Senior Penetration Testing Engineer
DigiCert
Who we are
DigiCert is a global leader in intelligent trust. We protect the digital world by ensuring the security, privacy, and authenticity of every interaction. Our AI-powered DigiCert ONE platform unifies PKI, DNS, and certificate lifecycle management, to secure infrastructure, software, devices, messages, AI content and agents. Learn why more than 100,000 organizations, including 90% of the Fortune 500, choose DigiCert to stop today’s threats and prepare for a quantum-safe future at www.digicert.com
Job summary
We're looking for a Senior Penetration Testing Engineer to conduct comprehensive security assessments and support our digital trust initiatives. You'll perform hands-on penetration testing across our applications, infrastructure, and services while contributing to our organization's security posture and customer trust commitments.
What you will do
- Help establish and mature our penetration testing program, methodologies, and standard operating procedures
- Build relationships with stakeholders across product, engineering, and compliance teams
- Create detailed testing reports and security recommendations
- Support risk assessment activities and security control validation
- Conduct comprehensive penetration tests against web applications, APIs, and mobile applications
- Perform network penetration testing and infrastructure security assessments
- Execute social engineering assessments and physical security evaluations
- Test cloud environments and containerized applications for security vulnerabilities
- Conduct red team exercises and adversarial simulations
- Perform threat modeling and attack surface analysis for critical systems
- Support digital trust initiatives and regulatory compliance requirements through security validation testing
- Contribute to security certifications, audit processes, and customer trust commitments
- Assess third-party integrations and vendor security postures
What you will have
- 5+ years in penetration testing, ethical hacking, or offensive security
- Previous experience with standing up a penetration testing program
- Strong knowledge of web application security testing (OWASP methodology)
- Experience with network penetration testing tools and techniques
- Proficiency with testing frameworks (Metasploit, Burp Suite, Nmap, etc.)
- Understanding of cloud security across AWS, Azure, or GCP platforms
- Knowledge of compliance frameworks (SOC 2, PCI DSS, ISO 27001)
Nice to have
- Security certifications (OSCP, CISSP, CEH, GPEN, GWEB)
- Background in digital trust, privacy, or regulatory compliance
- Red team or adversarial simulation experience
- Scripting and automation skills (Python, PowerShell, Bash)
Benefits
- Generous time off policies
- Top shelf benefits
- Education, wellness and lifestyle support
#LI-SS1