We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
I agree and accept cookies
Main menu
Post a Job
Request a Demo
Yes
No
Both
Advanced search
#alert
Back to search results / More jobs like this
Back to search results
New
Mass General Brigham (Enterprise Services) jobs

Information Security Engineer III Penetration Tester

Mass General Brigham (Enterprise Services)
United States, Massachusetts, Somerville
399 Revolution Drive (Show on map)
Mar 13, 2025
The Mass General Brigham (MGB) Digital Team is hiring!
The MGB Information Security Engineer III Penetration Tester will be responsible for participating in planned penetration tests against the various organizations within the MGB environment. This role will apply an 'adversarial mindset' against the infrastructure to assess the security controls deployed. The penetration tester exists as a part of the broader Attack Surface Management Program, and may also participate in attack simulations, threat intelligence gathering, and attack surface analysis efforts. The ideal candidate is a deeply technical minded security professional with prior experience in one or more of the following areas:
*Penetration testing
*Web application security testing
*Breach Attack Simulation
*Application development security
*Security controls validation
Principal Duties and Responsibilities:
*Penetration Testing: Assist in the scoping and execution of penetration tests on MGB networks, systems, and applications. The engineer will be responsible for being able to use automated and hands on techniques to suitably the environment and identify security gaps. Ensure that a clear and concise findings report can be delivered to stakeholders.
*Attack Simulation: Participate in planning and execution of simulated attacks against MGB testing infrastructure to appropriately mimic the kinds of threat actors that target the healthcare sector.
*Attack Surface Analysis: Conduct comprehensive assessments to identify risks within the organization's network, applications, and systems. This includes both internal and external assets.
*Cross-functional Collaboration: Work closely with IT, network, and application teams to ensure a cohesive approach to security. Facilitate communication and collaboration across departments to ensure alignment with security goals.
*Incident Response Support: Support the incident response team by providing insights into potential attack vectors and vulnerabilities that may be exploited during a cyber incident.
*Written Documentation: Create, review, and update documentation related to the information security and information privacy controls.
*Communication: Clear and concise written and verbal communication including long-form documentation, enterprise broadcast communications, and executive presentations; special attention required to translate technical detail into language the intended audience can understand.
*Industry Knowledge: Maintain awareness of new technologies and related opportunities for impact on system or application security.
*MGB Values: Uses the Mass General Brigham values to govern decisions, actions and behaviors. These values guide how we get our work done: Patients, Affordability, Accountability & Service Commitment, Decisiveness, Innovation & Thoughtful Risk; and how we treat each other: Diversity & Inclusion, Integrity & Respect, Learning, Continuous Improvement & Personal Growth, Teamwork & Collaboration.
*Other duties as assigned.

  • Bachelor's degree (B.A. / B.S.) in Information Security, Computer Science, Computer Engineering or equivalent from an accredited college or university required or related experience
  • 5+ years of experience in Information Technology or Information Security required.
  • Broad understanding of where to find and assess tools for penetration testing
  • Broad understanding of networking security and architecture concepts
  • Basic knowledge of tools used in day-to-day processes with ability to learn new tools and skills.
  • Ability to apply defined processes and playbooks to resolve a wide variety of issues.
  • Critical thinking and problem-solving skills sufficient to identify and communicate key issues or understand when escalation support is required.
  • An understanding of business needs and commitment to delivering high-quality, prompt and efficient service to the business.
  • Ability to collaborate effectively with team members, providing assistance and support as needed.
  • Knowledge of NIST Cybersecurity Framework (CSF), NIST 800-53, ISO 27K, is desirable.
  • Preferred certifications include: Offensive Security Certified Professional (OSCP), Offensive Security Certified Expert (OSCE), GIAC Penetration Tester Certification (GPEN), GIAC Experienced Penetration Tester (GX-PT), GIAC Certified Red Team Professional (GRTP), GIAC Security Operati
  • Exceptional interpersonal skills to effectively communicate with cross functional teams.
  • Strong time management and organizational skills required, project management skills are desired.
  • An ability to work under the required guidelines and deliver on business/project requirements.
  • Strong vocabulary, written and verbal communication and effective interpersonal skills is critical.
  • Comfortable working in a dynamic environment with multiple work streams, goals, and objectives.
  • Must know how to use common M365 Office Suite of products.
  • Ability to work independently with appropriate supervision.
  • Ability to successfully negotiate and collaborate with others of different skill sets, backgrounds an levels within and external to the organization.
  • Experience in one or more of the following technologies preferred: endpoint detection and response (EDR), static and dynamic source-code analysis, SIEM, privileged access management (PAM), network technologies, cloud hosting platforms, IoT search engines, OSINT tools, etc.
  • Strong problem solving and critical thinking skills.
  • ons Certified (GSOC), GIAC Security Expert (GSE), etc.

Skills for Success



  • M-F Eastern Business Hours required
  • Hybrid onsite Flexible working model required weekly includes onsite in office (number of days weekly can vary, must be flexible for business needs)
  • 1-3 onsite days per week
  • Remote working days require stable, secure, quiet, compliant working station

Physical Requirements

  • Standing Occasionally (3-33%)
  • Walking Occasionally (3-33%)
  • Sitting Constantly (67-100%)
  • Lifting Occasionally (3-33%) 20lbs - 35lbs
  • Vision - Far Constantly (67-100%)
  • Vision - Near Constantly (67-100%)
  • Talking Constantly (67-100%)
  • Hearing Constantly (67-100%)


Mass General Brigham Incorporated is an Equal Opportunity Employer. By embracing diverse skills, perspectives and ideas, we choose to lead. All qualified applicants will receive consideration for employment without regard to race, color, religious creed, national origin, sex, age, gender identity, disability, sexual orientation, military service, genetic information, and/or other status protected under law. We will ensure that all individuals with a disability are provided a reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment.
Applied = 0
MORE JOBS LIKE THIS

(web-b798c7cf6-l9rr9)