Penetration Tester

The Information Security team at Pennymac is seeking a skilled Penetration Tester to proactively identify and mitigate security risks across our digital landscape. You'll leverage your expertise to conduct in-depth penetration tests on web applications and AWS infrastructure, uncovering vulnerabilities and weaknesses. You'll also play a key role in driving the remediation process, collaborating and educating teams to ensure timely and effective resolution of identified security issues.

We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to HR@insightglobal.com.To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/.

• Minimum 5 years of experience in penetration testing or cybersecurity testing.
• Deep expertise in web application penetration testing.
• Strong understanding of cloud infrastructure, especially AWS architecture and best practices.
• Familiarity with tactics, techniques, and methodologies used in security testing.
• Adherence to security principles and ethics.
• Ability to go beyond automated scans:
○ Use tools to support manual vulnerability discovery.
§ Vulnerabilities such as:
□ OWASP Top 10
□ SQL injection
□ API vulnerabilities
○ Identify issues before exposure to the internet or attackers.
• Tool proficiency:
○ Burp Suite, Nmap, Metasploit, Nuclei.
• Knowledge of SAST, DAST, SCA, and Secrets scanning.
• Experience with security reviews as part of the pen testing process.
• Familiarity with platforms like SonarQube, SciCode, Salas for security assessments.

• Industry experience in financial services, government, or education is a plus.
• Certifications: OSCP, SCSP, CH, Security+ (especially when backed by hands-on experience).

Benefit packages for this role will start on the 31st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.