State Street
Penetration Testing Engineer- VP

How your CV stacks up
Upload your CV to see how well it fits this job role
?%
Senior Penetration Testing Engineer State Street
About the Role
We are seeking a Senior Penetration Testing Engineer to join State Street’s Penetration Testing Team, reporting to the Penetration Testing Team Manager. This highly technical engineering position sits within the Threat Intelligence and Assurance organisation and demands a hands-on, subject-matter-expert mindset.
You will serve as a key expert in application penetration testing, designing and overseeing complex security assessments, both in-house and across third-party vendor partnerships. The focus is on establishing rigorous, repeatable testing methodologies—validating security controls, assessing real-world exploitability across mission-critical systems, and ensuring outputs meet high-risk financial audit standards.
Operating in State Street’s highly regulated banking environment, you will collaborate with engineering and infrastructure teams to root-cause vulnerabilities, enforce evidence-backed fixes, and elevate secure system design.
Responsibilities
As Senior Penetration Testing Engineer, your core scope includes:
- Designing and managing third-party network penetration tests, covering:
- Scoping and provider selection
- Rules of engagement
- Quality assurance and result validation
- Leading end-to-end application penetration testing (including web, API and third-party provider engagements) with full lifecycle oversight:
- Scoping → execution → exploitation → retesting
- Conducting advanced technical testing across:
- Authentication/authorisation flaws
- Business logic vulnerabilities
- Injection & data misabuse
- API misconfigurations
- Cryptographic misuse
- Access control weaknesses
- Codifying testing standards for all internal and external parties to ensure:
- Cross-scope consistency
- Depth of analysis
- Regulatory defensibility
- Producing regulator-ready reports with clear vulnerability linkages, exploitability context, and actionable remediation guidance.
- Implementing AI/ML-enabled testing in penetration assessments, notably for AI-LLM deployments (testing for prompt injection, model abuse, and data exposure).
- Partnering with engineering teams to:
- Validate vulnerability remediation
- Reduce recurrence risk
- Strengthen secure design in CI/CD environments.
Reasons to use Rodeo
I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?
Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.
Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.
Start with a chat, not a search bar
Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.
Graduate Consultant — 2026 Scheme
Why you're a good match
StrongYour economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.
See breakdownIt searches the market for you
Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.
Why you're a good match
You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.
Experience fit
Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.
Only hits
No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.
Key Qualities & Skills
The team values:
- Technical depth & ownership: Balancing hands-on expertise with accountability for end-to-end assessment outcomes.
- Judgement & vendor oversight: Ensuring external assessments meet centralised standards and deliver robust insights.
- Risk-focused mindset: Prioritising real-world exploitability over theoretical findings, with acute business impact awareness.
- Communicative clarity: Crafting executive-level reports alongside technical guidance tailored for local/remote teams.
- Collaborative influence: Partnership with development, infrastructure, and risk stakeholders.
- Innovation: Proactively adopting AI/ML techniques to enhance offensive security testing.
- Continuous improvement: Expanding methodologies and playbooks for organisational consistency.
Qualifications & Requirements
Education & Practical Experience
- 5+ years in penetration testing, with expertise across application and network testing within high-security/financial regulation environments.
- Proven ability to oversee third-party pentesters, including quality validation and outcome assurance.
- Application-focused discipline: Strong expertise in web APIs, mobile platforms, plus deep insights into enterprise network attack vectors.
- Modern architecture familiarity: Hands-on knowledge of cloud-native, microservices, identity platforms, and CI/CD pipelines.
- Ability to translate technical risks into audit-ready, remediation-focused guidance.


Get help with your application
Your very own career expert that helps elevate your application to the next level.
Desired (Not Mandatory):
- Experience utilising AI/ML tools for testing deployments, configurations, and security reviews.
- Certifications such as:
- Offensive Security (OSCP/OSEP/OSWE)
- GIAC (GPEN/GXPN, GWAPT, PNPT, GCPN)
- Educational background in a relevant technical discipline (BSc+/MSc).
Other Logistics
- Roll based on hybrid availability.
- Salary range: $120,000 – $202,500/annum (maximised for the primary location; domestic gaps may apply).
- Full access to State Street’s comprehensive benefits package, including:
- Retirement plan with 401(k) match
- Medical, dental, vision, life and disability coverage
- Paid time off (vacation, sick, short-term disability, parental/long-term care)
- Employee Assistance Programme (EAP)
- Tax-advantaged savings & performance bonuses
For full HR details: Visit hrportal Statestreet.
About State Street
As a standalone leader in institutional risk management, State Street ensures financial reliability worldwide—putting clients at the core. We empower employees through collaborative growth, flexibility, and commitment to equity.
Belonging starts here. Our deeply diverse team thrives on global connections, flexible-wellness, paid volunteerism, and a culture where innovation is as valued as tenure.
Inclusivity is foundational in all hiring: reinforcing equal opportunity for all skills/identities.
Careers & Compliance
- Full information on jobs and diversity initiatives: StateStreet.com/careers
- CEO Statement
- Legal Notice: An unnamed Massachusetts law prohibits pre-employment lie detector tests. Violations carry serious liabilities.
Apply for this role today!
“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”
Jessica, London
Skills
Location