Powering the world’s payments ecosystem ACI powers the payments ecosystem – globally, and you power ACI. You’ll innovate, collaborate, and grow – in an energetic technology culture with decades of proven success. ACIers – in all roles and levels – are truly your colleagues and many are your friends. Our size and reach allow you to see the global impact of your work. You are visible, your talents are valued, and you are empowered to shape the future of payments. Job Summary: Protects the confidentiality and availability of software, systems and information owned, controlled, used and managed by the company.Responsible for performing penetration testing and vulnerability assessments within a team environment. Conducts formal tests on web-based and traditional applications, networks/infrastructure, mobile, source code reviews, threat analysis, wireless network assessments and other technology.Performs the daily operation of the team including vulnerability identification, risk assessments, vulnerability remediation, and validation testing. Will provide actionable recommendations and guidance for the business based on the assessment findings. Job Responsibilities: - Performs internal penetration testing and external red teaming of networks, systems, and applications within agreed scope and rules of engagement. - Runs Web application vulnerability software to detect security issues in web applications. - Analyzes output of web application test scans to determine valid security issues. - Conducts regular meetings with business unit stakeholders to assess remediation efforts from the findings of the pentest. - Gathers security related information across multiple electronic, computer and development environments.Identifies, summarizes, reviews, and reports potential/actual actions that may jeopardize information security environments. - Participates in information security audits to proactively minimize and eliminate information security vulnerabilities. - Uses penetration testing methodologies to validate the remediation of vulnerabilities and misconfiguration issues. - Reviews Application Code reports on vulnerabilities. - Performs extensive internal network reconnaissance with the correlation of data from SIEM, scanning applications, network monitoring devices, host applications, etc. - Performs Web application testing focused on http/https vulnerabilities, TLS, application level like XSS, SQL, cross site scripting. - Perform other duties as assigned - Understand and adhere to all corporate policies to include but not limited to the ACI Code of Business Conduct and Ethics. - Understands and complies with Risk Management program requirements including identification of risks, key controls, and control testing as applicable to their responsibilities. Knowledge, Skills and Experience required for the job: - Bachelor's degree in computer science, MIS, or related field or equivalent experience. - 1-3 years’ experience in information security in various security disciplines. - Certifications: OSCP, CRTO, CRTP, OSEP, GXPN, or similar certifications are a plus. - Solid understanding of OWASP and other software security best practices. - Strong technical ability in both manual and automated approaches to penetration testing. - Knowledge of threat modeling methodologies. - Knowledge of social engineering techniques and methodologies. - Detailed knowledge and experience with exploiting vulnerabilities in a corporate (enterprise) environment. - Experience with assessment tools, such as scanners, administrative utilities, local proxies, debuggers, fuzzers, etc. - Excellent problem solving, planning and interpersonal skills. - Ability to interpret internal and external business challenges and recommend best practices. - Skilled experience with major operating systems, such as Windows, UNIX, Linux OS including administration and security. - Intermediate experience with multiple penetration tools, such as: Burp, OWASP ZAP, NMAP, OpenVAS, OpenSSL, Cobalt Strike, SQLmap, Pupy, Mimikatz, Metasploit, etc. - Intermediate experience with programming languages, shell scripting to automate tasks, such as C++, Perl, and Python or Ruby. - Knowledge of attack method types and their usage in targeted attacks, such as malware, vulnerabilities, application vulnerabilities, lateral movement, etc. - Experience creating reports with detailed penetration test findings, descriptions, reproduction steps, and mitigation recommendations. - Experience in reconnaissance (network & system), weaponization, exploitation, and lateral movement (post exploitation activities), Wi-Fi, malware, packet analysis, reverse engineering. - Ability to prioritize and re-prioritize tasks in a rapidly changing environment. - Strong written and verbal communication skills and a solid understanding of IT Security concepts to include security operations. - Knowledge of network protocols, data flows and vulnerabilities. - Knowledge of PCI and other industry compliance standards. Work Environment: - Standard work environment - Travel required, may be domestic or international Applicants must be currently authorized to work in the United States on a full-time basis. This position does not offer sponsorship for employment visa status or work permit now or in the future. In return for your expertise, we offer opportunities for growth, career development, and a competitive compensation and benefits package—all within an innovative and collaborative work environment. Are you ready to help us transform the payments ecosystem? To learn more about ACI Worldwide, visit our web site at ID (Requisition #19001) ACI Worldwide is an AA/EEO employer in the United States, which includes providing equal opportunity for protected veterans and individuals with disabilities, and an EEO employer globally. Important Notice About Recruitment Scams Job seekers should be aware of ongoing recruitment scams where individuals or organizations impersonate legitimate companies to offer fake job opportunities. These scams often involve requests for personal information, payments, or interviews through unofficial channels. Please be cautious and verify any communications claiming to be from our company ( / @aciworldwide.com). The ACI Worldwide recruitment team will always follow official channels and will never request payment.