Sr. Cyber Security Penetration Tester

Full Time
Pleasanton, CA
Areas of Interest: Vulnerability Assessment and Management
report a problem

Health is our business. And our mission.
We believe in our power to make a difference. 
We’re looking for big ideas—ideas that can embrace multiple petabytes of vital information. That’s how much data we manage and store at Kaiser Permanente. We’re home to some other big ideas, like creating KP HealthConnect®, the nation’s largest electronic medical record system, using social media and text messaging to help members engage in their own care, and developing predictive modeling tools that anticipate health issues before they’re an issue.  
This role provides recommendations to management and business stakeholders on how to integrate requirements with current systems and business processes across regions or domains. This includes supporting the evolution of applications, systems, and/or processes to a desired future state and documenting comprehensive business cases to assess the costs, benefits, ROI, and Total Cost of Ownership (TCO) of proposed solutions.
Essential Responsibilities:
  • Completes work assignments and supports business-specific projects by applying expertise in subject area; supporting the development of work plans to meet business priorities and deadlines; ensuring team follows all procedures and policies; coordinating and assigning resources to accomplish priorities and deadlines; collaborating cross-functionally to make effective business decisions; solving complex problems; escalating high priority issues or risks, as appropriate; and recognizing and capitalizing on improvement opportunities.
  • Practices self-development and promotes learning in others by proactively providing information, resources, advice, and expertise with coworkers and customers; building relationships with cross-functional stakeholders; influencing others through technical explanations and examples; adapting to competing demands and new responsibilities; listening and responding to, seeking, and addressing performance feedback; providing feedback to others and managers; creating and executing plans to capitalize on strengths and develop weaknesses; supporting team collaboration; and adapting to and learning from change, difficulties, and feedback.
  • Effectively communicates investigative findings to non-technical audiences.
  • Collaborates with technology risk teams and business stakeholders to respond to and remediate identified issues, and determine the best approach for improving security posture.
  • Provides recommendations to management and business stakeholders on how to remediate issues identified through security testing processes.
  • Identifies the impact of security test plans on upstream and downstream solution components.
  • Supports information sharing and integration procedures across cyber security through the exchange of threat intelligence and cyber security vulnerability assessment data.
  • Contributes to cyber security intellectual capital by making process or procedure improvements, conducting 'brown bag' training sessions, and creating new training documents.
  • Follows established processes to ensure KPI goals are obtained and performance metrics are tracked on an ongoing basis.
  • Recommends business line or business technology team security process improvements which align with sustainable best practices, and the strategic and tactical goals of the business.
  • Supports continuous process improvement by participating in the development, implementation, and maintenance of standardized security tools, templates, and processes across multiple business domains.
  • Performs complex security test data analysis in support of security vulnerability assessment processes, including root cause analysis.
  • Serves as an escalation point on issues, dependencies, and risks related to security testing.
  • Executes the vulnerability assessment and penetration testing plan, methodologies, and standard processes for moderately to highly complex technology initiatives across multiple IT domains by analyzing business and technology requirements.
  • Researches and stays abreast of industry trends, emerging threats, best practices, and cutting edge techniques to creatively discover and exploit vulnerabilities, and recommend security solutions for technology systems.
  • Provides insight and consultation on the development of testing scope and approach, and collaborates with cross-functional IT and business stakeholders to review the overall testing approach.
  • Validates security test scenarios across various SDLC phases (e.g., development, reproduction, production) for low- to moderately-complex projects.
  • Generates scheduled reports (e.g., status updates, risk assessment reports, remediation reports) and provides regular security metrics to IT teams and management as appropriate.
Minimum Qualifications:
  • Bachelor's degree in Business Administration, Computer Science, Social Science, Mathematics, or related field and Minimum six (6) years experience in IT or a related field, including Minimum two (2) years in information security, network engineering, or application development. Additional equivalent work experience may be substituted for the degree requirement.

Preferred Qualifications:
  • Two (2) years experience performing vulnerability assessments of IT technologies.
  • Two (2) years experience in Windows/Intel administration or Microsoft Certified Systems Administrator (MCSA).
  • Two (2) years experience in UNIX/Linux administration.
  • Two (2) years experience in security penetration testing or related security research.


Primary Location: California-Pleasanton-Pleasanton Tech Cntr Building E 5820 Owens Dr. 

Alternative Work Locations: Georgia-Atlanta-Pershing Point Plaza IT 1375 Peachtree St. NE, Oregon-Hillsboro-Amberglen KPIT Administration 2430 NW 206th Ave., Colorado-Greenwood Village-Greenwood Plaza IT 6560 Greenwood Plaza Blvd., Maryland-Silver Spring-Technical Services Center 2221 Broadbirch Dr., California-Pasadena-West Annex - Parsons 74 N. Pasadena Ave., California-Oakland-2101 Webster 2101 Webster St. Scheduled Hours (1-40): 40 Shift: Day Working Days: M-F Working Hours Start: 8AM Working Hours End: 5PM 

Schedule: Full-time 
Job Type: Standard 
Employee Status: Regular Employee Group (Union Affiliation): Salaried, Non-Union, Exempt 
Job Level: Individual Contributor 
Job: IS Consulting Public Department Name: Technology Risk Office
Travel: Yes, 10 % of the Time Job Eligible for Benefits: Yes 

External hires must pass a background check/drug screen. Qualified applicants with arrest and/or conviction records will be considered for employment in a manner consistent with Federal, state and local laws, including but not limited to the San Francisco Fair Chance Ordinance. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, protected veteran, or disability status.

Share this job:

Kaiser Permanente

Kaiser Permanente is committed to helping shape the future of health care. We are recognized as one of America's leading health care providers and not-for-profit health plans.

Founded in 1945, our mission is to provide high-quality, affordable health care services and to improve the health of our members and the communities we serve. We serve 10.6 million members in eight states and the District of Columbia. Care for members and patients is focused on their total health and guided by their personal physicians, specialists and team of caregivers. Our expert and caring medical teams are empowered and supported by industry-leading technology advances and tools for health promotion, disease prevention, state-of-the art care delivery and world-class chronic disease management.

Kaiser Permanente is dedicated to care innovations, clinical research, health education and the support of community health.
Visit Kaiser Permanente's Social Media pages:
Company Industry: Hospital & Health Care
Company Type: Non Profit
Company Size: 10,001+