Infrastructure Security Practice Manager

About The Position

Requirements

• 10-15 years of experience within network/infrastructure security, adversary emulation, and/or penetration testing, with progressive leadership experience.
• Demonstrated experience managing or leading a technical consulting team.
• Strong familiarity with offensive toolkits and methodologies used for in-network/infrastructure penetration testing and adversary emulation (e.g., C2 frameworks, AD attack paths, network pivoting, defense evasion).
• A solid understanding of both offensive and defensive security IT concepts, including common enterprise architectures and controls.
• Experience scoping and delivering consulting engagements in a client-facing environment.
• Experience with practice or business unit financial management (revenue targets, utilization, budgeting) preferred.
• Strong written and verbal communication skills, with experience producing and presenting executive-level deliverables.
• OSCP, OSEP, CRTO, or equivalent offensive certifications preferred; CISSP or similar management-level certifications a plus.
• Up to 25-30% of travel.
• Willingness to travel up to 25–30%.

Responsibilities

• Lead and manage a team of ~10 consultants delivering network and infrastructure penetration testing, red and purple team engagements, wireless and social engineering assessments, vulnerability assessments, and high-level web application testing.
• Lead engagements end-to-end, from scoping and kickoff through execution, reporting, and remediation support.
• Develop comprehensive and accurate reports and presentations tailored to both technical and executive audiences.
• Work closely with sales and project management to scope prospective engagements, manage client relationships, perform pre-sales scoping, and identify opportunities for follow-on work.
• Build and maintain trusted, impactful client relationships, serving as a senior point of contact for Infrastructure Security matters.
• Manage, mentor, and develop team members, providing technical guidance and career growth support.
• Own practice-level financial performance, including revenue forecasting and targets, P&L oversight, and utilization management for the team.
• Develop and manage the annual practice budget, including headcount planning, tooling investments, and lab infrastructure.
• Recognize and safely utilize attacker tools, tactics, and procedures.
• Develop and refine scripts, tools, and methodologies – aligned with frameworks such as MITRE ATT&CK to improve team efficiency and testing quality and enhance team processes.
• Assist with scoping prospective engagements, leading engagements from kickoff through remediation, and mentoring less experienced staff.
• Assess, monitor, and recommend improvements to our client’s security architecture.
• Reviews audits and evaluates security solutions and designs.
• Proactively identify technical and architectural risks in client environments, providing actionable recommendations and alternatives, commenting and/or providing alternatives for improvement.
• Represent the practice externally through thought leadership activities such as conference presentations, blog posts, published research, or open-source tool contributions.
• Evaluate and manage third-party vendor relationships, including offensive software tooling and software platforms.

Benefits

• 401(k)
• AD&D Insurance
• Dental Insurance
• Disability insurance
• Health insurance
• Life insurance
• Vision insurance
• Flex PTO program
• Paid certification and continuing education