Staff Penetration Tester

Every career journey is personal. That's why we empower you with the tools and support to create your own success story. Be challenged. Be heard. Be valued. Be you ... be here. Job Summary This hybrid role leads complex penetration testing and offensive security operations across enterprise infrastructure, applications, and cloud platforms. Reporting to the Sr. Manager of Information Security, the Penetration Tester applies advanced threat modeling, exploitation techniques and tool expertise to uncover systemic weaknesses and evaluate organizational resilience. The role provides strategic guidance to technical and business stakeholders, drives remediation effectiveness, and contributes to red team simulations that test detection and response maturity. Success requires deep technical expertise, independent decision-making, and the ability to communicate complex attack paths and risks clearly across teams to strengthen Bread Financial's security posture. Essential Job Functions • Lead complex penetration tests on enterprise infrastructure, applications, and networks. This includes identifying vulnerabilities, exploiting weaknesses, and validating security controls. Assessments should mimic real-world attack scenarios to uncover gaps before adversaries do. - (15%) • Oversee manual and automated security testing of web apps and APIs, identifying flaws such as SQL injection, XSS, CSRF, SSRF, and authentication bypass. Validate results against OWASP standards and guide teams in addressing critical application risks. - (15%) • Simulate Active Directory Attacks: Conduct advanced AD exploitation techniques such including Kerberoasting, Pass-the-Hash, and Golden Ticket attacks to evaluate identity and access management controls. Use tools such as BloodHound for privilege escalation mapping. - (15%) • Design and execute red team operations simulating APT-level tactics. Use stealth, evasion, and lateral movement to assess detection and response maturity, providing actionable insights to enhance defensive capabilities and incident readiness. - (10%) • Conduct Threat Modeling: Analyze attacker tactics, techniques, and procedures (TTPs) to anticipate potential attack paths. Apply this mindset to strengthen defenses, guide improvements and inform security architecture decisions. - (10%) • Stay Current with Emerging Threats: Continuously research new vulnerabilities, attack techniques, and security technologies. Participate in training, certifications, and industry forums to maintain cutting-edge expertise. - (10%) • Produce detailed penetration testing reports with proof-of-exploit, risk ratings, and remediation guidance. Document findings with risk ratings, impact analysis, and remediation steps. Deliver reports and briefings tailored for both technical and non-technical stakeholders to ensure clarity and alignment. - (10%) • Partner with blue teams, developers, architects, and leadership to drive remediation and uplift security posture. Provide expert guidance on exploitation risks and promote a collaborative, resilient security culture across the organization. - (5%) • Create scripts and tools in Python, PowerShell, and Bash to automate reconnaissance, exploitation, and reporting tasks. Enhance capabilities to support evolving offensive strategies and testing requirements to meet organizational needs. - (5%) • Identify, prioritize, and validate vulnerabilities across systems, applications, and cloud environments. Provide actionable remediation guidance aligned with industry standards such as NIST and MITRE ATT&CK. - (5%) Minimum Qualifications • Bachelor’s degree in information technology or information security or related field of study. • At Least one (1) of the following: GPEN, GCPN, GWAPT, ECSA, OSCP, LPT Master, GRTP, or CRTE • 8+ years of experience in Information Security. Preferred Qualifications • Master’s Degree in Information Security or related field of study or equivalent, relevant work experience • A skill-focused professional with a hacker mindset (ethical and responsible) . • Someone who thrives on problem-solving and enjoys uncovering hidden vulnerabilities. • A great communicator who can bridge technical insights with business needs. Skills • Reconnaissance • Data Exploitation • Web Application Testing • Active Directory (AD) • Scripting • Automation • Report Writing • Red Teaming Reports To: Senior Manager and above Direct Reports: 0 Work Environment • Normal office environment, hybrid. Physical and Mental Requirements To perform this job successfully, an individual must be able to perform each essential job function satisfactorily and meet the physical, mental and work environment requirements. Reasonable accommodations may be made to enable qualified individuals with disabilities to perform essential job functions, absent undue hardship. • Communicate/Hearing • Communicate/Talking • Stationary Position/Seated • Typing/Writing • Focus and complete tasks in situations that have a speed or productivity metric • Maintain focus in high pressure or fast-paced work environment Other Duties This job description is illustrative of the types of duties typically performed by this job. It is not intended to be an exhaustive listing of each and every essential function of the job. Because job content may change from time to time, the Company reserves the right to add and/or delete essential functions from this job at any time. About Bread Financial® At Bread Financial, you’ll have the opportunity to grow your career, give back to your community, and be part of our award-winning culture. We’ve been consistently recognized as a best place to work nationally and in many markets and we’re proud to promote an environment where you feel appreciated, accepted, valued, and fulfilled—both personally and professionally. Bread Financial supports the overall wellness of our associates with a diverse suite of benefits and offers boundless opportunities for career development and non-traditional career progression. Bread Financial® (NYSE: BFH) is a tech-forward financial services company that provides simple, personalized payment, lending and saving solutions to millions of U.S. consumers. Our payment solutions, including Bread Financial general purpose credit cards and savings products, empower our customers and their passions for a better life. Additionally, we deliver growth for some of the most recognized brands in travel & entertainment, health & beauty, jewelry and specialty apparel through our private label and co-brand credit cards and pay-over-time products providing choice and value to our shared customers. Bread Financial proudly marks 30 years of success in 2026. To learn more about our global associates, our performance and our sustainability progress, visit breadfinancial.com or follow us on Instagram and LinkedIn. • All job offers are contingent upon successful completion of credit and background checks. • Bread Financial is an Equal Opportunity Employer. Job Family: Information Technology Job Type: Regular