Job ID

ATR59554

Posting Job Title

Senior Penetration Tester

Locations

GA WFH Georgia

Employment Type

Full Time

Date Posted

02-Mar-2026

Relocation Support

No

Smurfit Westrock (NYSE:SW) is a global leader in sustainable paper and packaging solutions. We are materials scientists, packaging designers, mechanical engineers and manufacturing experts with a shared purpose: Innovate Boldly. Package Sustainably. Guided by our values of integrity, respect, accountability and excellence, we use leading science and technology to move fiber-based packaging forward.

Our technology organization is transforming how we work at Smurfit Westrock. We align with our businesses to deliver innovative solutions that:

• Address specific business challenges, integrate processes, and create great experiences
• Connect our work to shared goals that propel Smurfit Westrock forward in the Digital Age
• Imagine how technology can advance the way we work by using disruptive technology

We are looking for forward thinking technologists that can accelerate our focus areas such as building stronger foundational technology capabilities, reducing complexity, employing digital transformation concepts, and leveraging disruptive technology.

Senior Penetration Tester - Remote

Position Summary:

The Senior Penetration Tester plays a critical role in Smurfit WestRock’s offensive security strategy by executing advanced, real‑world attack simulations across a broad range of applications, infrastructure, cloud services, and emerging technologies. This role leads the planning, execution, and reporting of in‑scope penetration testing engagements designed to uncover weaknesses in security controls and strengthen the organization’s overall cyber resilience.

Operating as a key member of the Cyber Defense organization, the Senior Penetration Tester partners closely with Business Units, Vulnerability Management, Application Security, the Security Operations Center, and other technical teams to ensure findings are understood, risk‑prioritized, and actionable. The tester will participate in engagement scoping, develop test plans aligned with Smurfit WestRock’s Penetration Testing Program and Rules of Engagement, and deliver clear, high‑quality technical and executive‑level reporting.

This role will also be instrumental in shaping and maturing Smurfit WestRock’s internal Penetration Testing and Red Team program, contributing to methodology development, toolset enhancement, and cross‑functional process alignment. As a senior member of the team, the individual will provide mentorship, guidance, and technical leadership to other testers, helping to build a strong, scalable offensive security capability across the enterprise.

How you will impact Smurfit Westrock:

Core Offensive Security Responsibilities

• Perform internal and external penetration tests with a strong emphasis on web application vulnerabilities, including OWASP Top 10, API security flaws, and business‑logic abuse.
• Lead all phases of penetration testing engagements—scoping, planning, reconnaissance, vulnerability identification, exploitation, risk assessment, and delivery of final reports.
• Produce high‑quality, in‑depth reporting with clear articulation of findings, severity, business impact, and actionable remediation guidance.
• Develop tools, scripts, documentation, and adversary‑emulation techniques to enhance internal offensive capabilities and testing automation.
• Provide guidance and safe‑execution practices for penetration testing in OT environments.
• Partner closely with Security Operations Center analysts to explain attacker TTPs, strengthen detection strategies, and improve response readiness.
• Maintain deep awareness of the evolving offensive security landscape, including emerging threats, exploit techniques, and testing methodologies.

What you need to succeed:

Experience & Technical Expertise

• 4-6 years of hands‑on experience in offensive cybersecurity, including Penetration Testing, Red Teaming, Cloud Security Testing, and Network Security Testing.
• Demonstrated expertise in Web Application Security, including dynamic/static analysis, API exploitation techniques, and modern application attack paths.
• Red Team experience—such as adversary emulation, social engineering simulations, or purple‑team collaboration—is strongly preferred.
• Hands‑on proficiency with common offensive tools and platforms, including:
• Operating Systems: Kali Linux, Windows, and Linux distributions
• Vulnerability Scanners: Nmap, Nessus, Nexpose
• Exploitation & Recon Tools: Metasploit, Burp Suite, DirBuster, ffuf, Nuclei
• C2 Frameworks: (various as needed for emulation and red‑team operations)
• Strong understanding of networking concepts, network infrastructure, and attacker tradecraft across enterprise environments.
• Experience performing penetration tests in cloud environments, including AWS and/or Azure.

Professional Skills

• Exceptional written and verbal communication skills, with the ability to translate complex technical findings for both technical and executive audiences.
• Strong collaboration abilities in a global, matrixed enterprise environment.
• Ability to manage multiple priorities, work effectively under tight deadlines, and maintain exceptional attention to detail.
• Proactive, curious, analytical, and impact‑focused mindset; thrives in a fast‑paced security organization.

Preferred Certifications

• OSCP – Offensive Security Certified Professional
• OSWE – Offensive Security Web Expert
• GCPN – GIAC Cloud Penetration Tester
• GPEN – GIAC Penetration Tester
• GWAPT – GIAC Web Application Penetration Tester
• GMOB – GIAC Mobile Device Security
• eCPPT – Certified Professional Penetration Tester
• CRTO – Certified Red Team Operator

What we offer:

• Corporate culture based on integrity, respect, accountability and excellence
• Comprehensive training with numerous learning and development opportunities
• An attractive salary reflecting skills, competencies and potential
• A career with a global packaging company where Sustainability, Safety and Inclusion are business drivers and foundational elements of the daily work.

Candidates are required to undergo a drug screening after receiving a conditional job offer, but before starting employment.

Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, protected veteran status or other characteristics protected by state or federal law.