Lead Engineer, Penetration Tester

The pay range is $128,000.00 - $231,000.00

Pay is based on several factors which vary based on position. These include labor markets and in some instances may include education, work experience and certifications. In addition to your pay, Target cares about and invests in you as a team member, so that you can take care of yourself and your family. Target offers eligible team members and their dependents comprehensive health benefits and programs, which may include medical, vision, dental, life insurance and more, to help you and your family take care of your whole selves. Other benefits for eligible team members include 401(k), employee discount, short term disability, long term disability, paid sick leave, paid national holidays, and paid vacation. Find competitive benefits from financial and education to well-being and beyond at https://corporate.target.com/careers/benefits.

LEAD ENGINEER, PENETRATION TESTER

About us:

Target is an iconic brand, a Fortune 50 company and one of America’s leading retailers.

Target as a tech company? Absolutely. We’re the behind-the-scenes powerhouse that fuels Target’s passion and commitment to cutting-edge innovation. We anchor every facet of one of the world’s best-loved retailers with a strong technology framework that relies on the latest tools and technologies—and the brightest people—to deliver incredible value to guests online and in stores. Target Technology Services is on a mission to offer the systems, tools and support that guests and team members need and deserve. Our high-performing teams balance independence with collaboration, and we pride ourselves on being versatile, agile and creative. We drive industry-leading technologies in support of every angle of the business, and help ensure that Target operates smoothly, securely and reliably from the inside out.

As a Lead Engineer, Penetration Tester on Target’s Security Testing Services team, you will play a critical role in protecting our guests and brand. You’ll leverage your deep understanding of Target’s environment, strong partnerships, and relentless curiosity to deliver industry-leading penetration testing at scale.  Our team values collaboration, respect, adaptability, and purpose. We conduct comprehensive assessments of key Target business functions and processes, including PCI-required testing. You’ll collaborate directly with business teams across Target, gaining first-hand insight into how our systems and operations work together.

Use your skills, experience, and talents to help us achieve visionary goals. As a Lead Engineer, you will:

• Lead and perform penetration tests across Target-developed and third-party applications, including web, API, mobile, hardware, and scoped PCI assets
• Manage the full lifecycle of penetration testing from intake and scoping through discovery, testing, and validation of findings
• Identify, validate, and communicate security vulnerabilities across enterprise systems
• Deliver clear, actionable reports that articulate business impact and remediation guidance
• Partner with Target Tech and Security teams to explain findings, resolve issues, and improve overall security posture
• Mentor and coach team members to strengthen collective technical expertise
• Review and triage submissions from the Bug Bounty program; escalate critical findings to appropriate teams and help drive remediation
• Contribute to threat modeling activities, providing expert insights to identify and prioritize threats
• Provide technical oversight and assist in resolving complex security challenges
• Advocate for continuous improvement of penetration testing tools, processes, and automation
• Participate in on-call rotation for operational and bug bounty support

About You

• Bachelor’s degree in Computer Science, Cybersecurity, or related field—or equivalent experience
• 7+ years of experience in cybersecurity, including at least 5 years focused on penetration testing or red team operations
• Strong expertise in penetration testing methodologies and web application security
• Advanced knowledge of application development, networking, and systems architecture
• Proficient with Burp Suite and other key security tools (e.g., Nmap, Nuclei, Metasploit, etc.)
• Skilled in scripting and automation using languages such as Python or Go
• Comfortable working across Mac, Windows, and Linux environments
• Strong communicator with the ability to translate complex security issues for technical and non-technical audiences
• Excellent time management and prioritization skills with the ability to meet deadlines
• Proven ability to foster collaboration, drive alignment within cross-functional teams, and demonstrate a solid understanding of how your work impacts the team and guests
• Passionate about mentorship, learning, and continuous improvement
• Demonstrated ability to stay current with evolving security threats and testing techniques
• Preferred Certifications: OSCP, OSCE, OSWE, or CISSP

Core responsibilities of this job are described within this job description.  Job duties may change at any time due to business needs.

This position will operate as a Hybrid/Flex for Your Day work arrangement based on Target’s needs. A Hybrid/Flex for Your Day work arrangement means the team member’s core role will need to be performed both onsite at the Target HQ MN location the role is assigned to and virtually, depending upon what your role, team and tasks require for that day. Work duties cannot be performed outside of the country of the primary work location, unless otherwise prescribed by Target. Click here if you are curious to learn more about Minnesota.

Benefits Eligibility

Please paste this url into your preferred browser to learn about benefits eligibility for this role: https://tgt.biz/BenefitsForYou_E

Americans with Disabilities Act (ADA)

In compliance with state and federal laws, Target will make reasonable accommodations for applicants with disabilities. If a reasonable accommodation is needed to participate in the job application or interview process, please reach out to [email protected]. Non-accommodation-related requests, such as application follow-ups or technical issues, will not be addressed through this channel.