Manager, Cyber Threat Management - Pentesting
About The Position
Manages an application security penetration testing team, ensuring alignment with organizational policies, regulatory requirements, and secure development practices. Oversees the planning, execution, and documentation of application-focused security assessments, while coordinating with stakeholders to ensure timely remediation and reporting. Provides leadership in process development, compliance tracking, and audit readiness. Maintains awareness of emerging threats and regulatory changes to inform team priorities and improve testing governance. This hybrid role can be based in Charlotte, NC, Dallas, TX, or Malvern, PA (HQ) Leads, hires, and develops a team of application security penetration testers, setting clear performance expectations, providing coaching and feedback, and supporting career development in alignment with organizational goals and HR policies. Oversees the planning, scheduling, and reporting of application security assessments, ensuring testing activities are aligned with compliance requirements, internal policies, and secure development standards. Manages team workflows, tools, and documentation processes to ensure consistent execution of penetration testing activities and effective tracking of findings, remediation efforts, and audit readiness. Drives continuous improvement of testing governance, including the development and maintenance of standard operating procedures, metrics, and quality assurance practices. Monitors regulatory and industry developments related to application security and integrates relevant changes into team processes, ensuring ongoing compliance with applicable standards (e.g., PCI-DSS, SOX, ISO 27001). Coordinates with internal stakeholders, including development, risk, and compliance teams, to ensure timely communication of findings and alignment on remediation priorities. Supports enterprise-wide security initiatives and projects by representing the penetration testing function in cross-functional working groups and providing input on secure development practices. Participates in special projects and performs other duties as assigned, including support for audits, assessments, and executive reporting.
Requirements
- Minimum of five years of experience in application security or related field, with at least three years in a leadership or management role.
- Strong understanding of compliance frameworks and secure development lifecycle (SDLC) practices.
- Undergraduate degree in a related field or equivalent combination of education and experience required
- Strong understanding of Pentesting tools
Nice To Haves
- Experience managing or coordinating penetration testing or secure code review programs preferred.
- Graduate degree preferred.
- Industry certifications such as CISSP, CISM, or CRISC are a plus; must obtain CISSP within one year of hire.
Responsibilities
- Leads, hires, and develops a team of application security penetration testers
- Oversees the planning, scheduling, and reporting of application security assessments
- Manages team workflows, tools, and documentation processes
- Drives continuous improvement of testing governance
- Monitors regulatory and industry developments related to application security
- Coordinates with internal stakeholders
- Supports enterprise-wide security initiatives and projects
- Participates in special projects and performs other duties as assigned
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Manager
Industry
Funds, Trusts, and Other Financial Vehicles
Number of Employees
5,001-10,000 employees
