Senior Penetration Tester

Become a part of our caring community and help us put health first

Join a 100% remote, highly specialized offensive security team where collaboration and continuous learning drive our success. We foster a supportive environment focused on collective growth and technical excellence, where every team member contributes to our shared mission. You will have access to Hack The Box Pro Labs, all HTB role-based training paths and certifications, discretionary certification funding, and conference / training budgets. These resources will enable you to continuously advance your expertise while working on industry-leading application security challenges. You will be part of Cyber Threat Simulation (CTS), collaborating with Red Team, Breach and Attack Simulation, and Bug Bounty professionals, highly specialized experts who identify vulnerabilities so the business can address them proactively. Fridays are dedicated to research and development, allowing the team to pursue training in emerging offensive security technologies, tools, large language models (LLMs), artificial intelligence, and other relevant topics.

The Senior Penetration Tester enables secure and compliant business operations by performing application security-focused penetration tests. This role helps maintain PCI-DSS compliance and supports the team's success by :

• Contributing technical expertise during the consulting rotation and occasionally during "lunch & learns.”
• Identifying and documenting novel vulnerabilities in web applications, APIs, thick clients, Cloud, and AI / LLM / ML-powered applications.
• Leading moderate to complex penetration tests with autonomy and making recommendations to leadership based on advanced knowledge and experience.
• Leading closing meetings with business stakeholders such as application owners, security teams, information security offices, and other internal customers.

The position focuses on scoping, planning, executing, documenting, and sharing the findings of penetration tests and providing valuable input that influences the strategy and direction of the penetration testing functional area within the enterprise's offensive security program by collaborating with the Associate Director, Penetration Testing.

Mission & Impact

Conduct comprehensive security assessments to identify vulnerabilities across Humana's technology infrastructure and translate technical findings into actionable business risk recommendations. You will leverage deep offensive security expertise to design and execute penetration tests, develop custom testing methodologies, and manage multiple concurrent security assessments.

Your week involves reviewing new applications for security assessment opportunities, executing advanced penetration testing techniques across web applications and cloud environments, developing detailed remediation guidance, and presenting findings to both technical and executive stakeholders.

Why it matters : Every assessment you complete identifies real-world vulnerabilities before attackers do, helping Development, Infrastructure, and Security teams strengthen our overall defensive capabilities.

You'll do well in this role if you are skilled in advanced exploitation techniques, enjoy translating complex technical vulnerabilities into clear business risk, and prefer delivering evidence-based security recommendations over theoretical discussions.

Key Responsibilities

Security Assessment Delivery : Design and execute comprehensive penetration tests across web applications, network infrastructure, cloud environments, and mobile platforms using industry-standard tools and custom methodologies. Develop targeted test cases for specific technologies and environments not covered by standard approaches. Ensure assessments meet service level agreements, such as completing standard web application assessments within established timeframes, while operating with minimal guidance on complex testing scenarios.

Technical Expertise & Innovation : Maintain proficiency with current testing tools, exploit techniques, and emerging attack vectors with considerable autonomy. Research and integrate new testing methodologies and develop custom tools when commercial solutions are insufficient. Apply advanced technical knowledge to overcome complex security controls and identify sophisticated attack paths.

Stakeholder Communication & Documentation : Draft comprehensive technical reports with clear risk assessments and actionable remediation guidance for technical and executive audiences. Present findings to development teams, infrastructure groups, and business stakeholders. Use independent judgment to prioritize findings based on business impact, exploitability, and organizational risk tolerance.

Strategic Collaboration : Occasionally collaborate with architecture and engineering teams as a consulted stakeholder, and deconflict alerts as requested by incident response and threat hunting teams. Make recommendations regarding security testing approaches based on offensive security expertise and best industry practices.

Continuous Improvement : Propose enhancements to testing methodologies, identify gaps in organizational security controls, and suggest new assessment approaches to address emerging threats. Your technical insights and proactive recommendations will significantly influence CTS testing strategy and organizational security improvements.

