LexisNexis, a part of RELX, is a leading global provider of legal, regulatory, and business information. We help customers increase productivity and improve decision-making and outcomes. Our 10,500 experts and innovative tools help us shape a better world for our customers and communities.
Security Assurance Penetration Tester
Location
United States
Posted
22 hours ago
Salary
$71.6K - $143.3K / year
Seniority
Mid Level
Job Description
Security Assurance Penetration Tester
RELX
Role Description Are you a collaborative Penetration Tester looking to work for a mission-driven global organization? This role supports the offensive security function within Elsevier's Security Engineering team. You will perform hands-on security testing and peer review activities, validate vulnerabilities and security controls, and support the automation of security assurance processes. This is a hands-on role for a motivated security professional eager to grow in a collaborative, fast-paced environment. The Security Assurance team supports the third-party penetration testing program, security control validation, and ongoing offensive security testing activities. Responsibilities - Tracking and triaging findings from third-party assessments, ensuring timely follow-up and remediation tracking. - Collaborating with development, platform, and product teams to communicate findings, track remediation efforts, and improve overall security posture. - Facilitating post-assessment reviews and lessons learned sessions with development teams to identify recurring security issues and promote secure development practices. - Maintaining program documentation, test records, and reporting artifacts. - Conducting penetration testing of web applications, APIs, cloud environments, and internal systems, escalating complex testing scenarios as needed. - Performing peer review of penetration testing deliverables, including test plans, findings, and final reports. - Participating in scoping exercises and contributing to the selection of appropriate testing methodologies. - Supporting security assessments of GenAI-powered applications and features, including LLM integrations, RAG pipelines, and AI agents. - Assisting in testing for AI-specific vulnerabilities such as prompt injection, jailbreaking, insecure output handling, model data leakage, and training data poisoning. - Contributing to the development of internal GenAI security testing checklists and methodologies, aligned with frameworks such as OWASP Top 10 for LLMs. Qualifications - Experience in information security, penetration testing, or a related field. - Experience or coursework in software development, DevOps, or scripting is highly desirable. - At least one relevant security certification (e.g., Security+, eJPT, PNPT, CEH, or equivalent) preferred; advanced offensive security certifications such as OSCP are a plus. - Foundational understanding of web application architecture, networking, and operating system security. - Familiarity with common penetration testing tools (e.g., Burp Suite, Nmap, Metasploit, Nuclei, or equivalent). - Working knowledge of OWASP Top 10, common CVEs, and vulnerability scoring frameworks (CVSS). - Scripting ability in at least one language (Python, Bash, PowerShell, or similar); development experience is a strong plus. - Basic understanding of cloud environments (AWS, Azure, or GCP) and associated security considerations. - Exposure to SAST/DAST tools and secure code review practices is desirable. - Awareness of GenAI security risks (prompt injection, LLM abuse, insecure AI integrations). Benefits - National Base Pay Range: $71,600 - $119,400. Geographic differentials may apply in some locations to better reflect local market rates. - If performed in Colorado, the base pay range is $71,600 - $119,400. - If performed in New York, the base pay range is $78,700 - $131,400. - If performed in New York City, the base pay range is $85,900 - $143,300. - If performed in Rochester, NY, the base pay range is $71,600 - $119,400. - If performed in New Jersey, the base pay range is $84,546 - $135,054. - This job is eligible for an annual incentive bonus. Company Description Elsevier is a renowned global information analytics company that primarily focuses on providing scientific, technical, and medical (STM) research content, tools, and services. It is one of the largest publishers of academic journals and scholarly literature in the world. - Elsevier operates in various domains, including science, technology, medicine, social sciences, and more. - They publish a vast number of peer-reviewed journals covering a wide range of disciplines. - These journals act as platforms for researchers and academics to share their findings and contribute to the advancement of knowledge in their respective fields. - In addition to publishing, Elsevier offers a suite of digital solutions and services to support researchers, scientists, and professionals in their work. - They provide online platforms like ScienceDirect, Scopus, and Mendeley, which offer access to a vast repository of scholarly articles, research papers, and other scientific content.
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
Senior Security Engineer – Microsoft Purview
ResMedPioneering innovative medical device and digital health solutions that treat and keep people out of the hospital.
• Design, implement, and maintain Microsoft 365 security and compliance solutions • Safeguard sensitive data and manage access controls • Monitor compliance posture and produce actionable insights • Collaborate with IT, Legal, Risk, and Security teams • Participate in incident response and investigations • Maintain awareness of emerging Microsoft 365 compliance features
SAP Application Security Consultant
Accenture Federal ServicesWe believe in the power of change, harnessed in ways that matter for our country and communities.
• Perform role creation and maintenance for SAP Fiori and SAP S/4HANA • Create and manage SAP catalogs, pages, and spaces; resolve Fiori tile and launchpad errors • Support full security lifecycle implementations: preparation, blueprinting, build, testing, go‑live, hypercare, and operations • Manage SAP and supporting‑system users and authorization assignments • Troubleshoot authorization failures and analyze SAP Security tables, programs, and logging mechanisms • Collaborate with functional and technical teams to ensure role design meets business, audit, and compliance needs • Support SAP Security for ECC, S/4HANA, BW on HANA, and Fiori platforms • Assist with GRC access control processes, BRF+ rulesets, MSMP workflows, and SAC authorization alignment (preferred) • Participate in design reviews and provide recommendations to strengthen security architecture • Support greenfield S/4 implementations, including modern role‑building approaches and Fiori‑based access models
M&A Collaboration, Security Platforms Engineer
Kraken Digital Asset ExchangeWe put the power in your hands to buy, sell, and trade digital currency 🌏
• Drive collaboration-platform integration end-to-end for each acquisition • Assess acquired-company collaboration stacks during and after diligence • Rationalize overlapping tools across brands • Build repeatable playbooks, tooling, and automation for integration • Own Google Workspace, Slack, and Zoom across the brand portfolio • Manage email security infrastructure across brands • Lead legal hold management, eDiscovery queries, and data productions • Design and maintain DLP rules, group access controls, and data access policies
M&A Collaboration, Security Platforms Engineer
Kraken Digital Asset ExchangeWe put the power in your hands to buy, sell, and trade digital currency 🌏
• Drive collaboration-platform integration end-to-end for each acquisition • Assess acquired-company collaboration stacks during and after diligence • Rationalize overlapping tools across brands • Build repeatable playbooks, tooling, and automation • Coordinate cutover timelines and TSA-driven dependencies • Own Google Workspace, Slack, and Zoom at multi-entity enterprise scale • Build and maintain integrations between collaboration tools and the broader identity and security stack • Define and enforce cross-brand platform governance standards • Collaborate with HRIS and IAM teams to manage clean onboarding and offboarding • Own email security infrastructure across brands • Manage a large, multi-registrar, multi-brand domain portfolio • Respond to phishing campaigns, insider threat signals, and anomalous domain activity • Lead legal hold management, eDiscovery queries, and data productions • Produce and defend evidence for regulatory and audit obligations • Design and maintain DLP rules, group access controls, and data access policies • Evaluate, onboard, consolidate, and sunset SaaS tools across the collaboration and security stack


