University of California
Penetration Tester
University of California, San Francisco, California, 94199
Penetration Tester PPH-Domestic-Core-IZ Full Time 82263BR Job Summary We are seeking an experienced Penetration Tester specializing in web application testing. The incumbent will be responsible for conducting comprehensive assessments of our web applications to identify vulnerabilities and improve security. This position supports the California Immunization System and involves work implementing and maintaining measures to safeguard the system from unauthorized access, data breaches, and cyber threats. This position will: Conduct penetration testing on web applications to identify vulnerabilities that could be exploited by adversaries. Perform white-box, gray-box, and black-box testing of enterprise applications and assets, and provide actionable reports to technical teams and stakeholders. Collaborate with the Information Security Office (ISO) and system owners to define the rules of engagement (ROE) for penetration testing in production environments. Conduct pretest analysis based on full knowledge of the target system and pretest identification of potential vulnerabilities based on pretest analysis. Test to determine the exploitability of identified vulnerabilities. Document the results of the penetration testing, including what vulnerabilities were detected and exploited and how to remediate them. Conduct follow-up penetration testing to confirm that vulnerabilities found in the original test were remediated successfully The position will be working with the Information Security Engineering and System Engineering Domains. The final salary and offer components are subject to additional approvals based on UC policy. Your placement within the salary range is dependent on a number of factors including your work experience and internal equity within this position classification at UCSF. For positions that are represented by a labor union, placement within the salary range will be guided by the rules in the collective bargaining agreement. The salary range for this position is $103,800 - $156,000 (Annual Rate). To learn more about the benefits of working at UCSF, including total compensation, please visit: https://ucnet.universityofcalifornia.edu/compensation-and-benefits/index.html Department Description UCSF Institute for Global Health Sciences (IGHS) is dedicated to improving health and reducing the burden of disease in the world's most vulnerable populations. It integrates UCSF expertise in all of the health, social, and biological sciences, and focuses that expertise on pressing issues in global health. IGHS works with partners in countries throughout the world to achieve these aims. IGHS seeks to improve health worldwide, especially in developing countries, through research that informs policy. IGHS is committed to ensuring a diverse, equitable and inclusive work environment as we work towards becoming an anti-racist organization. We strongly encourage applicants from diverse backgrounds. Please see our statement on anti-racism here: https://globalhealthsciences.ucsf.edu/about-us/diversity-equity-and-inclusion/statement-structural-racism . The California Department of Public Health is dedicated to optimizing the health and well-being of the people in California.Immunizations are one of public health's greatest achievements. Vaccines help prevent diseases and help keep Californians of all ages healthy. The Immunization program provides leadership and support to public and private sector efforts to protect the population against vaccine-preventable diseases. Required Qualifications Bachelor's degree in related area and / or equivalent experience / training Minimum 3 years experience in Penetration Testing Experience using IT security systems and tools. Knowledge of data encryption techniques. Demonstrable skills and experience that include technical expertise in network, operating system, and/or application-level security Knowledge of and experience with current adversarial tactics, techniques, procedures, and tools Familiarity with NIST SP800-53 Revision 5 and other relevant security and privacy controls Excellent communication skills to effectively report findings and recommendations Basic skill at reading and interpreting security logs Ability to follow department processes and procedures Interpersonal skills sufficient to work effectively with both technical and non-technical personnel at various levels in the organization Knowledge of other areas of IT, department processes and procedures Demonstrated skills applying security controls to computer software and hardware Knowledge of computer hardware, software and network security issues and approaches Preferred Qualifications GIAC Web Application Penetration Tester (GWAPT) GIAC Certified Penetration Tester (GPEN) PenTest Experience with Burp Suite and Metasploit Offensive Security Certified Professional (OSCP) Certified Expert Penetration Tester (CEPT) About UCSF The University of California, San Francisco (UCSF) is a leading university dedicated to promoting health worldwide through advanced biomedical research, graduate-level education in the life sciences and health professions, and excellence in patient care. It is the only campus in the 10-campus UC system dedicated exclusively to the health sciences. We bring together the world's leading experts in nearly every area of health. We are home to five Nobel laureates who have advanced the understanding of cancer, neurodegenerative diseases, aging and stem cells. Pride Values UCSF is a diverse community made of people with many skills and talents. We seek candidates whose work experience or community service has prepared them to contribute to our commitment to professionalism, respect, integrity, diversity and excellence - also known as our PRIDE values. In addition to our PRIDE values, UCSF is committed to equity - both in how we deliver care as well as our workforce. We are committed to building a broadly diverse community, nurturing a culture that is welcoming and supportive, and engaging diverse ideas for the provision of culturally competent education, discovery, and patient care. Additional information about UCSF is available at diversity.ucsf.edu Join us to find a rewarding career contributing to improving healthcare worldwide. Equal Employment Opportunity The University of California San Francisco is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran or disabled status, or genetic information. Organization Campus Job Code and Payroll Title 007338 IT SCRTY ANL 3 Job Category Clinical Systems / IT Professionals Bargaining Unit 99 - Policy-Covered (No Bargaining Unit) Employee Class Contract Percentage 100% Appointment End Date 30-Jun-2025 Location Richmond, CA Campus Various Work Sites Work Style Hybrid Shift Days Shift Length 8 Hours