Express Scripts Sr. Application Penetration Tester in St. Louis, Missouri

POSITION SUMMARY

This role is responsible for conducting vulnerability assessments, threat modeling, penetration tests, and red team campaigns of ESI’s IT infrastructure and applications. This role will work closely with the Sr. Manager of Attack Simulation to identify, evaluate, and remediate potential weaknesses in ESI’s systems using both manual and automated methods.

ESSENTIAL FUNCTIONS

  • Execute internal and external penetration tests against corporate web applications, APIs, networks, Windows and Unix variants to discover vulnerabilities
  • Execute mobile application penetration tests for both Android and iOS based devices
  • Create comprehensive and accurate penetration testing reports with recommendations for appropriate remediation
  • Develop scripts, tools or methodologies to enhance ESI’s penetration testing processes

ESSENTIAL KNOWLEDGE, EXPERIENCE, AND SKILLS:

  • Proficiency in application vulnerability assessment tools (e.g. Burp, Checkmarx, AppScan, WebInspect, Cenzic, etc.)
  • Proficiency in network and server assessment tools (e.g. Nessus, metasploit, nmap, nikto, etc.)
  • Coding/scripting experience in modern scripting languages (e.g. Python, Ruby, PowerShell)
  • Mobile application coding experience with Android/iOS based platforms (e.g. Java, Swift, Objective C)
  • Basic exploit development and validation skills
  • Strong analytical and problem solving skills with the ability to “think outside the box”
  • Proficiency in manual and automated techniques for penetration testing and executing vulnerability assessments
  • Ability to analyze vulnerabilities, appropriately characterize threats, and provide remediation advice
  • Understanding of web application frameworks (React, Springboot, Ruby on Rails, J2EE, PHP, ASP.NET)
  • Understanding of core Internet protocols (e.g. DNS, HTTP, TCP, UDP, TLS, IPsec)
  • Understanding of encryption fundamentals (symmetric/asymmetric, ECB/CBC operations, AES, etc.)
  • Strong oral and written communication skills, including a demonstrated ability to prepare documentation and presentations for technical and non-technical audiences

QUALIFICATIONS

  • Bachelor’s degree in computer related field.
  • Five to eight years of relevant working experience; at least 3 years of experience in IT Security.
  • Certification in information security (CISSP, CISM, or equivalent) preferred.
  • Familiarity with external regulations, e.g., DIACAP, HIPAA, Sarbanes-Oxley.Strong understanding of information security principles.
  • Familiarity with domain structures, user authentication, and digital signatures
  • Understanding of data communication networks.
  • Experience with security tools and systems; PC skills including knowledge of Microsoft Office.
  • Excellent organizational skills and ability to communicate with internal/external entities and executives a must.
  • Effective leadership skills.
  • Demonstrated ability to coordinate people and teams to project/activity completion and the ability to work in a team environment, sharing workloads and responsibilities.
  • Customer service-oriented.
  • Ability to work in a flexible environment where requirements and procedures continuously evolve.
  • Ability to multi-task and manage time effectively.

ABOUT THE DEPARTMENT

Do you enjoy the challenge of defending an enterprise from security breaches? Come put your skills to work at an organization trusted to protect client, patient and company data amid the ever-changing landscape of information security threats and risks. Our cyber defenders are challenged and trusted with maintaining our secure infrastructure day in and day out, while delivering an enterprise computing environment that is resilient to breaches and disruptions. If you’re as passionate about data security as we are and want to be at the center of our noble mission to make healthcare safer and more affordable, explore our opportunities.

ABOUT EXPRESS SCRIPTS

Advance your career with the company that makes it easier for people to choose better health.

Express Scripts is a leading healthcare company serving tens of millions of consumers. We are looking for individuals who are passionate, creative and committed to creating systems and service solutions that promote better health outcomes. Join the company that Fortune magazine ranked as one of the "Most Admired Companies" in the pharmacy category. Then, use your intelligence, creativity, integrity and hard work to help us enhance our products and services. We offer a highly competitive base salary and a comprehensive benefits program, including medical, prescription drug, dental, vision, 401(k) with company match, life insurance, paid time off, tuition assistance and an employee stock purchase plan.

Express Scripts is an equal opportunity employer/disability/veteran