Relx Group

Security Assurance Penetration Tester

Relx Group$71K — $119K *
US-AnywhereRemote in Pittsburgh, PA
Information Technology
Less than 5 years of experience
Job Overview by Ladders

Qualifications

  • 5-7 years of experience in information security or penetration testing.
  • At least one relevant security certification such as Security+ or CEH; advanced certifications like OSCP are a plus.
  • Strong foundational knowledge of web application architecture and operating system security.
  • Proficient with common penetration testing tools like Burp Suite and Metasploit.
  • Scripting skills in Python, Bash, or PowerShell are essential; development experience is a bonus.
  • Basic understanding of major cloud platforms like AWS or Azure and their security implications.
  • Familiarity with GenAI security risks, including LLM abuse and prompt injection.

Responsibilities

  • Track and manage findings from third-party assessments for timely remediation.
  • Collaborate with product and development teams to enhance security practices based on findings.
  • Conduct post-assessment reviews to identify patterns in security issues and promote secure coding.
  • Maintain detailed program documentation and reporting artifacts throughout testing and remediation processes.
  • Perform penetration testing on various platforms including web apps, APIs, and internal systems, managing complex scenarios appropriately.
  • Conduct peer reviews of penetration testing results and reporting documentation.
  • Participate in scoping exercises to select appropriate testing methods for security assessments.
  • Support security testing of GenAI applications for vulnerabilities like insecure prompt handling.

Benefits

  • Comprehensive health and wellness benefits tailored to your country of residence.
  • Access to ongoing professional development opportunities.
  • Flexible work arrangements to promote work-life balance.
  • Participation in company-wide initiatives focused on diversity and inclusion.
  • Employee incentive bonuses based on performance.
Full Job Description
About the role - This role supports the offensive security function within Elsevier's Security Engineering team. You will perform hands-on security testing and peer review activities, validate vulnerabilities and security controls, and support the automation of security assurance processes. This is a hands-on role for a motivated security professional eager to grow in a collaborative, fast-paced environment.

About the team - The Security Assurance team supports the third-party penetration testing program, security control validation, and ongoing offensive security testing activities.

Responsibilities
  • Tracking and triaging findings from third-party assessments, ensuring timely follow-up and remediation tracking.
  • Collaborating with development, platform, and product teams to communicate findings, track remediation efforts, and improve overall security posture.
  • Facilitating post-assessment reviews and lessons learned sessions with development teams to identify recurring security issues and promote secure development practices.
  • Maintaining program documentation, test records, and reporting artifacts.
  • Conducting penetration testing of web applications, APIs, cloud environments, and internal systems, escalating complex testing scenarios as needed.
  • Performing peer review of penetration testing deliverables, including test plans, findings, and final reports.
  • Participating in scoping exercises and contributing to the selection of appropriate testing methodologies.
  • Supporting security assessments of GenAI-powered applications and features, including LLM integrations, RAG pipelines, and AI agents.
  • Assisting in testing for AI-specific vulnerabilities such as prompt injection, jailbreaking, insecure output handling, model data leakage, and training data poisoning.
  • Contributing to the development of internal GenAI security testing checklists and methodologies, aligned with frameworks such as OWASP Top 10 for LLMs.


Requirements
  • Experience in information security, penetration testing, or a related field. Experience or coursework in software development, DevOps, or scripting is highly desirable.
  • At least one relevant security certification (e.g., Security+, eJPT, PNPT, CEH, or equivalent) preferred; advanced offensive security certifications such as OSCP are a plus.
  • Foundational understanding of web application architecture, networking, and operating system security.
  • Familiarity with common penetration testing tools (e.g., Burp Suite, Nmap, Metasploit, Nuclei, or equivalent).
  • Working knowledge of OWASP Top 10, common CVEs, and vulnerability scoring frameworks (CVSS).
  • Scripting ability in at least one language (Python, Bash, PowerShell, or similar); development experience is a strong plus.
  • Basic understanding of cloud environments (AWS, Azure, or GCP) and associated security considerations.
  • Exposure to SAST/DAST tools and secure code review practices is desirable.
  • Awareness of GenAI security risks (prompt injection, LLM abuse, insecure AI integrations)


U.S. National Base Pay Range: $71,600 - $119,400. Geographic differentials may apply in some locations to better reflect local market rates.If performed in Colorado, the base pay range is $71,600 - $119,400.If performed in New York, the base pay range is $78,700 - $131,400.If performed in New York City, the base pay range is $85,900 - $143,300.If performed in Rochester, NY, the base pay range is $71,600 - $119,400.If performed in New Jersey, the base pay range is $84,546 - $135,054.This job is eligible for an annual incentive bonus.Application deadline is 09/10/2026.
We know your well-being and happiness are key to a long and successful career. We are delighted to offer country specific benefits. Click here to access benefits specific to your location.

About Relx Group

RELX Group is a global provider of information-based analytics and decision tools for professional and business customers. The company operates in four market segments: scientific, technical and medical; risk and business analytics; legal; and exhibitions. RELX's products and services include electronic databases, online information services, workflow tools, and print and digital books. The company was founded in 1993 and is headquartered in London, England.
Learn more about Relx Group
Size
33,500 employees
Market Cap
$53.1 billion
Industry
Net Income
$1.2 billion
Founded
2018
5 Year Trend
+1%
Revenue
$7.1 billion
NASDAQ

Similar Jobs

More Jobs at Relx Group

More Information Technology Jobs

Find similar Security Assurance Penetration Tester jobs: