Sr Engineer, Penetration Test & Cybersecurity

Thank you for considering a career at Ensemble!

Ensemble is a leading provider of technology-enabled revenue cycle management solutions for health systems, including hospitals and affiliated physician groups. They offer end-to-end revenue cycle solutions as well as a comprehensive suite of point solutions to clients across the country.

Ensemble keeps communities healthy by keeping hospitals healthy. We recognize that healthcare requires a human touch, and we believe that every touch should be meaningful. This is why our people are the most important part of who we are. By empowering them to challenge the status quo, we know they will be the difference!

O.N.E Purpose:

• Customer Obsession: Consistently provide exceptional experiences for our clients, patients, and colleagues by understanding their needs and exceeding their expectations.

• Embracing New Ideas: Continuously innovate by embracing emerging technology and fostering a culture of creativity and experimentation.

• Striving for Excellence: Execute at a high level by demonstrating our “Best in KLAS” Ensemble Difference Principles and consistently delivering outstanding results.

The Opportunity:

The Senior Penetration Testing Engineer, Cybersecurity will be a key member of the Cybersecurity Technical Assessments team, responsible for leading advanced penetration testing engagements, red team exercises, and vulnerability research to detect and exploit security vulnerabilities across the enterprise environments. This role requires deep technical expertise, strategic influence, and leadership in shaping the security posture of the organization. The ideal candidate possesses a strong background in offensive security, including exploit development, red teaming, and advanced attack simulation techniques. Additionally, they will provide mentorship to junior team members, contribute to security strategy, and engage with executive leadership to enhance security resilience.

Essential Job Functions

Customer Obsession: Consistently provide exceptional experiences for our clients, patients, and colleagues by understanding their needs and exceeding their expectations.

Embracing New Ideas: Continuously innovate by embracing emerging technology and fostering a culture of creativity and experimentation.

Striving for Excellence: Execute at a high level by demonstrating our “Best in KLAS” Ensemble Difference Principles and consistently delivering outstanding results.

• Lead, scope and conduct penetration testing engagements, ensuring comprehensive coverage of modern attack vectors across networks, cloud, applications, and hardware.
• Develop and execute advanced red team exercises, including adversary emulation, lateral movement, and breach simulation to assess real-world attack resilience.
• Develop reports and deliver presentations that explain the findings of research and vulnerability assessments to both technical and executive-level audiences.
• Participate in the validation of threat models for Ensemble developed systems, ensuring the attack simulation is accurate.
• Lead the coordination and execution of red team/purple team exercises to enhance detection and response capabilities, as well as test the functionality of security systems.
• Leverage tools commonly used to perform security testing (e.g., Nmap, Burp Suite, evilginx, hashcat, Metasploit, Nessus, impacket, C2 frameworks, nuclei, gophish, Dradis, Ghostwriter, etc.), and develop custom payloads to support testing engagements as necessary.
• Oversee the optimizing scan profiles in DAST and pentest frameworks to ensure comprehensive coverage of testing; review and validate findings these tools.
• Advise development resources on security threats and potential remediation and control adjustments to address the current threat landscape.
• Design and perform social engineering activities (e.g., phishing, USB drops) to assess organizational security posture.
• Provide tracking and remediation oversight for resolving security issues during all stages of the development process.
• Enhance enterprise security policies, procedures, and documentation.
• Deliver security awareness training and lead knowledge-sharing initiatives within the security team and broader organization.
• Create security-related metrics and increase security visibility across the organization by translating complex vulnerabilities into actionable business risks.

