Physical Penetration Testing Jobs (NOW HIRING)

Calling all innovators - find your future at Fiserv.

We're Fiserv, a global leader in Fintech and payments, and we move money and information in a way that moves the world. We connect financial institutions, corporations, merchants and consumers to one another millions of times a day - quickly, reliably, and securely. Any time you swipe your credit card, pay through a mobile app, or withdraw money from the bank, we're involved. If you want to make an impact on a global scale, come make a difference at Fiserv.

Job Title

About your role:
At Fiserv, we deliver technology solutions that help clients move money and manage financial services securely and reliably. The Application Security team focuses on protecting our products and client data through proactive testing and advanced security practices. As a Senior Penetration Tester, you will lead in-depth assessments of web, API, mobile, and thick-client applications to reduce risk and strengthen our security posture.

What you'll do:

• Perform thorough penetration testing across web applications, RESTful APIs, mobile applications (iOS/Android), and thick clients using manual and automated techniques to identify and exploit vulnerabilities.
• Develop and implement advanced penetration testing strategies, frameworks, and test plans tailored to different application architectures.
• Lead security assessments, execute exploit development and proof-of-concept creation, and validate remediation effectiveness.
• Provide technical guidance on remediation, secure coding practices, and risk mitigation to development and product teams.
• Monitor and respond to application security incidents; conduct root-cause analysis and drive corrective actions.
• Research and apply emerging tools, techniques, and threat intelligence to continuously improve testing coverage and automation.
• Mentor and support team members, promoting a culture of application security engineering and secure SDLC integration.
• Responsibilities listed are not intended to be all-inclusive and may be modified as necessary.

Experience you'll need to have:

• 10+ years of experience in application penetration testing for web applications, RESTful APIs, mobile applications, and thick clients using manual exploitation and advanced assessment techniques.
• 10+ years of experience in vulnerability research, exploit development, binary analysis, and proof-of-concept development.
• 8+ years of experience in cloud and container security assessments (AWS, Azure, GCP, Docker, Kubernetes) for cloud-native applications.
• 8+ years of experience with secure SDLC practices, threat modeling, and application security standards (OWASP Top 10, NIST, SANS) and compliance frameworks (e.g., PCI DSS).
• 8+ years of experience integrating security into CI/CD and IaC pipelines, and testing automation (Jenkins, GitHub Actions, Terraform).
• 6+ years of experience with scripting and automation (Python, Bash), and hands-on use of tools such as Burp Suite, Metasploit, MobSF, Postman, and fuzzing frameworks.
• 6+ years of equivalent combination of educational background, related experience, and/or military experience.

Experience that would be great to have:

• Experience working in the financial services industry with secure application development and regulatory/compliance requirements.
• Professional certifications such as OSCP, GWAPT, CPENT, or equivalent.
• Experience applying LLMs and automation for vulnerability discovery, exploit generation, or security testing orchestration.
• Hands-on experience with SAST/DAST/SCA platforms (e.g., Veracode, Checkmarx, Fortify) and integrating findings into developer workflows.
• Proven experience mentoring engineers and collaborating with product, engineering, and risk teams to operationalize application security.

How you'll work:

• This role is on-site Monday through Friday. Fiserv considers in-person collaboration to be an essential part of this role as in-person office experiences help you with your overall onboarding experience and leads to stronger productivity.
• This role requires the use of a computer and audio equipment.
  

Travel:

Approximately 0% travel off-site or to other office locations is expected.

Sponsorship:

• You must currently possess valid and unrestricted U.S. work authorization to be considered for this role. Individuals with temporary visas including, but not limited to, F-1 (OPT, CPT, STEM), H-1B, H-2, or TN, or any candidate requiring sponsorship, now or in the future, will not be considered for this role.

Benefits at Fiserv:

• Fuel Your Life program to support physical, financial, social, and emotional well-being.
• Paid holidays and generous time away policies.
• No-cost mental health support through Employee Assistance Programs.
• Living Proof program to recognize your peers' extra effort with points used for rewards.
• Eight Employee Resource Groups to foster a collaborative culture.
• Unparalleled professional growth with training, development, and internal mobility opportunities.
• Retirement planning and discounted shares with the Employee Stock Purchase Plan.
• Medical, dental, vision, life, and disability insurance options available day one.
• Tuition assistance and reimbursement program.
• Paid parental, caregiver, and military leave.

#LI-RM1

Salary Range

These pay ranges apply to employees in New Jersey and New York. Pay ranges for employees in other states may differ.

It is unlawful to discriminate against a prospective employee due to the individual's status as a veteran.

Thank you for considering employment with Fiserv. Please:

• Apply using your legal name
• Complete the step-by-step profile and attach your resume (either is acceptable, both are preferable).

Our commitment to Equal Opportunity:

Fiserv is proud to be an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, gender, gender identity, sexual orientation, age, disability, protected veteran status, or any other category protected by law.

If you have a disability and require a reasonable accommodation in completing a job application or otherwise participating in the overall hiring process, please contactAskHR.US@fiserv.com. Please note our AskHR representatives do not have visibility to your application status. Current associates who require a workplace accommodation should refer to Fiserv's Disability Accommodation Policy for additional information.

Note to agencies:

Fiserv does not accept resume submissions from agencies outside of existing agreements.Please do not send resumes to Fiserv associates. Fiserv is not responsible for any fees associated with unsolicited resume submissions.

Warning about fake job posts:

Please be aware of fraudulent job postings that are not affiliated with Fiserv. Fraudulent job postings may be used by cyber criminals to target your personally identifiable information and/or to steal money or financial information. Any communications from a Fiserv representative will come from a legitimate Fiserv email address.