Our technology organization is transforming how we work at Smurfit Westrock. We align with our businesses to deliver innovative solutions that:
Address specific business challenges, integrate processes, and create great experiences
Connect our work to shared goals that propel Smurfit Westrock forward in the Digital Age
Imagine how technology can advance the way we work by using disruptive technology
We are looking for forward thinking technologists that can accelerate our focus areas such as building stronger foundational technology capabilities, reducing complexity, employing digital transformation concepts, and leveraging disruptive technology.
Senior Penetration Tester - Remote
Position Summary:
The Senior Penetration Tester plays a critical role in Smurfit WestRocku2019s offensive security strategy by executing advanced, realu2011world attack simulations across a broad range of applications, infrastructure, cloud services, and emerging technologies. This role leads the planning, execution, and reporting of inu2011scope penetration testing engagements designed to uncover weaknesses in security controls and strengthen the organizationu2019s overall cyber resilience.
Operating as a key member of the Cyber Defense organization, the Senior Penetration Tester partners closely with Business Units, Vulnerability Management, Application Security, the Security Operations Center, and other technical teams to ensure findings are understood, risku2011prioritized, and actionable. The tester will participate in engagement scoping, develop test plans aligned with Smurfit WestRocku2019s Penetration Testing Program and Rules of Engagement, and deliver clear, highu2011quality technical and executiveu2011level reporting.
This role will also be instrumental in shaping and maturing Smurfit WestRocku2019s internal Penetration Testing and Red Team program, contributing to methodology development, toolset enhancement, and crossu2011functional process alignment. As a senior member of the team, the individual will provide mentorship, guidance, and technical leadership to other testers, helping to build a strong, scalable offensive security capability across the enterprise.
How you will impact Smurfit Westrock:
Core Offensive Security Responsibilities
Perform internal and external penetration tests with a strong emphasis on web application vulnerabilities, including OWASP Top 10, API security flaws, and businessu2011logic abuse.
Lead all phases of penetration testing engagementsu2014scoping, planning, reconnaissance, vulnerability identification, exploitation, risk assessment, and delivery of final reports.
Produce highu2011quality, inu2011depth reporting with clear articulation of findings, severity, business impact, and actionable remediation guidance.
Develop tools, scripts, documentation, and adversaryu2011emulation techniques to enhance internal offensive capabilities and testing automation.
Provide guidance and safeu2011execution practices for penetration testing in OT environments.
Partner closely with Security Operations Center analysts to explain attacker TTPs, strengthen detection strategies, and improve response readiness.
Maintain deep awareness of the evolving offensive security landscape, including emerging threats, exploit techniques, and testing methodologies.
What you need to succeed:
Experience & Technical Expertise
4-6 years of handsu2011on experience in offensive cybersecurity, including Penetration Testing, Red Teaming, Cloud Security Testing, and Network Security Testing.
Demonstrated expertise in Web Application Security, including dynamic/static analysis, API exploitation techniques, and modern application attack paths.
Red Team experienceu2014such as adversary emulation, social engineering simulations, or purpleu2011team collaborationu2014is strongly preferred.
Handsu2011on proficiency with common offensive tools and platforms, including:
Operating Systems: Kali Linux, Windows, and Linux distributions
Vulnerability Scanners: Nmap, Nessus, Nexpose
Exploitation & Recon Tools: Metasploit, Burp Suite, DirBuster, ffuf, Nuclei
C2 Frameworks: (various as needed for emulation and redu2011team operations)
Strong understanding of networking concepts, network infrastructure, and attacker tradecraft across enterprise environments.
Experience performing penetration tests in cloud environments, including AWS and/or Azure.
Professional Skills
Exceptional written and verbal communication skills, with the ability to translate complex technical findings for both technical and executive audiences.
Strong collaboration abilities in a global, matrixed enterprise environment.
Ability to manage multiple priorities, work effectively under tight deadlines, and maintain exceptional attention to detail.
Proactive, curious, analytical, and impactu2011focused mindset; thrives in a fastu2011paced security organization.
Preferred Certifications
OSCP - Offensive Security Certified Professional
OSWE - Offensive Security Web Expert
GCPN - GIAC Cloud Penetration Tester
GPEN - GIAC Penetration Tester
GWAPT - GIAC Web Application Penetration Tester
GMOB - GIAC Mobile Device Security
eCPPT - Certified Professional Penetration Tester
CRTO - Certified Red Team Operator
What we offer:
Corporate culture based on integrity, respect, accountability and excellence
Comprehensive training with numerous learning and development opportunities
An attractive salary reflecting skills, competencies and potential
A career with a global packaging company where Sustainability, Safety and Inclusion are business drivers and foundational elements of the daily work.
Smurfit Westrock (NYSE:SW) is a global leader in sustainable paper and packaging solutions. We are materials scientists, packaging designers, mechanical engineers and manufacturing experts with a shared purpose: Innovate Boldly. Package Sustainably. Guided by our values of safety, loyalty, integrity, and respect, we use leading science and technology to move fiber-based packaging forward.
Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, protected veteran status or other characteristics protected by state or federal law.
