AVP, Penetration Tester
Job Description
The AVP, Penetration Tester role at LPL Financial is responsible for planning, scoping, and conducting internal penetration testing across web, mobile, cloud, API, and AI-enabled applications, collaborating with stakeholders to identify and remediate security weaknesses before deployment.
Responsibilities
- Collaborate with product and technology stakeholders to steer end-to-end penetration testing activities, working with Security Architects across the SDLC to identify and remediate security issues prior to production deployment
- Execute targeted testing of web, mobile, and API applications against OWASP Top 10 threats and evolving risks, partnering with Application Security teams to deliver actionable feedback and expand automated and AI-assisted testing capabilities
- Assess security of internal and external networks, infrastructure, cloud environments, and a broad range of internally developed and commercial products
- Apply analytical and creative methods to bypass security controls, uncover vulnerabilities, and provide practical remediation guidance; stay current on TTPs, zero-day vulnerabilities, and mitigation strategies
- Develop or modify custom tools and scripts to support new penetration testing needs, automation, and AI-assisted testing approaches
- Document testing scope, methodology, findings, risk ratings, remediation recommendations, and validation results clearly and concisely
- Present testing results to technology and business partners, communicating risk, impact, and remediation guidance in an accessible, collaborative manner
- Lead the execution of assigned penetration testing initiatives, including status updates to leadership and coordination with stakeholders
- Oversee communication, tracking, and retesting of findings to verify closure of identified issues
- Assist with validation and triage of submissions from the Vulnerability Disclosure Program and Bug Bounty programs
Requirements
- 8+ years of experience conducting application, API, and network based penetration testing engagements
- 6+ years of experience troubleshooting tools, manually identifying vulnerabilities in code, and rewriting code to remediate security issues
- 3+ years of experience leading penetration testing engagements from scoping through reporting and remediation validation
- 1+ year of experience testing AI, LLM, or Generative AI enabled applications
- 1+ year of experience using AI models to accelerate tool development or testing workflows
- Advanced knowledge of security assessment tools and frameworks, including Burp Suite, Kali Linux, Nessus, Acunetix, Metasploit, AutoSploit, Cobalt Strike, MITRE ATT&CK, MITRE ATLAS, and OWASP Top 10 (including OWASP Top 10 for LLMs)
- Bachelor’s degree or equivalent experience
Technologies
Core tools and platforms used in this role include:
- Burp Suite
- Kali Linux
- Nessus
- Acunetix
- Metasploit
- AutoSploit
- Cobalt Strike
- MITRE ATT&CK
- MITRE ATLAS
- OWASP Top 10
- Claude
- AWS
- Azure
- Linux
- macOS
- Windows
- Containers
- Kubernetes
- Microservices
- Serverless functions
- .NET
- JavaScript
- Python
- Java
- PowerShell
- Perl
- Ruby
- Bash
Benefits
- 401K matching
- Health benefits
- Employee stock options
- Paid time off
- Volunteer time off
Compensation
Annual base pay range: $122,570 to $204,249 per year
Location
Fort Mill, SC on site
Similar Jobs
J
J