Lead Engineer, Penetration Tester

Job Id: R0000421099 The pay range is $128,000.00 - $231,000.00Pay is based on several factors which vary based on position. These include labor markets and in some instances may include education, work experience and certifications. In addition to your pay, Target cares about and invests in you as a team member, so that you can take care of yourself and your family. Target offers eligible team members and their dependents comprehensive health benefits and programs, which may include medical, vision, dental, life insurance and more, to help you and your family take care of your whole selves. Other benefits for eligible team members include 401(k), employee discount, short term disability, long term disability, paid sick leave, paid national holidays, and paid vacation. Find competitive benefits from financial and education to well-being and beyond at https://corporate.target.com/careers/benefits.LEAD ENGINEER, PENETRATION TESTERAbout us:Target is an iconic brand, a Fortune 50 company and one of America’s leading retailers.Target as a tech company? Absolutely. We’re the behind-the-scenes powerhouse that fuels Target’s passion and commitment to cutting-edge innovation. We anchor every facet of one of the world’s best-loved retailers with a strong technology framework that relies on the latest tools and technologies—and the brightest people—to deliver incredible value to guests online and in stores. Target Technology Services is on a mission to offer the systems, tools and support that guests and team members need and deserve. Our high-performing teams balance independence with collaboration, and we pride ourselves on being versatile, agile and creative. We drive industry-leading technologies in support of every angle of the business, and help ensure that Target operates smoothly, securely and reliably from the inside out.As a Lead Engineer, Penetration Tester on Target’s Security Testing Services team, you will play a critical role in protecting our guests and brand. You’ll leverage your deep understanding of Target’s environment, strong partnerships, and relentless curiosity to deliver industry-leading penetration testing at scale. Our team values collaboration, respect, adaptability, and purpose. We conduct comprehensive assessments of key Target business functions and processes, including PCI-required testing. You’ll collaborate directly with business teams across Target, gaining first-hand insight into how our systems and operations work together.Use your skills, experience, and talents to help us achieve visionary goals. As a Lead Engineer, you will:Lead and perform penetration tests across Target-developed and third-party applications, including web, API, mobile, hardware, and scoped PCI assetsManage the full lifecycle of penetration testing from intake and scoping through discovery, testing, and validation of findingsIdentify, validate, and communicate security vulnerabilities across enterprise systemsDeliver clear, actionable reports that articulate business impact and remediation guidancePartner with Target Tech and Security teams to explain findings, resolve issues, and improve overall security postureMentor and coach team members to strengthen collective technical expertiseReview and triage submissions from the Bug Bounty program; escalate critical findings to appropriate teams and help drive remediationContribute to threat modeling activities, providing expert insights to identify and prioritize threatsProvide technical oversight and assist in resolving complex security challengesAdvocate for continuous improvement of penetration testing tools, processes, and automationParticipate in on-call rotation for operational and bug bounty supportAbout YouBachelor’s degree in Computer Science, Cybersecurity, or related field—or equivalent experience7+ years of experience in cybersecurity, including at least 5 years focused on penetration testing or red team operationsStrong expertise in penetration testing methodologies and web application securityAdvanced knowledge of application development, networking, and systems architectureProficient with Burp Suite and other key security tools (e.g., Nmap, Nuclei, Metasploit, etc.)Skilled in scripting and automation using languages such as Python or GoComfortable working across Mac, Windows, and Linux environmentsStrong communicator with the ability to translate complex security issues for technical and non-technical audiencesExcellent time management and prioritization skills with the ability to meet deadlinesProven ability to foster collaboration, drive alignment within cross-functional teams, and demonstrate a solid understanding of how your work impacts the team and guestsPassionate about mentorship, learning, and continuous improvementDemonstrated ability to stay current with evolving security threats and testing techniquesPreferred Certifications: OSCP, OSCE, OSWE, or CISSPCore responsibilities of this job are described within this job description. Job duties may change at any time due to business needs.This position will operate as aHybrid/Flex for Your Day work arrangement based on Target’s needs. A Hybrid/Flex for Your Day work arrangement means the team member’s core role will need to be performed both onsite at the Target HQ MN location the role is assigned to and virtually, depending upon what your role, team and tasks require for that day. Work duties cannot be performed outside of the country of the primary work location, unless otherwise prescribed by Target. Clickhere if you are curious to learn more about Minnesota.Benefits EligibilityPlease paste this url into your preferred browser to learn about benefits eligibility for this role: https://tgt.biz/BenefitsForYou_EAmericans with Disabilities Act (ADA)In compliance with state and federal laws, Target will make reasonable accommodations for applicants with disabilities. If a reasonable accommodation is needed to participate in the job application or interview process, please reach out to candidate.accommodations@HRHelp.Target.com.Non-accommodation-related requests, such as application follow-ups or technical issues, will not be addressed through this channel.