Expert Penetration Tester in Concord, CA

$100K - $150K(Ladders Estimates)

PG&E Corporation   •  

Concord, CA 94518

Industry: Energy & Utilities


5 - 7 years

Posted 59 days ago

This job is no longer available.

Department Overview

The Cybersecurity function is led by PG&E's Vice President - Chief Security Officer and is responsible for cybersecurity and risk management across the organization.

The Security Intelligence and Operations Center (SIOC) is responsible for ensuring that PG&E proactively identifies and assesses threats to its user and operational network and data, monitors its network for malicious activity, investigates intrusions and other relevant events, and has a sophisticated and detailed understanding of the evolving threat landscape.

Position Summary

The Penetration Tester, Expert will be responsible for the assessment, verification, review, and audit of security/privacy controls and overall security/privacy stance across the Pacific Gas and Electric Company enterprise. The successful candidate will execute and support assessments, audits, tests, and verification activities for the service areas under Pacific Gas and Electric Company's Security Intelligence and Operations Center (SIOC). This position will create and maintain SIOC testing infrastructure, correlation tools, documentation, and training.

The work schedule is Monday – Friday, regular day shift hours (7am – 9am start, 8 hour day with 30 minutes for lunch).



  • 6 years Penetration Testing experience
  • Bachelors degree in Computer Science, Network & Security, or related discipline or equivalent work experience OR Associate degree in related discipline plus two years additonal work experience in addition to the above required 6 years.


  • SANS Cybersecurity certificate, WCNA, or similar
  • Knowledge of exploits and how to use Metasploit/meterpreter
  • Knowledge and experience in setting up VMs for malware analysis Knowledge of the NVD, CVE, CVSS and its applicability to Penetration and Red Testing
  • Knowledge of APT TTPs and how to replicate their attack methodology
  • Experience with Web Application Testing and Secure Code review


  • Ensure and validate that security controls are operating effectively.
  • Review test results or interpret evidence for vulnerabilities, gaps, and control deficiencies and work with business stakeholders to establish plans for sustainable resolution.
  • Develop red test parameters, vulnerability-testing code writing capability, and other analytical tools to support security testing services.
  • Document in detail, the results of assessments, audits, tests, and verification activities.
  • Develop situational awareness, stay informed of current technology and vulnerabilities, and contribute to PG&E and industry in the area(s) of their specialty.
  • Provide support cross functional support to incident response analysts and other teams within SIOC.

Valid Through: 2019-9-17