Penetration Tester - MedInsight

Company Overview:  
Leading with our core values of Quality, Integrity, and Opportunity, MedInsight is one of the healthcare industry’s most trusted solutions for healthcare intelligence. Our company purpose is to empower easy, data-driven decision-making on important healthcare questions. Through our products, education, and services, MedInsight is making an impact on healthcare by helping to drive better outcomes for patients while reducing waste. Over 300 leading healthcare organizations have come to rely on MedInsight analytic solutions for healthcare cost and care management. MedInsight has been ranked #1 for Payer Quality Analytics by clients for the last three years in the Best in KLAS report.  

MedInsight is a subsidiary of Milliman; a global, employee-owned consultancy providing actuarial consulting, retirement funding and healthcare financing, enterprise risk management and regulatory compliance, data analytics and business transformation as well as a range of other consulting and technology solutions. 

Position Summary:  
As a Penetration Tester, you will play a vital role in safeguarding our information systems by proactively identifying and mitigating security vulnerabilities. Working under the guidance of senior security professionals, you will assess the effectiveness of our cybersecurity infrastructure through simulated attacks and vulnerability assessments. This role offers the opportunity to build hands-on experience while contributing to the design and implementation of secure systems and processes. 

Key Responsibilities:  

• Conduct penetration tests on networks, web and mobile applications, APIs, and cloud environments to identify security vulnerabilities and risks. 
• Support security architects in assessing potential weaknesses in system designs and contribute to defining secure architecture and infrastructure requirements. 
• Identify and exploit vulnerabilities in applications and infrastructure to simulate real-world cyber threats. 
• Facilitate and coordinate vulnerability assessments and scans, review assessment results, and oversee remediation activities for network and infrastructure devices. 
• Document and communicate findings clearly, translating technical risk into business risk for non-technical stakeholders. 
• Participate in educating users and new employees on security best practices, policies, and procedures. 
• Research and stay current on emerging cybersecurity threats, attack methods, and industry best practices. 
• Recommend improvements to enhance system security and align with internal standards and regulatory requirements. 
• Ensure testing activities and remediation efforts align with compliance standards and privacy laws (e.g., OWASP, NIST, ISO 27001). 
• Collaborate with senior team members to provide technical guidance and support for security initiatives. 
• May assist in reviewing third-party security controls, especially for cloud services.

Qualifications:  

• Minimum 4 years of experience in Application Security and Penetration Testing across networks, web/mobile apps, APIs, and cloud environments to identify vulnerabilities and risks.
• Familiarity with penetration testing methodologies, tools (e.g., Burp Suite, Nmap, Metasploit), and scripting languages (e.g., Python, Bash, PowerShell). 
• Basic understanding of networking protocols, web technologies, and operating systems. 
• Exposure to cybersecurity frameworks such as OWASP Top 10, NIST, or CIS Controls. 
• Strong problem-solving skills, attention to detail, and ability to work as part of a team. 
• Willingness to learn and grow within a structured, closely supervised environment. 

Preferred Experience:  

• Experience related to ethical hacking or vulnerability assessments. 
• One (or more) relevant certifications, or ability to pass exam: GPEN, GWAPT, OSCP 
• CTF experience (HackTheBox, VulnHub, OverTheWire, etc) 

Educational Requirements:

• Bachelor’s degree in computer science, Information Security, or related field or equivalent work experience. 

What makes this a great opportunity?  

• Join an innovative, high growth company with a solid industry track record 
• Bring your expertise and ideas to directly impact and help build the next generation of MedInsight products and solutions 
• Enjoy significant visibility in your work and be recognized for your wins 
• Work for a company that values your wellbeing and professional growth, offering a flexible work environment, generous benefits package, and investment in the development of your career 

Milliman Benefits:  

• We offer competitive benefits which include the following based on plan eligibility: 
• Supportive work culture focused on continuous learning, growth, and team collaboration
• Exposure to international teams and projects for broader professional experience
• Flexible working hours with hybrid/remote options to support work-life balance
• Annual health check-ups and employee wellness programs for a healthier lifestyle
• Employee Assistance Program (EAP) offering confidential mental health support
• Paid time off including vacation, sick leave, and recognized public holidays