Senior Penetration Tester

About This Role

Tile Health’s security posture must withstand the scrutiny of sophisticated threat actors targeting healthcare data. The Senior Penetration Tester will plan and execute offensive security assessments across our web applications, APIs, cloud infrastructure, and internal networks. Your findings will directly drive security investments and engineering priorities, making this a high-influence role for a skilled offensive security professional who cares about protecting patient data.

What You'll Do

• Plan and execute penetration tests against web applications, REST APIs, cloud infrastructure (AWS), and internal networks on a recurring schedule
• Conduct red team exercises that simulate advanced persistent threat scenarios targeting healthcare data exfiltration
• Produce detailed penetration testing reports with clear risk ratings, reproduction steps, and remediation recommendations
• Collaborate with application security and infrastructure teams to validate remediation effectiveness through retesting
• Research emerging attack techniques relevant to cloud-native healthcare applications and present findings to the security team
• Contribute to the development of internal security testing methodologies and purple team exercises

What We're Looking For

• 5+ years of penetration testing or offensive security experience across web application, network, and cloud domains
• Expert-level proficiency with penetration testing tools including Burp Suite Pro, Metasploit, Cobalt Strike, or similar
• Strong understanding of AWS cloud security architecture and common misconfiguration patterns
• Experience testing REST APIs, OAuth flows, and modern authentication mechanisms
• Ability to write custom exploits and scripts in Python, Go, or similar languages

Nice to Have

• OSCP, OSCE, OSWE, or GXPN certification
• Experience testing healthcare applications or HIPAA-regulated environments
• Published CVEs, security blog posts, or conference talks on offensive security topics
• Experience with purple teaming and collaborative security improvement exercises