Sr. Penetration Tester

Sr. Penetration TesterBroadmoor CampusThe University of Kansas Health System is seeking a seasoned Penetration Tester to join our Adversary Intelligence & Modeling (AIM) team. This group combines cyber threat intelligence capabilities with ethical hacking and red teaming.
As our Senior Penetration Tester, you will:
Develop, coordinate, and execute penetration tests of varying scales against network infrastructure, web applications, and medical devices in a safe manner, to both validate and improve security defenses against advanced hacking techniques
Partner with defensive teams to develop adversary campaigns that model real-world attacks to replicate emerging threat actor behaviors within the health system environment.
Develop custom payloads, implants, and attack infrastructure to challenge security controls in innovative ways that push the boundaries.
Provide extensive mentorship and knowledge sharing to develop junior team members’ talents.
Clearly communicate identified vulnerabilities and risk scenarios to both technical and executive stakeholders across the organization.
Stay on top of the latest offensive techniques, tools, and countermeasures to expand our adversarial simulation capabilities.
This position requires creativity, technical sophistication, communication skills, and passion for cyber defense.
Come join a highly driven team and put your talents to work strengthening healthcare security. You will stretch your abilities, tackle exciting challenges, and make an impact protecting patients.

• Recommend, scope, and procure a statement of work (SOW) for each penetration test.
• Coordinate timelines and potential impact with organizational leadership.
• Conduct full vulnerability scans and incorporate findings into penetration testing methodology.
• Validate security controls by testing exploits and bypass techniques.
• Post testing environment cleanup to leave no trace.
• Research all findings and develop recommendations for remediation.
• Compile final reports and deliverables.
• Review and discuss findings with organizational leadership
• Research past, current, and trending cybersecurity attacks, with an emphasis on healthcare technologies.
• Build out and stage simulated attack scenarios for weekly incident response drills – blue /red team exercises.

• Demonstrated ability to use innovative thinking to develop solutions to complex problems with impacts on the business
• Demonstrated interpersonal communication skills, must be able to effectively communicate technical and strategic information to a to peers, working groups, and junior level members of the Cybersecurity Organization
• Demonstrated experience with at least 1 scripting language
• Recognized organizational expert in a technical discipline
• In-depth understanding for the assigned portion of Cybersecurity organization, with at least 3 years-experience in a large enterprise environment
• Working-level knowledge in at least 4 of cybersecurity domains: Security & Risk Management, Asset Security, Security Engineering, Communications & Network Security, Identity & Access Management, Security Assessment & Testing, Security Operations, Software Development Security
• Understanding of MS Azure technical concepts
• Functional understanding of internal, regulatory, and industry standards as they apply to a business environment.
• Demonstrated experience working effectively in high-pressure situations
• Strong attention to detail with an analytical mind and outstanding problem-solving skills

Full timeR-29783