Skip to main contentA logo with &quat;the muse&quat; in dark blue text.

Attack & Penetration Tester

AT Nationwide Insurance
Nationwide Insurance

Attack & Penetration Tester

Remote

If you’re passionate about innovation and love working in an environment where you can constantly improve and adopt new technologies to drive business results, then Nationwide’s Information Technology team could be the place for you!

This position is focused on Web Application Penetration Testing.  The successful candidate will have three to five years of experience in application security testing or development with a strong understanding of web application security vulnerabilities.  Scripting and/or programming experience in Python, Powershell, C# or Java. Key responsibilities will include:

Want more jobs like this?

Get Software Engineering jobs that are Remote delivered to your inbox every week.

By signing up, you agree to our Terms of Service & Privacy Policy.
  • Utilizing the PTES (Penetration Testing Execution Standard) methodology for conducting offensive security testing

  • Conducting internal and external penetration tests to identify and demonstrate weaknesses in web and cloud applications

  • Utilizing white, grey and black box testing approaches

  • Documenting test results and deliver reports and recommendations to management

  • Recommending potential remediation actions

  • Participating in cross department collaboration efforts to assess security risks and threats

License/Certification/Designation: Preferred certifications may include: Certified Ethical Hacker (CEH), Licensed Penetration Tester (LPT), GIAC Web Application Penetration Tester (GWAPT), Offensive Security Certified Professional (OSCP), Offensive Security Web Expert (OSWE), Certified Information Systems Security Professional (CISSP)

Compensation grade F4

Job Description Summary

If you’re committed to delivering technology solutions to support a company providing outstanding service to its customers, then Nationwide Technology may be the place for you! Our industry-leading technology workforce personifies an agile work environment and a collaborative, inclusive culture to deliver outstanding solutions and results. If that sounds like something you aspire to, we want to hear from you!

As a Specialist, you'll be on the front line, protecting Nationwide's members and data! You will be immersed with incident response, cyber strategy and guidance, defense optimization and scanning and exploitation. We'll count on you to provide enterprise services in forensic investigation, attack and penetration, vulnerability scanning and response, cyber defense, security intelligence, security operations and infrastructure risk management.

Job Description

Key Responsibilities: 

  • Responds to cyber incidents using industry recognized methodology, e.g., PICERL (Preparation, Identification, Containment, Eradication, Recovery and Lessons Learned)).

  • Creates uplift of cyber security detection and alerts for ongoing prevention of threats.

  • Executes the automation of containment of cyber security events.

  • Supports vulnerability management via tools and processes and proactively identify vulnerabilities in the environment.

  • Plans and conducts team activities to enrich detection and prevention controls.

  • Identifies critical log sources and system events used for creation and tuning of cyber security detections.

May perform other responsibilities as assigned.

Reporting Relationships: Reports to Manager, Risk Leader or above.

Typical Skills and Experiences: 

Education: Undergraduate studies (bachelor’s degree preferred) in cyber security, management information systems, engineering, math, computer science, data analytics or comparable experience and education strongly preferred. Graduate studies in cyber security, computer science or a related field are a plus.

License/Certification/Designation: Preferred certifications include: Certified Information Systems Security Professional (CISSP), Cisco Certified Network Associate (CCNA), Certified Ethical Hacker (CEH), GIAC Certified Intrusion Handler (GCIH), Digital Forensics Investigation: EnCase® Certified Examiner (EnCE) certification, GIAC Strategic Planning Policy and Leadership (GSTRT), GIAC Security Expert (GSE), Certified Cloud Security Professional (CCSP), AWS Certified Cloud Practitioner, AZ500.

Experience: Three to five years of experience in technology. Experience in working with operating systems, networking, desktop support, application development, end point security, database management or information security. Successful candidates will have experience configuring and using Windows and Linux/Unix operating systems.

Knowledge, Abilities and Skills: Ability to make decisions and recommendations. Aptitude to build partnerships and set priorities. Solid communication skills. Insurance/financial services industry knowledge a plus. 

Other criteria, including leadership skills, competencies and experiences may take precedence. 

Staffing exceptions to the above must be approved by the hiring manager’s leader and HR Business Partner.

Values: Regularly and consistently demonstrates Nationwide Values.

Job Conditions: 

Overtime Eligibility: Not Eligible (Exempt)

Working Conditions: Normal office environment.

ADA: The above statements cover what are generally believed to be principal and essential functions of this job. Specific circumstances may allow or require some people assigned to the job to perform a somewhat different combination of duties. 

Job ID: d890a6e30835e597fc3e75b013a88eb04cbb99586b4d4c48e8c29c01c0dbf5d0
Employment Type: Other