About us:
Target is an iconic brand, a Fortune 50 company and one of America’s leading retailers.
Target as a tech company? Absolutely. We’re the behind-the-scenes powerhouse that fuels Target’s passion and commitment to cutting-edge innovation. We anchor every facet of one of the world’s best-loved retailers with a strong technology framework that relies on the latest tools and technologies - and the brightest people - to deliver incredible value to guests online and in stores. Target Technology Services is on a mission to offer the systems, tools and support that guests and team members need and deserve. Our high-performing teams balance independence with collaboration, and we pride ourselves on being versatile, agile and creative. We drive industry-leading technologies in support of every angle of the business, and help ensure that Target operates smoothly, securely and reliably from the inside out.
As a VAPT role on the Security Testing Services team, you help our team mission of protecting Target’s guests by leveraging deep context of our environment, strong partnerships, and relentless curiosity as we drive industry-leading pentesting and DAST at scale. Our team values are collaboration, respect, being highly adaptive, and purposeful with our work. Our team of in-house penetration testers are conducting a variety of tests but are mainly focused on large comprehensive evaluation of our key Target business functions and processes along with PCI required testing. You’ll be in direct contact with teams in a variety of business portfolios, giving you first-hand knowledge of how Target operates.
Use your skills, experience and talents to be a part of groundbreaking thinking and visionary goals. As a Sr. Engineer, you’ll take the lead as you:
- Perform penetration testing against our Target-developed applications, and our scoped PCI assets
- Manage the entire lifecycle of penetration testing from discovery, triage, testing, and validation of findings
- Identify and report security vulnerabilities in web applications, APIs, networks, and enterprise systems
- Provide clear, well-written assessments and findings with clearly defined business impact
- Consult with Target Tech and Security partner teams to explain findings, address security concerns, and provide guidance
- Support mentorship and knowledge sharing within the team
- Engage in threat model activities and provide domain expertise to best support identifying threats
- Provide technical oversight and coach others to resolve complex technical issues
- Own and manage the DAST program lifecycle across all in-scope applications
- Define and maintain DAST coverage strategy (web, APIs, authenticated scans)
- Ensure high scan success rates and meaningful coverage
- Continuously improve scan configurations, policies, and templates
- Triage and validate findings to reduce false positives
- Tune tools and rules to improve signal-to-noise ratio
- Establish standard severity classification and risk scoring
- Partner with vendors/tools teams for optimization
Core responsibilities of this job are described within this job description. Job duties may change at any time due to business needs.
About you:
- 4-year degree or equivalent experience
- 5+ years of penetration testing experience
- Demonstrates strong domain-specific knowledge regarding penetration testing and web application security testing
- Advanced knowledge of Burp Suite and other security tools (nmap, nuclei, etc)
- Ability to work independently and collaborate with teams effectively
- Strong time management and ability to meet deadlines
- Ability to prioritize impactful findings
- Experience working with Mac, Windows, and Linux
- Builds strong commitment within the team to support the appropriate team priorities
- Strong verbal and written communication skills - clearly communicates security concepts to leadership and partners within product team
- Demonstrates a solid understanding of the impact of own work on the team and/or guests
- Ability to automate and script tasks using preferred language (GoLang, Python, etc)
- Strong problem-solving and critical-thinking skills
- Passionate about mentorship and knowledge-sharing
- Stays current with new and evolving technologies via formal training and self-directed education