< Back to search
Distinguished Engineer, Penetration Tester
Job Description
When you join Verizon
You want more out of a career. A place to share your ideas freely — even if they’re daring or different. Where the true you can learn, grow, and thrive. At Verizon, we power and empower how people live, work and play by connecting them to what brings them joy. We do what we love — driving innovation, creativity, and impact in the world. Our V Team is a community of people who anticipate, lead, and believe that listening is where learning begins. In crisis and in celebration, we come together — lifting our communities and building trust in how we show up, everywhere & always. Want in? Join the V Team Life.
What you’ll be doing...
The Verizon Cyber Security (VCS) organization enables the business by protecting assets and information across Verizon networks, infrastructure and applications. VCS integrates cybersecurity governance, policies, technologies and operations across Verizon, and works to incorporate security into the design of technology systems and services.
Verizon Cybersecurity (VCS) is looking for a Senior Penetration Tester to join our Enterprise Pen Test team in Reading and Proactive Security (RPS). You’ll be joining a group of talented, creative thinkers who "act like the threat" to focus on ensuring that our infrastructure and applications (web, mobile, and API) are secure by performing penetration testing from both inside and outside of Verizon. This team isn’t a "copy and paste from a scan tool" reporting team, or a cookie cutter just scanning with tools team, or a team that just monitors and supports security scanning tools used by developers. This team is an Enterprise recognized and supported group of skilled, experienced and certified ethical hackers Verizon employs who are trusted to direct themselves within a lot of unknowns.
The successful candidate will possess an effective aptitude in thinking like an adversary, security of infrastructure, web applications, APIs, and Mobile Applications, mentoring and leading junior pen testers and effectively translating highly technical information to internal customers in a way that supports VCS and broader Verizon goals.
Role responsibilities include:
The ability to lead and perform full scope penetration testing on significantly complex, high risk web applications, Infrastructure, APIs and Mobile applications.
The ability to work on significantly complex and unique issues where analysis of situations or data requires an evaluation of intangibles.
Using conceptual thinking to understand advanced issues and implications, where problems are not clearly defined and may lack strategic direction.
The ability to interpret broad goals with unknown variables and craft, execute plans to achieve these goals with little to no contemporary “clear and transparent” standards.
Configuring and safely utilizing attacker tools, tactics, and procedures for Verizon environments
Developing comprehensive and accurate reports and presentations for both technical and executive audiences.
The ability to make collaborative and independent decisions on the impact of an exposure to Verizon.
Acting as a SME and guide, advising on security vulnerability impact, ratings and remediation recommendations across the organization as needed.
Lead the definition of Pen Test strategy and standards to further enhance the company’s security posture, collaborating with management/exec leadership.
Effectively communicating findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel
Working closely with stakeholders and developers providing risk-appropriate and pragmatic recommendations to correct found vulnerabilities.
Architecting and leading the design and development of scripts, tools, or methodologies to enhance Verizon’s pen testing processes and effectiveness
Leading and contributing to development of operational objectives and principles to achieve goals independently and through team members.
Driving the strategy and success of large goals and initiatives which contribute to multiple areas of the organization.
Driving technical oversight and mentoring junior pen testers on pen test engagements, vulnerability impact and ratings and remediation recommendations.
Providing leadership and guidance to advance the offensive capabilities of the team and its subsequent ability to defend the Verizon Enterprise
What we’re looking for...
You’ll need to have:
Bachelor’s degree or four or more years of work experience.
Six or more years of relevant work experience.
Six or more years of relevant experience required, demonstrated through one or a combination of work and/or military experience, or specialized training.
Even better if you have one or more of the following:
A degree in engineering, cyber security or computer science.
Three or more years of application development experience.
Knowledge of secure software deployment methodologies, tools, and practices.
Experience with application security risk procedures, security patterns, authentication technologies and security attack pathologies.
Certifications such as: GXPN, GPEN, , eWPT, GCIH, GWAPT, OSCP, OSWA, OSCE, OSWE.
Service Delivery/Governance: ITILv2/3.
Deep understanding of OWASP Top 10, OWASP API Top 10, MASVS.
Strong knowledge of tools used for API, web application, Infrastructure, mobile, and network security testing, such as Kali Linux, Metasploit, Wireshark, Burp suite, Cobalt Strike, Nessus, Web Inspect, SQLMap.
Experience with system and application security threats and vulnerabilities, as well as secure configuration management techniques, software debugging principles, software design tools, methods, and techniques, software development models (e.g., Waterfall Model, Spiral Model).
Experience leading small pen test teams, driving process and strategy.
Experience leading large, cross-functional projects or engagements.
Solid understanding of common hosting environments such as containerization platforms (e.g., Docker and Kubernetes) and virtual machines running under hypervisors.
An implementation level familiarity with all common classes of modern exploitation.
Experience with software related information technology (IT) security principles and methods (e.g., modularization, layering, abstraction, data hiding, and simplicity/minimization).
Mastery of Unix/Linux/Mac/Windows operating systems, including bash and Powershell.