Employment Qualifications

• 5-7 years of related pentesting cybersecurity experience
• Bachelors degree or equivalent experience
• A minimum of 7+ years of experience in Information Technology
• A minimum of 5 years of experience in performing penetration tests
• Proven mastery with common penetration toolsets (i.e. Metasploit, Burp Suite, Kali Linux, etc.)
• Experience with Vulnerability Management platforms (i.e. Wiz, Qualys, Nessus, etc.)
• Expert-level knowledge of OWASP Top10 and the OWASP Web Security Testing Guide
• Demonstrated understanding of network and application protocols (e.g., TCP, UDP, SMB, HTTP, FTP)
• Knowledge of how software works and interacts at various layers
• Experience in conducting security assessments, source code reviews, and vulnerability analysis against web applications, thick clients, and network infrastructure.
• The ability to read and understand stack traces and source code call trees to verify issues reported by tooling is legitimate.
• Familiarity with malware analysis, reverse engineering, and binary exploitation is a plus.
• Excellent problem solving and analysis skills, including the ability to logically create structure and order from unstructured inputs
• Strong familiarity with Linux and Windows operating systems, cloud provider ecosystems like Azure and Amazon AWS, and containerization technologies like Docker and Kubernetes.
• Ability to develop and execute automated security testing workflows using Python, PowerShell, Bash, or similar scripting languages.
• Adherence to change management process.
• Great Communication Skills – you will be a Security ambassador to other teams, partnering to add security to their delivery pipelines.
• Experience in creating and delivering technical documentation and presentations to a variety of audiences, including technical teams and executive management.
• Ability to own and resolve problems.
• Must be inquisitive and demonstrate openness to innovation including AI to explore better processes and ways to alleviate friction and improve patient and client experiences.
• This is a remote position; however, candidates must be willing and able to travel to and work onsite at client, temporary, or corporate office locations as business needs require.

• This position pays between $111,800 - 167,700 based on experience 

This posting addresses s state specific requirements to provide pay transparency.  Compensation decisions consider many job-related factors, including but not limited to geographic location; knowledge; skills; relevant experience; education; licensure; internal equity; time in position.  A candidate entry rate of pay does not typically fall at the minimum or maximum of the role’s range.

#LI-MT1

#LI-Remote

­­­­

Join an award-winning company

Five-time winner of “Best in KLAS” 2020-2022, 2024-2025

Black Book Research's Top Revenue Cycle Management Outsourcing Solution 2021-2024

22 Healthcare Financial Management Association (HFMA) MAP Awards for High Performance in Revenue Cycle 2019-2024

Leader in Everest Group's RCM Operations PEAK Matrix Assessment 2024

Clarivate Healthcare Business Insights (HBI) Revenue Cycle Awards for strong performance 2020, 2022-2023

Energage Top Workplaces USA 2022-2024

Fortune Media Best Workplaces in Healthcare 2024

Monster Top Workplace for Remote Work 2024

Great Place to Work certified 2023-2024

• Innovation

• Work-Life Flexibility

• Leadership

• Purpose + Values

Bottom line, we believe in empowering people and giving them the tools and resources needed to thrive. A few of those include:

• Associate Benefits –  We offer a comprehensive benefits package designed to support the physical, emotional, and financial health of you and your family, including healthcare, time off, retirement, and well-being programs. 

• Our Culture – Ensemble is a place where associates can do their best work and be their best selves. We put people first, last and always. Our culture is rooted in collaboration, growth, and innovation.  

• Growth – We invest in your professional development. Each associate will earn a professional certification relevant to their field and can obtain tuition reimbursement. 

• Recognition – We offer quarterly and annual incentive programs for all employees who go beyond and keep raising the bar for themselves and the company. 

Ensemble is an equal employment opportunity employer. It is our policy not to discriminate against any applicant or employee based on race, color, sex, sexual orientation, gender, gender identity, religion, national origin, age, disability, military or veteran status, genetic information or any other basis protected by applicable federal, state, or local laws.  Ensemble also prohibits harassment of applicants or employees based on any of these protected categories.

Ensemble provides reasonable accommodations to qualified individuals with disabilities in accordance with the Americans with Disabilities Act and applicable state and local law. If you require accommodation in the application process, please contact [email protected].

This posting addresses state specific requirements to provide pay transparency.  Compensation decisions consider many job-related factors, including but not limited to geographic location; knowledge; skills; relevant experience; education; licensure; internal equity; time in position.  A candidate entry rate of pay does not typically fall at the minimum or maximum of the role’s range.

EEOC – Know Your Rights
FMLA Rights - English

La FMLA Español

E-Verify Participating Employer (English and Spanish)

Know your Rights