Senior Penetration Testing Engineer
The world isnt standing still, and neither is Allstate. Were moving quickly, looking across our businesses and brands and taking bold steps to better serve customers evolving needs. Thats why now is an exciting time to join our team. As a leader in a corporation with 83,000 employees and agency force members, youll have a hand in transforming not only Allstate but a dynamic industry. Youll have opportunities to take risks, challenge the status quo and shape the future for the greater good.
Youll do all this in an environment of excellence and the highest ethical standards a place where values such as integrity, inclusive diversity and accountability are paramount. We empower every employee to lead, drive change and give back where they work and live. Our people are our greatest strength, and we work as one team in service of our customers and communities.
Everything we do at Allstate is driven by a shared purpose: to protect people from lifes uncertainties so they can realize their hopes and dreams. For 89 years weve thrived by staying a step ahead of whatevers coming next to give customers peace of mind no matter what changes they face. We acted with conviction to advocate for seat belts, air bags and graduated driving laws. We help give survivors of domestic violence a voice through financial empowerment. Weve been an industry leader in pricing sophistication, telematics, digital photo claims and, more recently, device and identity protection. We are the Good Hands. We dont follow the trends. We set them.
**We are open to applicants to work from our local strategic Allstate offices in the following cities: Charlotte, NC; Tempe, AZ. Strong, qualified individuals will also be given consideration as remote / home-based professionals.**
Allstate Information Security is looking to hire a Senior Penetration Testing Engineer to join an exciting team and fulfill a high-demand service. This individual will perform penetration testing for Allstate infrastructure and in-house developed applications to discover security vulnerabilities and weaknesses and provide remediation recommendations. The team is looking for an experienced tester with a willingness to share knowledge and work with the team to enhance the security posture of Allstates applications and systems.
- Perform white and black box testing of in-house applications and systems with a variety of commercial and opensource tools
- Devise creative and custom exploits, solutions, and techniques to discover vulnerabilities and exploitability of the targets
- Knowledge-share with team on techniques and results to continuously improve the service offering
- Create detailed report of findings and recommendations after testing is complete and present to stakeholders
- Stay up-to-date in current tools, techniques, and vulnerabilities to incorporate into testing practices
- Mentor junior members of the team in techniques and best practices in ethical hacking and vulnerability analysis
- 5+ years experience with penetration testing
Demonstrable knowledge and experience of:
- Cmmon attack techniques for web, mobile and services.
- Cmmon application testing tools including, but not limited to Burp, SQL Map etc
- OWASP Tp 10 iPhone and Android application pen testing specifically relating to reverse engineering and instrumentation toolsets
- Pen testing in Agile and/r Extreme development environments
- Ability to write scripts/tools to assist in testing
- Experience testing/analyzing applications and networks
- Understanding of encryption technologies
- Understanding of common network protocols
- Working knowledge with various operating systems
- Ability to relay detailed technical concepts to a broad range of audiences, via written reports and presentations
- Passion for continuous learning, growth, and tinkering
- CISSP, GPEN, GWAPT, OSCP, and/or other industry certification is desired but not required
The candidate(s) offered this position will be required to submit to a background investigation, which includes a drug screen.
Good Work. Good Life. Good Hands.
As a Fortune 100 company and industry leader, we provide a competitive salary but thats just the beginning. Our Total Rewards package also offers benefits like tuition assistance, medical and dental insurance, as well as a robust pension and 401(k). Plus, youll have access to a wide variety of programs to help you balance your work and personal life -- including a generous paid time off policy.
Allstate generally does not sponsor individuals for employment-based visas for this position.
Effective July 1, 2014, under Indiana House Enrolled Act (HEA) 1242, it is against public policy of the State of Indiana and a discriminatory practice for an employer to discriminate against a prospective employee on the basis of status as a veteran by refusing to employ an applicant on the basis that they are a veteran of the armed forces of the United States, a member of the Indiana National Guard or a member of a reserve component.
For jobs in San Francisco, please click"here"for information regarding the San Francisco Fair Chance Ordinance.
For jobs in Los Angeles, please click"here"for information regarding the Los Angeles Fair Chance Initiative for Hiring Ordinance.
It is the policy of Allstate to employ the best qualified individuals available for all jobs without regard to race, color, religion, sex, age, national origin, sexual orientation, gender identity/gender expression, disability, and citizenship status as a veteran with a disability or veteran of the Vietnam Era.