Principal, Cybersecurity Penetration Tester
Company: Fidelity Investments
Location: Merrimack
Posted on: July 6, 2025
|
|
|
Job Description:
Job Description: The mission of the penetration testing team is
to protect Fidelity's assets and our customers’ livelihoods from
the threat of exploitation by malicious adversaries. The
penetration testing team does this by proactively identifying
vulnerabilities in our systems and serving as subject matter
experts to enable the business units to mitigate them in a
positive, collaborative, innovative manner. Lead testing efforts on
Fidelity's web and mobile applications and supporting systems.
Replicate the actual techniques and tools used by malicious
attackers in an effort to model potential external threats. Upon
completion of the assessment, you will prepare reports and present
the results to application owners, developers, and business unit
information security teams. Analyze test results, draw conclusions
from results, and develop targeted exploit examples. Consult with
operations and software development teams to ensure potential
weaknesses are addressed. Contribute to the research or development
of tools to assist in the vulnerability discovery process.
Collaborate with other teams within Enterprise Cybersecurity to
improve the overall security of Fidelity's applications and
infrastructure. Stay current on security best practices and
vulnerabilities. The Expertise You Have and The Skills You Bring
Bachelors degree or equivalent experience 5 years of IT experience
Preferred 3 years of hands-on web application penetration testing /
ethical hacking experience Preferred: OSCP, GWAPT, GXPN, GPEN, LPT,
CEH, CISSP or other industry security certifications. Ability to
demonstrate manual testing experience including all of OWASP Top 10
Intermediate knowledge of application security mechanisms such as
authentication and authorization techniques, data validation, and
the proper use of encryption Technical knowledge of, and the
ability to recognize, various types of application security
vulnerabilities. Demonstrated experience with common penetration
testing and vulnerability assessment tools such as nmap, Wireshark,
Nessus, NeXpose, BackTrack, Metasploit, AppScan, WebInspect, Burp
Suite Professional, Acunetix, Arachni, w3af, NTOSpider Intermediate
knowledge of a programming or scripting language such a C, C#,
Python, Objective C, Java, Javascript, SQL, Intermediate knowledge
of Web Services technologies such as XML, JSON, SOAP, REST, and
AJAX Intermediate knowledge of web frameworks, including XML, SOAP,
J2EE, JSON and Ajax Experience with Enterprise Java or .NET web
application frameworks, including Struts and Spring Proven
analytical and problem-solving skills, as well as the desire to
assist others in solving issues Excellent interpersonal skills with
a strong interest in the application security domain Excellent
communication and presentation skills and a proven ability to
communicate threats and facilitate progress towards long-term
remediation. Highly motivated with the willingness to take
ownership / responsibility for their work and the ability to work
alone or as part of a team. The Team The Penetration Testing team
forms part of Security Assessment group within Enterprise
Cybersecurity (ECS). The goal of the Security Assessment group is
to proactively identify and remediate vulnerabilities in Fidelity’s
applications and infrastructure. We work very closely with all of
the key Business Units to ensure that they remain secure while they
deliver key projects to advance the firm. Certifications: Category:
Information Technology Fidelity’s hybrid working model blends the
best of both onsite and offsite work experiences. Working onsite is
important for our business strategy and our culture. We also value
the benefits that working offsite offers associates. Most hybrid
roles require associates to work onsite every other week (all
business days, M-F) in a Fidelity office. Please be advised that
Fidelity’s business is governed by the provisions of the Securities
Exchange Act of 1934, the Investment Advisers Act of 1940, the
Investment Company Act of 1940, ERISA, numerous state laws
governing securities, investment and retirement-related financial
activities and the rules and regulations of numerous
self-regulatory organizations, including FINRA, among others. Those
laws and regulations may restrict Fidelity from hiring and/or
associating with individuals with certain Criminal Histories.
Keywords: Fidelity Investments, New England , Principal, Cybersecurity Penetration Tester, IT / Software / Systems , Merrimack, Northeast
