Rodeo
ResourcesPartnersSign in

State Street

Penetration Testing Engineer- VP

London
$120k – $202.5k/yr
Posted 15 days ago
Sign up to applySee more jobs like this

How your CV stacks up

1Upload CV
2Analyse CV
3Improve CV

Upload your CV to see how well it fits this job role

?%

Senior Penetration Testing Engineer State Street

About the Role

We are seeking a Senior Penetration Testing Engineer to join State Street’s Penetration Testing Team, reporting to the Penetration Testing Team Manager. This highly technical engineering position sits within the Threat Intelligence and Assurance organisation and demands a hands-on, subject-matter-expert mindset.

You will serve as a key expert in application penetration testing, designing and overseeing complex security assessments, both in-house and across third-party vendor partnerships. The focus is on establishing rigorous, repeatable testing methodologies—validating security controls, assessing real-world exploitability across mission-critical systems, and ensuring outputs meet high-risk financial audit standards.

Operating in State Street’s highly regulated banking environment, you will collaborate with engineering and infrastructure teams to root-cause vulnerabilities, enforce evidence-backed fixes, and elevate secure system design.

Responsibilities

As Senior Penetration Testing Engineer, your core scope includes:

  • Designing and managing third-party network penetration tests, covering:
    • Scoping and provider selection
    • Rules of engagement
    • Quality assurance and result validation
  • Leading end-to-end application penetration testing (including web, API and third-party provider engagements) with full lifecycle oversight:
    • Scoping → execution → exploitation → retesting
  • Conducting advanced technical testing across:
    • Authentication/authorisation flaws
    • Business logic vulnerabilities
    • Injection & data misabuse
    • API misconfigurations
    • Cryptographic misuse
    • Access control weaknesses
  • Codifying testing standards for all internal and external parties to ensure:
    • Cross-scope consistency
    • Depth of analysis
    • Regulatory defensibility
  • Producing regulator-ready reports with clear vulnerability linkages, exploitability context, and actionable remediation guidance.
  • Implementing AI/ML-enabled testing in penetration assessments, notably for AI-LLM deployments (testing for prompt injection, model abuse, and data exposure).
  • Partnering with engineering teams to:
    • Validate vulnerability remediation
    • Reduce recurrence risk
    • Strengthen secure design in CI/CD environments.

Reasons to use Rodeo

I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?

Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.

Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.

Start with a chat, not a search bar

Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.

P

Graduate Consultant — 2026 Scheme

PwC·London, UK
£35,000/yr

Why you're a good match

Strong

Your economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.

See breakdown
Save jobNot relevant
View details

It searches the market for you

Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.

Why you're a good match

You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.

See breakdown
Strong

Experience fit

Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.

See breakdown
Strong

Only hits

No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.


Key Qualities & Skills

The team values:

  • Technical depth & ownership: Balancing hands-on expertise with accountability for end-to-end assessment outcomes.
  • Judgement & vendor oversight: Ensuring external assessments meet centralised standards and deliver robust insights.
  • Risk-focused mindset: Prioritising real-world exploitability over theoretical findings, with acute business impact awareness.
  • Communicative clarity: Crafting executive-level reports alongside technical guidance tailored for local/remote teams.
  • Collaborative influence: Partnership with development, infrastructure, and risk stakeholders.
  • Innovation: Proactively adopting AI/ML techniques to enhance offensive security testing.
  • Continuous improvement: Expanding methodologies and playbooks for organisational consistency.

Qualifications & Requirements

Education & Practical Experience

  • 5+ years in penetration testing, with expertise across application and network testing within high-security/financial regulation environments.
  • Proven ability to oversee third-party pentesters, including quality validation and outcome assurance.
  • Application-focused discipline: Strong expertise in web APIs, mobile platforms, plus deep insights into enterprise network attack vectors.
  • Modern architecture familiarity: Hands-on knowledge of cloud-native, microservices, identity platforms, and CI/CD pipelines.
  • Ability to translate technical risks into audit-ready, remediation-focused guidance.

Get help with your application

Your very own career expert that helps elevate your application to the next level.

Get help applying for this job

Desired (Not Mandatory):

  • Experience utilising AI/ML tools for testing deployments, configurations, and security reviews.
  • Certifications such as:
    • Offensive Security (OSCP/OSEP/OSWE)
    • GIAC (GPEN/GXPN, GWAPT, PNPT, GCPN)
  • Educational background in a relevant technical discipline (BSc+/MSc).

Other Logistics

  • Roll based on hybrid availability.
  • Salary range: $120,000 – $202,500/annum (maximised for the primary location; domestic gaps may apply).
  • Full access to State Street’s comprehensive benefits package, including:
    • Retirement plan with 401(k) match
    • Medical, dental, vision, life and disability coverage
    • Paid time off (vacation, sick, short-term disability, parental/long-term care)
    • Employee Assistance Programme (EAP)
    • Tax-advantaged savings & performance bonuses

For full HR details: Visit hrportal Statestreet.


About State Street

As a standalone leader in institutional risk management, State Street ensures financial reliability worldwide—putting clients at the core. We empower employees through collaborative growth, flexibility, and commitment to equity.

Belonging starts here. Our deeply diverse team thrives on global connections, flexible-wellness, paid volunteerism, and a culture where innovation is as valued as tenure.

Inclusivity is foundational in all hiring: reinforcing equal opportunity for all skills/identities.


Careers & Compliance

  • Full information on jobs and diversity initiatives: StateStreet.com/careers
  • CEO Statement
  • Legal Notice: An unnamed Massachusetts law prohibits pre-employment lie detector tests. Violations carry serious liabilities.

Apply for this role today!

Trusted by 25,000+ job seekers

“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”

Jessica, London

Get help applying for this job

Skills

Application Penetration Testing
Network Penetration Testing
API Security Testing
Vendor Management
AI/LLM Security Testing
Risk Assessment
Remediation Validation
Cloud-native Architecture
Microservices
CI/CD Pipelines
Identity Platforms
Exploitation
Business Logic Testing
Authn/Authz Testing
Regulatory Compliance
Technical Reporting

Location

Kilkenny, Leinster, Ireland

Sign up to applySee more jobs like this