[Remote] Senior Cyber Penetration Tester & Engineer

Note: The job is a remote job and is open to candidates in USA. UNFI is looking for an experienced technical Cybersecurity Penetration Tester and Engineer Senior to help us create a resilient food supply chain. The role involves performing threat emulations and identifying cybersecurity issues within the UNFI environment through technical penetration testing across various technologies and systems. Responsibilities • Perform technical penetration testing of APIs, web applications, networks, cloud services, databases, directory services, and infrastructure. – 75% • Strategic attack simulation by analyzing UNFI’s internal and external attack surface and crafting bespoke penetration strategies. – 10% • Writing comprehensive reports outlining identified vulnerabilities, potential exploitation paths. Provide remediation guidance and recommendations from the assessments and support any security questions from network, system, and/or application owners. – 10% • Assess UNFI’s software development and cloud infrastructure from a security perspective and help drive internal security standards. – 5% Skills • At least 1 industry leading or senior level cybersecurity penetration certification, for example: Offensive Security Certified Professional (OSCP), GIAC Penetration Tester Certification (GPEN), GIAC Web Application Penetration Tester (GWATP), GIAC Cloud Penetration Tester (GCPN) or EC-Council Licensed Penetration Tester (LPT) Master • Active GitHub repository account with examples of security tools, scripts, exploits developed OR evidence of past and current artifacts • 8+ years of hands-on cybersecurity experience within IT environments • 5+ years of experience performing penetration testing and vulnerability assessments • Advanced penetration testing skills across both tools and scripting abilities • Expertise with the following tools: various C2s, Burp Suite, Nmap, Wireshark, Bloodhound • Expertise with cybersecurity scripting in Python, PowerShell, or Go to manipulate vulnerabilities and demonstrate potential exploits • Ability to employ OSINT techniques to maximize attack vectors, simulating real-world cyber threats • Skills in developing implants and evading common security tools • Ability to critically examine an organization and system using knowledge of tactics, techniques, and procedures associated with malicious insider activity, organized crime groups, and both state and non-state sponsored threat actors • Knowledge of web application and cloud infrastructure best practices and understanding of how to exploit misconfigurations and vulnerabilities • Knowledge of network access, identity and access management, including public key infrastructure and understanding of how to exploit misconfigurations and vulnerabilities • Experience creating rules of engagement, test plans, scripts to aid testing efforts, and technical assessment reports that detail findings and remediation efforts • Ability to translate technical findings into actionable insights • Ability to mentor junior staff and transfer technical knowledge as well as contribute to the team's knowledge sharing Benefits • Paid Time Off • Sick Time • Paid holidays and parental leave • 401K Program • Medical, dental, vision, life, and accidental death/dismemberment insurance • Short-term and long-term disability insurance program • Flexible Spending Account and/or Health Savings Account Company Overview • UNFI is North America’s Premier Food Wholesaler. It was founded in 1978, and is headquartered in Providence, Rhode Island, USA, with a workforce of 10001+ employees. Its website is Company H1B Sponsorship • UNFI has a track record of offering H1B sponsorships, with 2 in 2025, 2 in 2024, 4 in 2023, 4 in 2022. Please note that this does not guarantee sponsorship for this specific role. Apply tot his job