Principal, Cybersecurity Penetration Tester Join to apply for the Principal, Cybersecurity Penetration Tester role at Fidelity Investments . Job Description The mission of the penetration testing team is to protect Fidelity's assets and our customers’ livelihoods from the threat of exploitation by malicious adversaries. The team proactively identifies vulnerabilities in systems and collaborates with business units to mitigate them. Lead testing efforts on Fidelity's web and mobile applications and supporting systems. Replicate techniques used by malicious attackers to model external threats. Prepare reports and present findings to application owners, developers, and security teams. Analyze test results, develop exploit examples, and draw conclusions. Consult with operational and development teams to address vulnerabilities. Contribute to tool research and development for vulnerability discovery. Collaborate across teams to improve overall security. Stay current on security practices and vulnerabilities. Required Skills and Experience Bachelor's degree or equivalent experience. 5+ years of IT experience. 3+ years of web application penetration testing/ethical hacking. Security certifications such as OSCP, GWAPT, GXPN, GPEN, LPT, CEH, CISSP, or similar. Manual testing experience, including OWASP Top 10. Knowledge of application security mechanisms and vulnerabilities. Experience with tools like nmap, Wireshark, Nessus, Metasploit, Burp Suite, etc. Knowledge of programming/scripting languages (C, Python, Java, etc.). Understanding of Web Services technologies (XML, JSON, SOAP, REST, AJAX). Experience with Java or .NET web frameworks. Strong analytical, problem-solving, communication, and teamwork skills. Team and Culture The Penetration Testing team is part of the Security Assessment group within Enterprise Cybersecurity. We work closely with business units to identify and remediate vulnerabilities, supporting Fidelity's security initiatives. Additional Information Fidelity offers a hybrid work model, combining onsite and remote work. The role is full-time, mid-senior level, in the IT domain, based in Boston, MA. The position is active and accepting applications.

#J-18808-Ljbffr