testing in high-security/highly regulated environments.
  • Experience managing third-party penetration testing vendors, including quality validation and outcome assurance.
  • Deep expertise in application penetration testing (web, APIs, mobile) and solid understanding of enterprise network attack paths.
  • Strong knowledge of modern architectures (cloud-native, microservices, identity platforms, CI/CD pipelines).
  • Ability to translate technical findings into actionable, risk-based remediation guidance and influence stakeholders.
  • Nice to have: experience using AI/LLM tools to perform network and application penetration testing and configuration/security reviews.
  • Education/Certifications (desired, not mandatory): BS/MS in relevant field
  • OSCP/OSEP/OSWE, GPEN/GXPN, GWAPT, PNPT, GCPN, or similar. Additional requirements Hybrid Schedule based on location Salary Range: $120,000 - $202,500 Annual The range quoted above applies to the role in the primary location specified. If the candidate would ultimately work outside of the primary location above, the applicable range could differ. Employees are eligible to participate in State Street’s comprehensive benefits program, which includes: our retirement savings plan (401K) with company match
  • insurance coverage including basic life, medical, dental, vision, long-term disability, and other optional additional coverages
  • paid-time off including vacation, sick leave, short term disability, and family care responsibilities
  • access to our Employee Assistance Program
  • incentive compensation including eligibility for annual performance-based awards (excluding certain sales roles subject to sales incentive plans)
  • and, eligibility for certain tax advantaged savings plans. For a full overview, visit https://hrportal.ehr.com/statestreet/Home . About State Street Across the globe, institutional investors rely on us to help them manage risk, respond to challenges, and drive performance and profitability. We keep our clients at the heart of everything we do, and smart, engaged employees are essential to our continued success. We are committed to fostering an environment where every employee feels valued and empowered to reach their full potential. As an essential partner in our shared success, you’ll benefit from inclusive development opportunities, flexible work-life support, paid volunteer days, and vibrant employee networks that keep you connected to what matters most. Join us in shaping the future. As an Equal Opportunity Employer, we consider all qualified applicants for all positions without regard to race, creed, color, religion, national origin, ancestry, ethnicity, age, disability, genetic information, sex, sexual orientation, gender identity or expression, citizenship, marital status, domestic partnership or civil union status, familial status, military and veteran status, and other characteristics protected by applicable law. Discover more information on jobs at StateStreet.com/careers Read our CEO Statement Job Application Disclosure: It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.

Required skills

Penetration TestingApplication SecurityNetwork SecurityAPI SecurityCloud SecurityRisk AssessmentVulnerability AssessmentAILLM
Posted on JobRush — the end-to-end AI job-search platform.