Job Description
Note: The job is a remote job and is open to candidates in USA. UNFI is looking for an experienced technical Cybersecurity Penetration Tester and Engineer Senior to help us create a resilient food supply chain. The role involves performing threat emulations and identifying cybersecurity issues within the UNFI environment through technical penetration testing across various technologies and systems. Responsibilities β’ Perform technical penetration testing of APIs, web applications, networks, cloud services, databases, directory services, and infrastructure. β 75% β’ Strategic attack simulation by analyzing UNFIβs internal and external attack surface and crafting bespoke penetration strategies. β 10% β’ Writing comprehensive reports outlining identified vulnerabilities, potential exploitation paths. Provide remediation guidance and recommendations from the assessments and support any security questions from network, system, and/or application owners. β 10% β’ Assess UNFIβs software development and cloud infrastructure from a security perspective and help drive internal security standards. β 5% Skills β’ At least 1 industry leading or senior level cybersecurity penetration certification, for example: Offensive Security Certified Professional (OSCP), GIAC Penetration Tester Certification (GPEN), GIAC Web Application Penetration Tester (GWATP), GIAC Cloud Penetration Tester (GCPN) or EC-Council Licensed Penetration Tester (LPT) Master β’ Active GitHub repository account with examples of security tools, scripts, exploits developed OR evidence of past and current artifacts β’ 8+ years of hands-on cybersecurity experience within IT environments β’ 5+ years of experience performing penetration testing and vulnerability assessments β’ Advanced penetration testing skills across both tools and scripting abilities β’ Expertise with the following tools: various C2s, Burp Suite, Nmap, Wireshark, Bloodhound β’ Expertise with cybersecurity scripting in Python, PowerShell, or Go to manipulate vulnerabilities and demonstrate potential exploits β’ Ability to employ OSINT techniques to maximize attack vectors, simulating real-world cyber threats β’ Skills in developing implants and evading common security tools β’ Ability to critically examine an organization and system using knowledge of tactics, techniques, and procedures associated with malicious insider activity, organized crime groups, and both state and non-state sponsored threat actors β’ Knowledge of web application and cloud infrastructure best practices and understanding of how to exploit misconfigurations and vulnerabilities β’ Knowledge of network access, identity and access management, including public key infrastructure and understanding of how to exploit misconfigurations and vulnerabilities β’ Experience creating rules of engagement, test plans, scripts to aid testing efforts, and technical assessment reports that detail findings and remediation efforts β’ Ability to translate technical findings into actionable insights β’ Ability to mentor junior staff and transfer technical knowledge as well as contribute to the team's knowledge sharing Benefits β’ Paid Time Off β’ Sick Time β’ Paid holidays and parental leave β’ 401K Program β’ Medical, dental, vision, life, and accidental death/dismemberment insurance β’ Short-term and long-term disability insurance program β’ Flexible Spending Account and/or Health Savings Account Company Overview β’ UNFI is North Americaβs Premier Food Wholesaler. It was founded in 1978, and is headquartered in Providence, Rhode Island, USA, with a workforce of 10001+ employees. Its website is Company H1B Sponsorship β’ UNFI has a track record of offering H1B sponsorships, with 2 in 2025, 2 in 2024, 4 in 2023, 4 in 2022. Please note that this does not guarantee sponsorship for this specific role. Apply tot his job