Use your skills to make an impact

Minimum Qualifications

Minimum 5 years of experience in penetration testing, ethical hacking, or offensive security operations

Advanced proficiency in scripting languages such as Python, PowerShell, Bash, or Ruby for automation and custom tool development

Excellent communication skills with experience in presenting technical findings to both technical and executive stakeholders

Knowledge of regulatory compliance frameworks, particularly PCI DSS penetration testing requirements and methodologies

Experience with major Cloud Service Providers, including AWS, Azure, and GCP-security testing

Demonstrated ability to work autonomously on complex technical security assessments

Experience with enterprise security testing across network infrastructure, mobile and web applications, and cloud environments

Proficiency with industry-standard tools, including Burp Suite, Metasploit, Nmap, BloodHound, and custom exploitation frameworks

Strong understanding of network protocols, web application architectures, and enterprise security technologies

Relevant industry certifications, including but not limited to : OSCP, OSWE, CPTS, CBBH, or equivalent advanced credentials

Preferred Qualifications

7+ years of experience in any of the following areas :

Advanced penetration testing or red team operations

Application Security-focused research and exploit development

Expertise in Mobile application security testing (iOS / Android)

Experience performing Cloud (AWS, Azure, or GCP), Microsoft Active Directory, and Entra ID-focused security assessments

Published research, blog posts, or speaking engagements at industry conferences such as DEF CON, BSIDES, Black Hat, or regional security conferences

CWEE, OSCE3

Familiarity with AI / ML security testing, including LLM-powered applications, prompt injection attacks, and AI model security assessments

Experience with security automation, CI / CD pipeline security testing, and DevSecOps practices

Travel : While this is a remote position, occasional travel to Humana's offices for training or meetings may be required.

Scheduled Weekly Hours

40

Pay Range

The compensation range below reflects a good faith estimate of starting base pay for full time (40 hours per week) employment at the time of posting. The pay range may be higher or lower based on geographic location and individual pay will vary based on demonstrated job related skills, knowledge, experience, education, certifications, etc.

$117,600 - $161,700 per year

This job is eligible for a bonus incentive plan. This incentive opportunity is based upon company and / or individual performance.

Description of Benefits

Humana, Inc. and its affiliated subsidiaries (collectively, “Humana”) offers competitive benefits that support whole-person well-being. Associate benefits are designed to encourage personal wellness and smart healthcare decisions for you and your family while also knowing your life extends outside of work. Among our benefits, Humana provides medical, dental and vision benefits, 401(k) retirement savings plan, time off (including paid time off, company and personal holidays, volunteer time off, paid parental and caregiver leave), short-term and long-term disability, life insurance and many other opportunities.

Application Deadline : 10-05-2025

About us

Humana Inc. (NYSE : HUM) is committed to putting health first – for our teammates, our customers and our company. Through our Humana insurance services and CenterWell healthcare services, we make it easier for the millions of people we serve to achieve their best health – delivering the care and service they need, when they need it. These efforts are leading to a better quality of life for people with Medicare, Medicaid, families, individuals, military service personnel, and communities at large.

Equal Opportunity Employer

It is the policy of Humana not to discriminate against any employee or applicant for employment because of race, color, religion, sex, sexual orientation, gender identity, national origin, age, marital status, genetic information, disability or protected veteran status. It is also the policy of Humana to take affirmative action, in compliance with Section 503 of the Rehabilitation Act and VEVRAA, to employ and to advance in employment individuals with disability or protected veteran status, and to base all employment decisions only on valid job requirements. This policy shall apply to all employment actions, including but not limited to recruitment, hiring, upgrading, promotion, transfer, demotion, layoff, recall, termination, rates of pay or other forms of compensation and selection for training, including apprenticeship, at all levels of employment.

Humana complies with all applicable federal civil rights laws and does not discriminate on the basis of race, color, national origin, age, disability, sex, sexual orientation, gender identity or religion. We also provide free language interpreter services. See our