Manager, Penetration Testing

About The Position

Requirements

• Bachelor's Degree Computer Science, Information Security, or a related field; or, equivalent experience required required
• 7+ years Penetration testing or related experience required
• 3+ years Management or leadership experience with a proven record for developing high-performance teams required
• Strong understanding of network protocols, web application security, and operating systems required

Nice To Haves

• Master's Degree preferred
• Experience in a large enterprise or Fortune 500 company preferred
• Proficiency in penetration testing tools (e.g., Metasploit, Burp Suite, Nessus) and methodologies.
• CISSP, CEH, OSCP, GIAC GPEN, or other related certification preferred

Responsibilities

• Leads the internal Penetration testing team, reporting through Governance, Risk, and Compliance (GRC).
• Oversees all aspects of offensive security testing conducted by internal testers to identify, assess, and remediate vulnerabilities across enterprise systems, applications, and infrastructure.
• Ensures alignment with organizational security policies, regulatory requirements, and industry best practices.
• Oversees a team of compliance penetration testers, providing guidance, mentorship, and performance evaluations.
• Ensure the team delivers high-quality, comprehensive security assessments to stakeholders and leadership.
• Conducts and manages internal, externa, web application and application programming interface (API) penetration tests, vulnerability assessments, and security audits on our systems, networks, and applications.
• Identifies and evaluates security risks, providing prioritized recommendations for mitigation.
• Collaborates with BTS and other departments to monitor effective security controls.
• Develops and executes a comprehensive penetration testing strategy aligned with the company's overall security objectives and regulatory requirements.
• Creates detailed reports and presentations on findings, remediation plans, and progress for senior management and other stakeholders.
• Works closely with the GRC team and other information technology, development and security professionals to enhance the overall security posture of the organization.
• Ensures all penetration testing activities comply with industry standards, best practices, and regulatory requirements.
• Stays current with emerging threats, vulnerabilities, and technologies to continuously improve the effectiveness of penetration testing practices.
• Possess strong problem-solving skills and the ability to analyze complex security issues.
• Excellent verbal and written communication skills.
• Ability to convey complex technical information to non-technical stakeholders.
• Performs other duties as assigned.
• Complies with all policies and standards.

Benefits

• competitive pay
• health insurance
• 401K and stock purchase plans
• tuition reimbursement
• paid time off plus holidays
• a flexible approach to work with remote, hybrid, field or office work schedules