Programming skills preferred and encouraged, as well as the ability to read and assess applications written multiple languages, such as Python, JAVA, .NET, C#, or others
Knowledge of secure coding techniques.
Knowledge of application security, application security vulnerabilities and exploitation techniques.
Some experience with software related information technology (IT) security principles and methods (e.g., modularization, layering, abstraction, data hiding, and simplicity/minimization).
Knowledge of secure software deployment methodologies, tools, and practices.
Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
Knowledge of security architecture concepts and enterprise architecture reference models.
Knowledge in discerning the protection needs (i.e., security controls) of information systems and networks.
Strong organization skills and demonstrated ability to manage multiple, often conflicting priorities to successful completion.
Be a continuous learner; with a desire to stay current on security trends, tool, technologies and best practices.
If Verizon and this role sound like a fit for you, we encourage you to apply even if you don’t meet every “even better” qualification listed above.
Where you’ll be working
In this hybrid role, you'll have a defined work location that includes work from home and a minimum eight assigned office days per month that will be set by your manager.
Scheduled Weekly Hours
40
Equal Employment Opportunity
We’re proud to be an equal opportunity employer - and celebrate our employees’ differences, including race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, and Veteran status. At Verizon, we know that diversity makes us stronger. We are committed to a collaborative, inclusive environment that encourages authenticity and fosters a sense of belonging. We strive for everyone to feel valued, connected, and empowered to reach their potential and contribute their best. Check out our diversity and inclusion page to learn more.
Our benefits are designed to help you move forward in your career, and in areas of your life outside of Verizon. From health and wellness benefits, short term incentives, 401(k) Savings Plan, stock incentive programs, paid time off, parental leave, adoption assistance and tuition assistance, plus other incentives, we’ve got you covered with our award-winning total rewards package. For part-timers, your coverage will vary as you may be eligible for some of these benefits depending on your individual circumstances.
If you are hired into a California, Colorado, Connecticut, Hawaii, Illinois, Maryland, Minnesota, Nevada, New York, Rhode Island, Washington or Washington, D.C. work location, the compensation range for this position is between $129,000.00 and $239,000.00 annually based on a full-time schedule. The salary will vary depending on your location and confirmed job-related skills and experience. This is an incentive based position with the potential to earn more. For part time roles, your compensation will be adjusted to reflect your hours.
When you join Verizon
You want more out of a career. A place to share your ideas freely — even if they’re daring or different. Where the true you can learn, grow, and thrive. At Verizon, we power and empower how people live, work and play by connecting them to what brings them joy. We do what we love — driving innovation, creativity, and impact in the world. Our V Team is a community of people who anticipate, lead, and believe that listening is where learning begins. In crisis and in celebration, we come together — lifting our communities and building trust in how we show up, everywhere & always. Want in? Join the V Team Life.
What you’ll be doing...
The Verizon Cyber Security (VCS) organization enables the business by protecting assets and information across Verizon networks, infrastructure and applications. VCS integrates cybersecurity governance, policies, technologies and operations across Verizon, and works to incorporate security into the design of technology systems and services.
Verizon Cybersecurity (VCS) is looking for a Senior Penetration Tester to join our Enterprise Pen Test team in Reading and Proactive Security (RPS). You’ll be joining a group of talented, creative thinkers who "act like the threat" to focus on ensuring that our infrastructure and applications (web, mobile, and API) are secure by performing penetration testing from both inside and outside of Verizon. This team isn’t a "copy and paste from a scan tool" reporting team, or a cookie cutter just scanning with tools team, or a team that just monitors and supports security scanning tools used by developers. This team is an Enterprise recognized and supported group of skilled, experienced and certified ethical hackers Verizon employs who are trusted to direct themselves within a lot of unknowns.
The successful candidate will possess an effective aptitude in thinking like an adversary, security of infrastructure, web applications, APIs, and Mobile Applications, mentoring and leading junior pen testers and effectively translating highly technical information to internal customers in a way that supports VCS and broader Verizon goals.
Role responsibilities include:
The ability to lead and perform full scope penetration testing on significantly complex, high risk web applications, Infrastructure, APIs and Mobile applications.
The ability to work on significantly complex and unique issues where analysis of situations or data requires an evaluation of intangibles.
Using conceptual thinking to understand advanced issues and implications, where problems are not clearly defined and may lack strategic direction.
The ability to interpret broad goals with unknown variables and craft, execute plans to achieve these goals with little to no contemporary “clear and transparent” standards.
Configuring and safely utilizing attacker tools, tactics, and procedures for Verizon environments
Developing comprehensive and accurate reports and presentations for both technical and executive audiences.
The ability to make collaborative and independent decisions on the impact of an exposure to Verizon.
Acting as a SME and guide, advising on security vulnerability impact, ratings and remediation recommendations across the organization as needed.
Lead the definition of Pen Test strategy and standards to further enhance the company’s security posture, collaborating with management/exec leadership.
