Penetration Testing Engineer- VP in London

We are seeking a Senior Penetration Testing Engineer to join State Street’s Penetration Testing Team, reporting to the Penetration Testing Team Manager. This role sits within the Threat Intelligence and Assurance organization and is a deeply technical engineering position with strong hands‑on expectations.

As a subject‑matter expert in application penetration testing, you will execute detailed assessments, contribute to the design and oversight of network penetration testing with third‑party providers, and build rigorous, repeatable testing approaches that evaluate security controls and real‑world exploitability across complex systems. You will operate in a highly regulated banking environment, ensuring testing outputs are technically sound, evidence‑based, and aligned to risk and audit expectations. Collaboration with engineering and infrastructure teams will be essential to analyze root causes, validate fixes, and drive improvements in secure system design and implementation.

What You Will Be Responsible For

• Design and manage third‑party network penetration tests, including scoping, vendor selection, rules of engagement, quality assurance, and validation of results.
• Lead end‑to‑end application penetration testing across internal and third‑party providers (web, API), including scoping, execution, exploitation, and retesting.
• Perform advanced testing across authentication/authorization, business logic, injection, API abuse, crypto misuse, and access control weaknesses.
• Establish and enforce testing standards for both internal teams and external vendors to ensure consistency, depth, and regulatory defensibility.
• Deliver high‑quality, regulator‑ready reporting with clear exploitability, risk context, and actionable remediation guidance.
• Lead the use of AI/LLM‑enabled testing techniques and conduct assurance testing of enterprise AI/LLM deployments (e.g., prompt injection, model abuse, data exposure risks).
• Partner with engineering and infrastructure teams to validate remediation, reduce recurrence, and strengthen secure development and deployment practices.

What We Value

• Technical depth with ownership, balancing hands‑on expertise with accountability for end‑to‑end outcomes across internal and external testing.
• Strong judgment and vendor oversight, ensuring third‑party testing meets enterprise standards and delivers meaningful assurance.
• Practical, risk‑focused mindset, prioritising real‑world exploitability and business impact.
• Clear, concise communication, producing executive‑ready outputs and actionable technical guidance.
• Collaboration and partnership, working closely with engineering, infrastructure, and risk stakeholders.
• Innovation and adaptability, particularly in applying AI/LLM techniques to offensive security challenges.
• Continuous improvement, enhancing methodologies, playbooks, and testing consistency across internal and third‑party efforts.

Education & Preferred Qualifications

• 5+ years in penetration testing with strong experience across both application and network testing in high‑security/highly regulated environments.
• Experience managing third‑party penetration testing vendors, including quality validation and outcome assurance.
• Deep expertise in application penetration testing (web, APIs, mobile) and solid understanding of enterprise network attack paths.
• Strong knowledge of modern architectures (cloud‑native, microservices, identity platforms, CI/CD pipelines).
• Ability to translate technical findings into actionable, risk‑based remediation guidance and influence stakeholders.
• Nice to have: experience using AI/LLM tools to perform network and application penetration testing and configuration/security reviews.
• Education/Certifications (desired, not mandatory): BS/MS in relevant field; OSCP/OSEP/OSWE, GPEN/GXPN, GWAPT, PNPT, GCPN, or similar.

Additional Requirements

• Hybrid schedule based on location.

Salary Range

$120,000 – $202,500 Annual (range applies to the primary specified location; other locations may differ).

Benefits

Employees are eligible to participate in State Street’s comprehensive benefits program, which includes retirement savings plan (401K) with company match; insurance coverage including basic life, medical, dental, vision, long‑term disability, and other optional additional coverages; paid‑time off including vacation, sick leave, short‑term disability, and family care responsibilities; access to our Employee Assistance Program; incentive compensation including eligibility for annual performance‑based awards; and, eligibility for certain tax‑advantaged savings plans.

Equal Opportunity Employer

As an Equal Opportunity Employer, we consider all qualified applicants for all positions without regard to race, creed, color, religion, national origin, ancestry, ethnicity, age, disability, genetic information, sex, sexual orientation, gender identity or expression, citizenship, marital status, domestic partnership or civil union status, familial status, military and veteran status, and other characteristics protected by applicable law.

Job Application Disclosure

It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.