Penetration Tester - MedInsight

Company Overview:
Leading with our core values of Quality Integrity and Opportunity MedInsight is one of the healthcare industrys most trusted solutions for healthcare company purpose is to empower easy data-driven decision-making on important healthcare questions. Through our products education and services MedInsight is making an impact on healthcare by helping to drive better outcomes for patients while reducing waste. Over 300 leading healthcare organizations have come to rely on MedInsight analytic solutions for healthcare cost and care management. MedInsight has been ranked #1 for Payer Quality Analytics by clients for the last three years in the Best in KLAS report.

MedInsight is a subsidiary of Milliman; a global employee-owned consultancy providing actuarial consulting retirement funding and healthcare financing enterprise risk management and regulatory compliance data analytics and business transformation as well as a range of other consulting and technology solutions.

Position Summary:
As a Penetration Tester you will play a vital role in safeguarding our information systems by proactively identifying and mitigating security vulnerabilities. Working under the guidance of senior security professionals you will assess the effectiveness of our cybersecurity infrastructure through simulated attacks and vulnerability assessments. This role offers the opportunity to build hands-on experience while contributing to the design and implementation of secure systems and processes.

Key Responsibilities:

• Conduct penetration tests on networks web and mobile applications APIs and cloud environments to identify security vulnerabilities and risks.
• Support security architects in assessing potential weaknesses in system designs and contribute to defining secure architecture and infrastructure requirements.
• Identify and exploit vulnerabilities in applications and infrastructure to simulate real-world cyber threats.
• Facilitate and coordinate vulnerability assessments and scans review assessment results and oversee remediation activities for network and infrastructure devices.
• Document and communicate findings clearly translating technical risk into business risk for non-technical stakeholders.
• Participate in educating users and new employees on security best practices policies and procedures.
• Research and stay current on emerging cybersecurity threats attack methods and industry best practices.
• Recommend improvements to enhance system security and align with internal standards and regulatory requirements.
• Ensure testing activities and remediation efforts align with compliance standards and privacy laws (e.g. OWASP NIST ISO 27001).
• Collaborate with senior team members to provide technical guidance and support for security initiatives.
• May assist in reviewing third-party security controls especially for cloud services.

Qualifications:

• Minimum 4 years of experience in Application Security and Penetration Testing across networks web/mobile apps APIs and cloud environments to identify vulnerabilities and risks.
• Familiarity with penetration testing methodologies tools (e.g. Burp Suite Nmap Metasploit) and scripting languages (e.g. Python Bash PowerShell).
• Basic understanding of networking protocols web technologies and operating systems.
• Exposure to cybersecurity frameworks such as OWASP Top 10 NIST or CIS Controls.
• Strong problem-solving skills attention to detail and ability to work as part of a team.
• Willingness to learn and grow within a structured closely supervised environment.

Preferred Experience:

• Experience related to ethical hacking or vulnerability assessments.
• One (or more) relevant certifications or ability to pass exam: GPEN GWAPT OSCP
• CTF experience (HackTheBox VulnHub OverTheWire etc)

Educational Requirements:

• Bachelors degree in computer science Information Security or related field or equivalent work experience.

What makes this a great opportunity

• Join an innovative high growth company with a solid industry track record
• Bring your expertise and ideas to directly impact and help build the next generation of MedInsight products and solutions
• Enjoy significant visibility in your work and be recognized for your wins
• Work for a company that values your wellbeing and professional growth offering a flexible work environment generous benefits package and investment in the development of your career

Milliman Benefits:

• We offer competitive benefits which include the following based on plan eligibility:
• Supportive work culture focused on continuous learning growth and team collaboration
• Exposure to international teams and projects for broader professional experience
• Flexible working hours with hybrid/remote options to support work-life balance
• Annual health check-ups and employee wellness programs for a healthier lifestyle
• Employee Assistance Program (EAP) offering confidential mental health support
• Paid time off including vacation sick leave and recognized public holidays