Effectively communicating findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel
Working closely with stakeholders and developers providing risk-appropriate and pragmatic recommendations to correct found vulnerabilities.
Architecting and leading the design and development of scripts, tools, or methodologies to enhance Verizon’s pen testing processes and effectiveness
Leading and contributing to development of operational objectives and principles to achieve goals independently and through team members.
Driving the strategy and success of large goals and initiatives which contribute to multiple areas of the organization.
Driving technical oversight and mentoring junior pen testers on pen test engagements, vulnerability impact and ratings and remediation recommendations.
Providing leadership and guidance to advance the offensive capabilities of the team and its subsequent ability to defend the Verizon Enterprise
What we’re looking for...
You’ll need to have:
Bachelor’s degree or four or more years of work experience.
Six or more years of relevant work experience.
Six or more years of relevant experience required, demonstrated through one or a combination of work and/or military experience, or specialized training.
Even better if you have one or more of the following:
A degree in engineering, cyber security or computer science.
Three or more years of application development experience.
Knowledge of secure software deployment methodologies, tools, and practices.
Experience with application security risk procedures, security patterns, authentication technologies and security attack pathologies.
Certifications such as: GXPN, GPEN, , eWPT, GCIH, GWAPT, OSCP, OSWA, OSCE, OSWE.
Service Delivery/Governance: ITILv2/3.
Deep understanding of OWASP Top 10, OWASP API Top 10, MASVS.
Strong knowledge of tools used for API, web application, Infrastructure, mobile, and network security testing, such as Kali Linux, Metasploit, Wireshark, Burp suite, Cobalt Strike, Nessus, Web Inspect, SQLMap.
Experience with system and application security threats and vulnerabilities, as well as secure configuration management techniques, software debugging principles, software design tools, methods, and techniques, software development models (e.g., Waterfall Model, Spiral Model).
Experience leading small pen test teams, driving process and strategy.
Experience leading large, cross-functional projects or engagements.
Solid understanding of common hosting environments such as containerization platforms (e.g., Docker and Kubernetes) and virtual machines running under hypervisors.
An implementation level familiarity with all common classes of modern exploitation.
Experience with software related information technology (IT) security principles and methods (e.g., modularization, layering, abstraction, data hiding, and simplicity/minimization).
Mastery of Unix/Linux/Mac/Windows operating systems, including bash and Powershell.
Programming skills preferred and encouraged, as well as the ability to read and assess applications written multiple languages, such as Python, JAVA, .NET, C#, or others
Knowledge of secure coding techniques.
Knowledge of application security, application security vulnerabilities and exploitation techniques.
Some experience with software related information technology (IT) security principles and methods (e.g., modularization, layering, abstraction, data hiding, and simplicity/minimization).
Knowledge of secure software deployment methodologies, tools, and practices.
Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
Knowledge of security architecture concepts and enterprise architecture reference models.
Knowledge in discerning the protection needs (i.e., security controls) of information systems and networks.
Strong organization skills and demonstrated ability to manage multiple, often conflicting priorities to successful completion.
Be a continuous learner; with a desire to stay current on security trends, tool, technologies and best practices.
If Verizon and this role sound like a fit for you, we encourage you to apply even if you don’t meet every “even better” qualification listed above.
Where you’ll be working
In this hybrid role, you'll have a defined work location that includes work from home and a minimum eight assigned office days per month that will be set by your manager.
Scheduled Weekly Hours
40
Equal Employment Opportunity
We’re proud to be an equal opportunity employer - and celebrate our employees’ differences, including race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, and Veteran status. At Verizon, we know that diversity makes us stronger. We are committed to a collaborative, inclusive environment that encourages authenticity and fosters a sense of belonging. We strive for everyone to feel valued, connected, and empowered to reach their potential and contribute their best. Check out our diversity and inclusion page to learn more.
Our benefits are designed to help you move forward in your career, and in areas of your life outside of Verizon. From health and wellness benefits, short term incentives, 401(k) Savings Plan, stock incentive programs, paid time off, parental leave, adoption assistance and tuition assistance, plus other incentives, we’ve got you covered with our award-winning total rewards package. For part-timers, your coverage will vary as you may be eligible for some of these benefits depending on your individual circumstances.
If you are hired into a California, Colorado, Connecticut, Hawaii, Illinois, Maryland, Minnesota, Nevada, New York, Rhode Island, Washington or Washington, D.C. work location, the compensation range for this position is between $129,000.00 and $239,000.00 annually based on a full-time schedule. The salary will vary depending on your location and confirmed job-related skills and experience. This is an incentive based position with the potential to earn more. For part time roles, your compensation will be adjusted to reflect your hours.
Company benefits
We need to ask employees of Verizon what it's like to work there before we assign the company FlexScore®.
Working at Verizon
Currently Hiring Countries
Belgium
China
Denmark
France
Germany
Hong Kong
India
Ireland
Italy
Japan
Mexico
Netherlands
Philippines
Singapore
Sweden
Taiwan
United Kingdom
United States
Office Locations