Lead - Penetration Tester

2 weeks ago Be among the first 25 applicants

Summary

You will be responsible for managing a team of penetration testers, designing and executing complex security assessments, and ensuring the security posture of critical systems and applications across our organization. You will also serve as a subject matter expert in identifying vulnerabilities, providing remediation strategies, and developing threat modeling.

Key Responsibilities

• Set the direction and scope of internal and external penetration testing engagements.
• Develop, refine, and maintain the organization's penetration testing methodology.
• Align red team activities with business objectives, risk priorities, and threat intelligence.
• Lead, mentor, and coach a team of penetration testers, red teamers, and offensive security analysts.
• Conduct regular 1-on-1s, career development planning, and performance evaluations.
• Build a collaborative and high-performing team culture with continuous skills development.
• Oversee project timelines, resource allocation, and task delegation.
• Ensure timely delivery of assessments and reporting within defined SLAs.
• Manage team workflows using Agile or structured project management frameworks.
• Review and approve penetration testing reports for clarity, accuracy, and risk relevance.
• Ensure all tests are conducted ethically, legally, and in line with organizational policy.
• Maintain consistency in reporting formats, severity ratings, and risk classifications.
• Provide hands‑on support in complex testing scenarios (e.g., privilege escalation, advanced persistence).
• Serve as the go‑to expert in bypassing modern defenses (EDR, WAF, MFA, etc.).
• Troubleshoot and advise during real‑time engagements or red / purple team exercises.
• Stay current with threat trends, TTPs (MITRE ATT&CK), and industry frameworks (OWASP, PTES, NIST).
• Recommend new tools, scripts, and techniques to keep the team ahead of emerging threats.
• Introduce automation, playbooks, and reusable exploits to improve testing efficiency.
• Develop internal training modules, labs, and tabletop exercises.
• Support certifications and knowledge-sharing within the team (e.g., OSCP, OSCE, CRTO).
• Organize internal red team simulations, capture‑the‑flag (CTF) challenges, or lab walkthroughs.
• Present technical findings and risk assessments clearly to non‑technical stakeholders.
• Interface with IT, development, SOC, and compliance teams to coordinate remediation efforts.
• Participate in executive briefings or incident response drills where red team input is required.
• Ensure testing procedures align with regulatory frameworks (ISO 27001, PCI-DSS, NIST).
• Maintain documentation for all tools, payloads, testing infrastructure, and evidence handling.
• Establish safe testing protocols to avoid disruption or unintentional damage during engagements.

Seniority level : Not Applicable

Employment type : Full‑time

Job function : Information Technology

Industries : IT Services and IT Consulting

#J-18808-Ljbffr