INFORMATION SECURITY ANALYST SR - PENETRATION TESTING Job Listing at Dollar General in Goodlettsville, TN (Job ID 2025-347477)

Description

Company Overview:

Responsible for conducting offensive information security operations in order to emulate adversary tactics and procedures to test preventative, detective and response controls across the organization.  This includes applying an appropriate security risk rating based on compensating controls and other identified factors from conducted operations - while influencing stakeholders on security best practices to drive technology and risk decisions and collectively work as a part of a team to create consistent approaches to offensive security processes and techniques.

Duties & Responsibilities:

• Conduct highly complex offensive security testing operations consistent with known adversary tactics, techniques, and procedures and contribute to the development of risk remediation objectives and approaches
• Document security issues and impacts identified through offensive operations in a clear and concise, audience-appropriate manner to facilitate effective reporting to impacted stakeholders.
• Provide guidance and recommendations to stakeholders responsible for security remediation actions to enable closer of identified gaps, and conduct timely remediation validation testing.

Knowledge, Skills and Abilities (KSAs): 

• Very strong, effective written, oral and interpersonal communication skills. Able to communicate technical and non-technical issues across multiple levels. Able to build effective relationships and spheres of influence to negotiate effective and timely risk remediation actions
• Strong experience in security hardening best practices (e.g. active directory, applications, network infrastructure, operating systems, etc.)
• Strong understanding of offensive security, with the ability to think like an adversary to identify and exploit security gaps/vulnerabilities on applications, endpoint devices, networks, and cloud environments.
• Strong investigative mindset with an attention to detail
• Experience coordinating and conducting penetration testing against third party solutions.
• Experience conducting purple teaming events to mature offensive and defensive operations.
• Able to maintain ongoing awareness of emerging threats, trends, and techniques used by threat actors in an evolving risk climate.
• Ability to learn and retain new skills to adapt to evolving business, technical, risk, and security needs.
• Ability to work occasionally during non-standard shifts, in an on-call capacity, and able to travel as needed (up to 5%).

Work Experience &/or Education:

• College degree in information security or related field or equivalent experience with 5+ years of recent information security experience and a minimum of 3+ years current/recent penetration testing experience required.
• Active CEH, GPEN, GWAPT certification preferred.
• 5-7 years hands-on penetration testing experience using a variety of automated and manual testing methods, commercial and non-commercial tools, best-practice frameworks (e.g., MITRE ATT&CK Framework), etc.
• 3-5 years in conducting effective simulated phishing awareness campaigns, tests, and remediation training.
• 1-3 years of experience with host operating systems, networking principles, web application firewalls, and associated security controls; network/system vulnerability scanning tools; security information and event management (SIEM); privileged user management (PUM).