Partner with product and technology stakeholders to drive end‑to‑end penetration testing activities, including collaboration with Security Architects throughout the SDLC to identify and address security issues prior to production deployment
Perform security assessments of internal and external networks, infrastructure, cloud environments, and a wide range of internally developed and commercial products
Apply creative and analytical thinking to bypass security controls, identify vulnerabilities, and develop practical remediation guidance; stay informed on evolving tactics, techniques, and procedures (TTPs), zero‑day vulnerabilities, and mitigation strategies
Develop or modify custom tools and scripts to support new penetration testing needs, automation, and AI‑assisted testing approaches
Document and formally report testing scope, methodology, findings, risk ratings, remediation recommendations, and validation results in a clear and concise manner
Present testing results to technology and business partners, clearly communicating risk, impact, and remediation guidance in an accessible and collaborative way
Lead execution of assigned penetration testing initiatives, including status communication to leadership and coordination with stakeholders
Oversee communication, tracking, and retesting of findings to validate successful closure of previously identified issues
Assist with validation and triage of submissions from the company's Vulnerability Disclosure Program and Bug Bounty programs
What are we looking for?
Requirements
8+ years of experience conducting application, API, and network‑based penetration testing engagements
6+ years of experience troubleshooting tools, manually identifying vulnerabilities in code, and rewriting code to remediate security issues
3+ years of experience leading penetration testing engagements from scoping through reporting and remediation validation
1+ year of experience testing AI, LLM, or Generative AI‑enabled applications
Preferences
Bachelor's degree or equivalent experience in Information Security, Engineering, Computer Science, or a related field
Advanced understanding of OWASP frameworks, MITRE ATT&CK and ATLAS, and secure software development lifecycle (SDLC) practices
At least one industry‑recognized certification, such as OSCP, OSCE, OSWE, GPEN, GCIH, GWAPT, or GXPN
Advanced proficiency in one or more programming or scripting languages,
Additional Information
Where Ambition Meets Innovation
Build a career that matches all your initiative with an impressive dose of innovation. From cutting-edge resources and a collaborative environment to the freedom to make an impact and more, you'll find the ingredients you need at LPL Financial to shape your success while helping clients pursue their financial goals.
At LPL Financial, protecting our clients, advisors, and employees is foundational to everything we do. Offensive Security is a top area of investment within Information Security, and this role offers the opportunity to directly influence the security posture of a large, complex enterprise. If you enjoy hands‑on technical work, collaborating across teams, and creatively testing the limits of modern systems, this is an exciting opportunity to help evolve LPL's offensive security capabilities.
Job Overview
As a member of the Cyber Security team, the Senior Penetration Tester, Offensive Security, is responsible for the scheduling, scoping, and execution of internal penetration testing, with a primary focus on web, mobile, cloud, API, and AI‑enabled applications.
This individual contributor role performs advanced manual penetration testing to validate the security of company resources. The position serves as the primary point of contact for assigned testing initiatives and partners closely with stakeholders across the organization to identify security weaknesses, recommend mitigation strategies, and validate remediation efforts across LPL applications and platforms.
Lplfinancial · Fort Mill